TR/Crypt.XPACK.Gen2
 

Hi
Ich habe mir gestern Abend beim Surfen oben genannten Trojaner eingefangen.
Es öffnete sich eine der gefälschten Scan-Software (System repair o.ä., kann mich nicht genau erinnern, da es nur kurz sichtbar war) mit den zugehörigen Fehlermeldungen. Kurz darauf startete der PC neu. Die verschwundenen Ordner habe ich wieder zurückgeholt.
Im Moment habe ich keine Probleme mehr.

Die Meldung des Avira Guards:

Die Datei 'C:\Users\***\AppData\Local\Temp\~!#879.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48a2312f.qua' verschoben!


Der Vollscan von Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8093

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.11.2011 23:56:35
mbam-log-2011-11-05 (23-56-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 379073
Laufzeit: 58 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\Temp\p5tm1qbi6dss92.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\LocalLow\Sun\Java\deployment\cache\6.0\38\7c8cd466-728d0d26 (Trojan.Inject.adb) -> Quarantined and deleted successfully.



Wie sollte ich nun weiter vorgehen?

OTL Logfile:
--- --- ---

Sorry, habe die Anweisungen nicht korrekt befolgt. Also nochmal...

Allerdings bekomme ich Extras.txt nicht.



OTL Logfile:
--- --- ---

Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=24469f042278fa45bb7f01959d6141bb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-09 10:58:47
# local_time=2011-11-09 11:58:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 100 294864 95765575 341456 0
# compatibility_mode=5893 16776573 100 94 9104751 73278282 0 0
# compatibility_mode=8192 67108863 100 0 40897 40897 0 0
# scanned=222142
# found=3
# cleaned=0
# scan_time=6915
C:\Users\johannes\AppData\Local\Temp\8880.tmp a variant of Win32/Kryptik.VAW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\johannes\AppData\Local\Temp\~!#8325.tmp a variant of Win32/Kryptik.UZE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\johannes\Downloads\SoftonicDownloader38341.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

Bitte nicht falsch verstehen, aber irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?

Habe da nichts bewusst runtergeladen bzw. weiß nicht mehr, dass ich bei Softonic etwas geladen habe. Werde das in Zukunft beachten.
Wie soll ich jetzt weiter vorgehen?

Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:
--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://www.ixquick.com/deu/" removed from browser.startup.homepage
Prefs.js: toolbar@ask.com:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-25-May-2011-20-32-55-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-16-Jun-2010-16-38-36-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-31-May-2011-15-17-15-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-29-Mar-2011-20-07-06-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-05-27-56-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-06-Sep-2011-15-34-22-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-13-Jan-2011-20-43-27-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-31-Jul-2011-11-47-43-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-27-Jun-2010-07-48-39-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-17-Oct-2010-08-12-27-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-22-Jan-2011-12-30-19-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-19-Apr-2010-16-05-12-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-23-Sep-2011-16-34-09-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Jun-2010-18-26-19-GMT folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\pk5v0r9a.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\johannes\AppData\Roaming\Mozilla\Firefox\Profiles\pk5v0r9a.default\searchplugins\ecosia.xml moved successfully.
C:\Users\johannes\AppData\Roaming\Mozilla\Firefox\Profiles\pk5v0r9a.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\johannes\AppData\Roaming\Mozilla\Firefox\Profiles\pk5v0r9a.default\searchplugins\startsear.xml moved successfully.
C:\Users\johannes\AppData\Roaming\Mozilla\Firefox\Profiles\pk5v0r9a.default\searchplugins\web-search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
C:\Program Files (x86)\Winamp\winampa.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\johannes\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Franz

User: johannes
->Temp folder emptied: 518944778 bytes
->Temporary Internet Files folder emptied: 108128375 bytes
->Java cache emptied: 23971890 bytes
->FireFox cache emptied: 42499769 bytes
->Flash cache emptied: 127766 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49856344 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 709,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11112011_170513

