| |
| |||||||
Log-Analyse und Auswertung: Windows Vista - Infektion mit Sirefef, Sirefef.ABWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.10.2012, 11:52
| #16 |
| /// Malwareteam   |  Windows Vista - Infektion mit Sirefef, Sirefef.AB Hi  der will uns ärgern  Versuchen wir es hiermit:Schritt 1 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung! Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit. Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste in deiner nächsten Antwort
__________________ Keep Jazzing!  DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
08.10.2012, 21:59
| #17 |
 | Windows Vista - Infektion mit Sirefef, Sirefef.AB nächste Runde:
__________________Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 09:29:12
-----------------------------
09:29:12.268 OS Version: Windows 6.0.6002 Service Pack 2
09:29:12.269 Number of processors: 2 586 0xF0B
09:29:12.271 ComputerName: NINA-PC UserName: Nina
09:29:45.973 Initialize success
09:33:13.913 AVAST engine defs: 12100800
09:36:25.842 The log file has been saved successfully to "G:\aswMBR.txt"
Code:
ATTFilter 09:36:50.0959 1960 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:36:51.0870 1960 ============================================================
09:36:51.0871 1960 Current date / time: 2012/10/09 09:36:51.0870
09:36:51.0871 1960 SystemInfo:
09:36:51.0871 1960
09:36:51.0871 1960 OS Version: 6.0.6002 ServicePack: 2.0
09:36:51.0871 1960 Product type: Workstation
09:36:51.0871 1960 ComputerName: NINA-PC
09:36:51.0871 1960 UserName: Nina
09:36:51.0872 1960 Windows directory: C:\Windows
09:36:51.0872 1960 System windows directory: C:\Windows
09:36:51.0872 1960 Processor architecture: Intel x86
09:36:51.0872 1960 Number of processors: 2
09:36:51.0872 1960 Page size: 0x1000
09:36:51.0872 1960 Boot type: Normal boot
09:36:51.0872 1960 ============================================================
09:36:53.0234 1960 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x3A38B, SectorsPerTrack: 0x20, TracksPerCylinder: 0x40, Type 'K0', Flags 0x00000050
09:36:53.0242 1960 Drive \Device\Harddisk1\DR3 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:36:53.0243 1960 ============================================================
09:36:53.0243 1960 \Device\Harddisk0\DR0:
09:36:53.0243 1960 MBR partitions:
09:36:53.0243 1960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0xE8E2800
09:36:53.0263 1960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF68F800, BlocksNum 0xDB35800
09:36:53.0263 1960 \Device\Harddisk1\DR3:
09:36:53.0263 1960 MBR partitions:
09:36:53.0263 1960 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E3BE0
09:36:53.0263 1960 ============================================================
09:36:53.0306 1960 C: <-> \Device\Harddisk0\DR0\Partition1
09:36:53.0402 1960 D: <-> \Device\Harddisk0\DR0\Partition2
09:36:53.0403 1960 ============================================================
09:36:53.0403 1960 Initialize success
09:36:53.0403 1960 ============================================================
09:37:01.0014 5604 ============================================================
09:37:01.0014 5604 Scan started
09:37:01.0014 5604 Mode: Manual;
09:37:01.0014 5604 ============================================================
09:37:01.0386 5604 ================ Scan system memory ========================
09:37:01.0386 5604 System memory - ok
09:37:01.0387 5604 ================ Scan services =============================
09:37:02.0039 5604 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:37:02.0046 5604 ACPI - ok
09:37:02.0240 5604 [ FE1E7BDA5639D5EC9BD575137D0C3516 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
09:37:02.0288 5604 AcrSch2Svc - ok
09:37:02.0345 