Files\Folders moved on Reboot...
C:\Users\johannes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

21:12:35.0257 1104 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
21:12:35.0914 1104 ============================================================
21:12:35.0914 1104 Current date / time: 2011/11/11 21:12:35.0914
21:12:35.0914 1104 SystemInfo:
21:12:35.0914 1104
21:12:35.0914 1104 OS Version: 6.1.7600 ServicePack: 0.0
21:12:35.0914 1104 Product type: Workstation
21:12:35.0914 1104 ComputerName: JOHANNES-PC
21:12:35.0915 1104 UserName: johannes
21:12:35.0915 1104 Windows directory: C:\Windows
21:12:35.0915 1104 System windows directory: C:\Windows
21:12:35.0915 1104 Running under WOW64
21:12:35.0915 1104 Processor architecture: Intel x64
21:12:35.0915 1104 Number of processors: 2
21:12:35.0915 1104 Page size: 0x1000
21:12:35.0915 1104 Boot type: Normal boot
21:12:35.0915 1104 ============================================================
21:12:36.0415 1104 Initialize success
21:13:30.0901 4572 ============================================================
21:13:30.0901 4572 Scan started
21:13:30.0901 4572 Mode: Manual; SigCheck; TDLFS;
21:13:30.0901 4572 ============================================================
21:13:31.0277 4572 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:13:31.0383 4572 1394ohci - ok
21:13:31.0567 4572 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:13:31.0595 4572 ACPI - ok
21:13:31.0728 4572 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:13:31.0820 4572 AcpiPmi - ok
21:13:31.0984 4572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:13:32.0014 4572 adp94xx - ok
21:13:32.0136 4572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:13:32.0163 4572 adpahci - ok
21:13:32.0295 4572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:13:32.0317 4572 adpu320 - ok
21:13:32.0497 4572 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:13:32.0585 4572 AFD - ok
21:13:32.0712 4572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:13:32.0730 4572 agp440 - ok
21:13:32.0891 4572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:13:32.0909 4572 aliide - ok
21:13:33.0046 4572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:13:33.0063 4572 amdide - ok
21:13:33.0208 4572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:13:33.0260 4572 AmdK8 - ok
21:13:33.0371 4572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:13:33.0443 4572 AmdPPM - ok
21:13:33.0559 4572 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
21:13:33.0578 4572 amdsata - ok
21:13:33.0708 4572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:13:33.0730 4572 amdsbs - ok
21:13:33.0861 4572 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
21:13:33.0878 4572 amdxata - ok
21:13:34.0039 4572 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:13:34.0114 4572 ApfiltrService - ok
21:13:34.0251 4572 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:13:34.0354 4572 AppID - ok
21:13:34.0511 4572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:13:34.0530 4572 arc - ok
21:13:34.0660 4572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:13:34.0679 4572 arcsas - ok
21:13:34.0800 4572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:13:34.0901 4572 AsyncMac - ok
21:13:35.0007 4572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:13:35.0025 4572 atapi - ok
21:13:35.0281 4572 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
21:13:35.0697 4572 atikmdag - ok
21:13:35.0838 4572 atksgt (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
21:13:35.0881 4572 atksgt ( UnsignedFile.Multi.Generic ) - warning
21:13:35.0881 4572 atksgt - detected UnsignedFile.Multi.Generic (1)
21:13:36.0017 4572 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:13:36.0038 4572 avgntflt - ok
21:13:36.0199 4572 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
21:13:36.0222 4572 avipbb - ok
21:13:36.0374 4572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:13:36.0444 4572 b06bdrv - ok
21:13:36.0573 4572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:13:36.0625 4572 b57nd60a - ok
21:13:36.0736 4572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:13:36.0819 4572 Beep - ok
21:13:36.0948 4572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:13:36.0997 4572 blbdrive - ok
21:13:37.0185 4572 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:13:37.0266 4572 bowser - ok
21:13:37.0399 4572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:13:37.0455 4572 BrFiltLo - ok
21:13:37.0571 4572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:13:37.0617 4572 BrFiltUp - ok
21:13:37.0732 4572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:13:37.0804 4572 Brserid - ok
21:13:37.0891 4572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:13:37.0940 4572 BrSerWdm - ok
21:13:38.0071 4572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:13:38.0114 4572 BrUsbMdm - ok
21:13:38.0221 4572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:13:38.0262 4572 BrUsbSer - ok
21:13:38.0386 4572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:13:38.0443 4572 BTHMODEM - ok
21:13:38.0565 4572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:13:38.0649 4572 cdfs - ok
21:13:38.0766 4572 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:13:38.0823 4572 cdrom - ok
21:13:38.0962 4572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:13:39.0011 4572 circlass - ok
21:13:39.0124 4572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:13:39.0152 4572 CLFS - ok
21:13:39.0275 4572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:13:39.0330 4572 CmBatt - ok
21:13:39.0430 4572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:13:39.0449 4572 cmdide - ok
21:13:39.0487 4572 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:13:39.0550 4572 CNG - ok
21:13:39.0686 4572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:13:39.0906 4572 Compbatt - ok
21:13:39.0993 4572 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:13:40.0048 4572 CompositeBus - ok
21:13:40.0178 4572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:13:40.0306 4572 crcdisk - ok
21:13:40.0535 4572 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
21:13:40.0548 4572 CVirtA - ok
21:13:40.0739 4572 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
21:13:40.0884 4572 CVPNDRVA - ok
21:13:41.0095 4572 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:13:41.0304 4572 DfsC - ok
21:13:41.0426 4572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:13:41.0712 4572 discache - ok
21:13:41.0884 4572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:13:42.0081 4572 Disk - ok
21:13:42.0239 4572 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
21:13:42.0269 4572 DNE - ok
21:13:42.0513 4572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:13:42.0559 4572 drmkaud - ok
21:13:42.0685 4572 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:13:42.0740 4572 DXGKrnl - ok
21:13:42.0916 4572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:13:43.0030 4572 ebdrv - ok
21:13:43.0165 4572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:13:43.0197 4572 elxstor - ok
21:13:43.0289 4572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:13:43.0338 4572 ErrDev - ok
21:13:43.0477 4572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:13:43.0563 4572 exfat - ok
21:13:43.0666 4572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:13:43.0766 4572 fastfat - ok
21:13:43.0889 4572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:13:43.0934 4572 fdc - ok
21:13:44.0055 4572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:13:44.0073 4572 FileInfo - ok
21:13:44.0159 4572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:13:44.0230 4572 Filetrace - ok
21:13:44.0373 4572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:13:44.0394 4572 flpydisk - ok
21:13:44.0522 4572 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:13:44.0558 4572 FltMgr - ok
21:13:44.0656 4572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:13:44.0674 4572 FsDepends - ok
21:13:44.0760 4572 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:13:44.0783 4572 Fs_Rec - ok
21:13:44.0915 4572 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:13:44.0943 4572 fvevol - ok
21:13:45.0072 4572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:13:45.0090 4572 gagp30kx - ok
21:13:45.0126 4572 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:13:45.0143 4572 GEARAspiWDM - ok
21:13:45.0293 4572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:13:45.0368 4572 hcw85cir - ok
21:13:45.0492 4572 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:13:45.0546 4572 HDAudBus - ok
21:13:45.0662 4572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:13:45.0707 4572 HidBatt - ok
21:13:45.0813 4572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:13:45.0865 4572 HidBth - ok
21:13:45.0971 4572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:13:46.0021 4572 HidIr - ok
21:13:46.0193 4572 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:13:46.0242 4572 HidUsb - ok
21:13:46.0369 4572 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:13:46.0388 4572 HpSAMD - ok
21:13:46.0529 4572 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:13:46.0605 4572 HTTP - ok
21:13:46.0695 4572 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:13:46.0712 4572 hwpolicy - ok
21:13:46.0846 4572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:13:46.0876 4572 i8042prt - ok
21:13:46.0977 4572 iaStor (0b6c9c8f2e00e8b61c8379e62a9f921b) C:\Windows\system32\DRIVERS\iaStor.sys
21:13:46.0999 4572 iaStor - ok
21:13:47.0135 4572 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
21:13:47.0163 4572 iaStorV - ok
21:13:47.0298 4572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:13:47.0316 4572 iirsp - ok
21:13:47.0420 4572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:13:47.0438 4572 intelide - ok
21:13:47.0542 4572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:13:47.0587 4572 intelppm - ok
21:13:47.0693 4572 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:13:47.0743 4572 IpFilterDriver - ok
21:13:47.0767 4572 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:13:47.0780 4572 IPMIDRV - ok
21:13:47.0889 4572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:13:47.0975 4572 IPNAT - ok
21:13:48.0114 4572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:13:48.0178 4572 IRENUM - ok
21:13:48.0278 4572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:13:48.0295 4572 isapnp - ok
21:13:48.0406 4572 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:13:48.0427 4572 iScsiPrt - ok
21:13:48.0559 4572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:13:48.0583 4572 kbdclass - ok
21:13:48.0704 4572 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:13:48.0751 4572 kbdhid - ok
21:13:48.0859 4572 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:13:48.0878 4572 KSecDD - ok
21:13:48.0972 4572 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:13:48.0992 4572 KSecPkg - ok
21:13:49.0123 4572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:13:49.0207 4572 ksthunk - ok
21:13:49.0365 4572 lirsgt (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
21:13:49.0396 4572 lirsgt ( UnsignedFile.Multi.Generic ) - warning
21:13:49.0396 4572 lirsgt - detected UnsignedFile.Multi.Generic (1)
21:13:49.0512 4572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:13:49.0604 4572 lltdio - ok
21:13:49.0739 4572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:13:49.0759 4572 LSI_FC - ok
21:13:49.0893 4572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:13:49.0912 4572 LSI_SAS - ok
21:13:50.0040 4572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:13:50.0058 4572 LSI_SAS2 - ok
21:13:50.0188 4572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:13:50.0207 4572 LSI_SCSI - ok
21:13:50.0347 4572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:13:50.0436 4572 luafv - ok
21:13:50.0598 4572 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
21:13:50.0615 4572 MBAMProtector - ok
21:13:50.0771 4572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:13:50.0789 4572 megasas - ok
21:13:50.0882 4572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:13:50.0906 4572 MegaSR - ok
21:13:51.0001 4572 mfeavfk (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys
21:13:51.0015 4572 mfeavfk - ok
21:13:51.0112 4572 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
21:13:51.0124 4572 mfebopk - ok
21:13:51.0225 4572 mfehidk (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys
21:13:51.0256 4572 mfehidk - ok
21:13:51.0351 4572 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
21:13:51.0363 4572 mferkdk - ok
21:13:51.0450 4572 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
21:13:51.0462 4572 mfesmfk - ok
21:13:51.0588 4572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:13:51.0665 4572 Modem - ok
21:13:51.0774 4572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:13:51.0830 4572 monitor - ok
21:13:51.0936 4572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:13:51.0960 4572 mouclass - ok
21:13:52.0092 4572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:13:52.0117 4572 mouhid - ok
21:13:52.0208 4572 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:13:52.0227 4572 mountmgr - ok
21:13:52.0325 4572 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:13:52.0345 4572 mpio - ok
21:13:52.0448 4572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:13:52.0534 4572 mpsdrv - ok
21:13:52.0652 4572 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:13:52.0702 4572 MRxDAV - ok
21:13:52.0810 4572 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:13:52.0852 4572 mrxsmb - ok
21:13:52.0949 4572 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:13:53.0009 4572 mrxsmb10 - ok
21:13:53.0131 4572 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:13:53.0189 4572 mrxsmb20 - ok
21:13:53.0297 4572 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:13:53.0314 4572 msahci - ok
21:13:53.0410 4572 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:13:53.0429 4572 msdsm - ok
21:13:53.0534 4572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:13:53.0589 4572 Msfs - ok
21:13:53.0687 4572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:13:53.0779 4572 mshidkmdf - ok
21:13:53.0893 4572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:13:53.0910 4572 msisadrv - ok
21:13:54.0062 4572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:13:54.0148 4572 MSKSSRV - ok
21:13:54.0268 4572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:13:54.0364 4572 MSPCLOCK - ok
21:13:54.0478 4572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:13:54.0569 4572 MSPQM - ok
21:13:54.0683 4572 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:13:54.0709 4572 MsRPC - ok
21:13:54.0807 4572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:13:54.0830 4572 mssmbios - ok
21:13:54.0965 4572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:13:55.0049 4572 MSTEE - ok
21:13:55.0157 4572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:13:55.0195 4572 MTConfig - ok
21:13:55.0319 4572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:13:55.0338 4572 Mup - ok
21:13:55.0490 4572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:13:55.0554 4572 NativeWifiP - ok
21:13:55.0702 4572 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:13:55.0748 4572 NDIS - ok
21:13:55.0882 4572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:13:55.0961 4572 NdisCap - ok
21:13:56.0089 4572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:13:56.0162 4572 NdisTapi - ok
21:13:56.0298 4572 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:13:56.0378 4572 Ndisuio - ok
21:13:56.0495 4572 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:13:56.0598 4572 NdisWan - ok
21:13:56.0699 4572 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:13:56.0763 4572 NDProxy - ok
21:13:56.0888 4572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:13:56.0984 4572 NetBIOS - ok
21:13:57.0102 4572 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:13:57.0183 4572 NetBT - ok
21:13:57.0454 4572 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:13:57.0665 4572 netw5v64 - ok
21:13:57.0810 4572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:13:57.0830 4572 nfrd960 - ok
21:13:57.0963 4572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:13:58.0034 4572 Npfs - ok
21:13:58.0139 4572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:13:58.0235 4572 nsiproxy - ok
21:13:58.0374 4572 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
21:13:58.0438 4572 Ntfs - ok
21:13:58.0536 4572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:13:58.0630 4572 Null - ok
21:13:58.0764 4572 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
21:13:58.0784 4572 nvraid - ok
21:13:58.0919 4572 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
21:13:58.0939 4572 nvstor - ok
21:13:59.0073 4572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:13:59.0093 4572 nv_agp - ok
21:13:59.0189 4572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:13:59.0212 4572 ohci1394 - ok
21:13:59.0317 4572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:13:59.0339 4572 Parport - ok
21:13:59.0437 4572 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:13:59.0455 4572 partmgr - ok
21:13:59.0563 4572 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:13:59.0585 4572 pci - ok
21:13:59.0680 4572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:13:59.0697 4572 pciide - ok
21:13:59.0798 4572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:13:59.0821 4572 pcmcia - ok
21:13:59.0908 4572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:13:59.0926 4572 pcw - ok
21:14:00.0038 4572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:14:00.0125 4572 PEAUTH - ok
21:14:00.0268 4572 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:14:00.0353 4572 PptpMiniport - ok
21:14:00.0442 4572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:14:00.0490 4572 Processor - ok
21:14:00.0627 4572 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:14:00.0725 4572 Psched - ok
21:14:00.0830 4572 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:14:00.0844 4572 PxHlpa64 - ok
21:14:01.0023 4572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:14:01.0084 4572 ql2300 - ok
21:14:01.0212 4572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:14:01.0232 4572 ql40xx - ok
21:14:01.0337 4572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:14:01.0392 4572 QWAVEdrv - ok
21:14:01.0505 4572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:14:01.0573 4572 RasAcd - ok
21:14:01.0702 4572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:14:01.0798 4572 RasAgileVpn - ok
21:14:01.0929 4572 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:14:02.0020 4572 Rasl2tp - ok
21:14:02.0132 4572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:14:02.0225 4572 RasPppoe - ok
21:14:02.0351 4572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:14:02.0439 4572 RasSstp - ok
21:14:02.0556 4572 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:14:02.0650 4572 rdbss - ok
21:14:02.0762 4572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:14:02.0814 4572 rdpbus - ok
21:14:02.0921 4572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:14:03.0026 4572 RDPCDD - ok
21:14:03.0146 4572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:14:03.0221 4572 RDPENCDD - ok
21:14:03.0338 4572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:14:03.0401 4572 RDPREFMP - ok
21:14:03.0509 4572 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:14:03.0599 4572 RDPWD - ok
21:14:03.0715 4572 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:14:03.0740 4572 rdyboost - ok
21:14:03.0896 4572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:14:03.0992 4572 rspndr - ok
21:14:04.0114 4572 RTSTOR (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
21:14:04.0146 4572 RTSTOR - ok
21:14:04.0248 4572 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:14:04.0267 4572 sbp2port - ok
21:14:04.0370 4572 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:14:04.0459 4572 scfilter - ok
21:14:04.0597 4572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:14:04.0656 4572 secdrv - ok
21:14:04.0792 4572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:14:04.0812 4572 Serenum - ok
21:14:04.0949 4572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:14:04.0999 4572 Serial - ok
21:14:05.0118 4572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:14:05.0159 4572 sermouse - ok
21:14:05.0283 4572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:14:05.0331 4572 sffdisk - ok
21:14:05.0438 4572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:14:05.0493 4572 sffp_mmc - ok
21:14:05.0608 4572 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:14:05.0674 4572 sffp_sd - ok
21:14:05.0784 4572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:14:05.0834 4572 sfloppy - ok
21:14:05.0964 4572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:14:05.0982 4572 SiSRaid2 - ok
21:14:06.0083 4572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:14:06.0102 4572 SiSRaid4 - ok
21:14:06.0238 4572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:14:06.0310 4572 Smb - ok
21:14:06.0438 4572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:14:06.0457 4572 spldr - ok
21:14:06.0610 4572 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:14:06.0696 4572 srv - ok
21:14:06.0788 4572 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:14:06.0851 4572 srv2 - ok
21:14:06.0957 4572 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:14:07.0015 4572 srvnet - ok
21:14:07.0170 4572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:14:07.0188 4572 stexstor - ok
21:14:07.0340 4572 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
21:14:07.0421 4572 STHDA - ok
21:14:07.0558 4572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:14:07.0580 4572 swenum - ok
21:14:07.0774 4572 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
21:14:07.0837 4572 Tcpip - ok
21:14:07.0996 4572 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
21:14:08.0050 4572 TCPIP6 - ok
21:14:08.0143 4572 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:14:08.0237 4572 tcpipreg - ok
21:14:08.0364 4572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:14:08.0442 4572 TDPIPE - ok
21:14:08.0543 4572 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:14:08.0593 4572 TDTCP - ok
21:14:08.0727 4572 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:14:08.0823 4572 tdx - ok
21:14:08.0934 4572 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:14:08.0959 4572 TermDD - ok
21:14:09.0111 4572 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:14:09.0188 4572 tssecsrv - ok
21:14:09.0330 4572 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:14:09.0416 4572 tunnel - ok
21:14:09.0522 4572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:14:09.0540 4572 uagp35 - ok
21:14:09.0646 4572 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:14:09.0702 4572 udfs - ok
21:14:09.0834 4572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:14:09.0852 4572 uliagpkx - ok
21:14:09.0948 4572 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:14:09.0999 4572 umbus - ok
21:14:10.0120 4572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:14:10.0141 4572 UmPass - ok
21:14:10.0278 4572 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
21:14:10.0343 4572 USBAAPL64 - ok
21:14:10.0451 4572 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:14:10.0493 4572 usbccgp - ok
21:14:10.0627 4572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:14:10.0688 4572 usbcir - ok
21:14:10.0802 4572 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
21:14:10.0853 4572 usbehci - ok
21:14:10.0982 4572 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
21:14:11.0021 4572 usbhub - ok
21:14:11.0121 4572 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:14:11.0142 4572 usbohci - ok
21:14:11.0274 4572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:14:11.0320 4572 usbprint - ok
21:14:11.0430 4572 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:14:11.0485 4572 usbscan - ok
21:14:11.0592 4572 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:14:11.0614 4572 USBSTOR - ok
21:14:11.0709 4572 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:14:11.0736 4572 usbuhci - ok
21:14:11.0835 4572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:14:11.0852 4572 vdrvroot - ok
21:14:11.0981 4572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:14:12.0006 4572 vga - ok
21:14:12.0099 4572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:14:12.0202 4572 VgaSave - ok
21:14:12.0316 4572 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:14:12.0338 4572 vhdmp - ok
21:14:12.0436 4572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:14:12.0453 4572 viaide - ok
21:14:12.0560 4572 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:14:12.0579 4572 volmgr - ok
21:14:12.0692 4572 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:14:12.0719 4572 volmgrx - ok
21:14:12.0842 4572 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:14:12.0865 4572 volsnap - ok
21:14:12.0991 4572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:14:13.0019 4572 vsmraid - ok
21:14:13.0123 4572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:14:13.0154 4572 vwifibus - ok
21:14:13.0307 4572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:14:13.0350 4572 WacomPen - ok
21:14:13.0487 4572 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:14:13.0568 4572 WANARP - ok
21:14:13.0572 4572 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:14:13.0610 4572 Wanarpv6 - ok
21:14:13.0730 4572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:14:13.0748 4572 Wd - ok
21:14:13.0864 4572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:14:13.0899 4572 Wdf01000 - ok
21:14:14.0048 4572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:14:14.0106 4572 WfpLwf - ok
21:14:14.0208 4572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:14:14.0226 4572 WIMMount - ok
21:14:14.0408 4572 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:14:14.0434 4572 WinUsb - ok
21:14:14.0573 4572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:14:14.0619 4572 WmiAcpi - ok
21:14:14.0755 4572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:14:14.0828 4572 ws2ifsl - ok
21:14:14.0956 4572 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:14:15.0040 4572 WudfPf - ok
21:14:15.0174 4572 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:14:15.0268 4572 WUDFRd - ok
21:14:15.0407 4572 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:14:15.0461 4572 yukonw7 - ok
21:14:15.0548 4572 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
21:14:15.0564 4572 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
21:14:15.0627 4572 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:14:16.0554 4572 \Device\Harddisk0\DR0 - ok
21:14:16.0582 4572 Boot (0x1200) (be3fea112757aab3d6ffd22bbbee13f8) \Device\Harddisk0\DR0\Partition0
21:14:16.0584 4572 \Device\Harddisk0\DR0\Partition0 - ok
21:14:16.0608 4572 Boot (0x1200) (c0f2f4d486a3327853fbbff8b428e503) \Device\Harddisk0\DR0\Partition1
21:14:16.0609 4572 \Device\Harddisk0\DR0\Partition1 - ok
21:14:16.0610 4572 ============================================================
21:14:16.0610 4572 Scan finished
21:14:16.0610 4572 ============================================================
21:14:16.0630 4184 Detected object count: 2
21:14:16.0630 4184 Actual detected object count: 2
21:15:34.0179 4184 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
21:15:34.0179 4184 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:15:34.0180 4184 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
21:15:34.0180 4184 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:25:54.0754 3428 Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:
--- --- ---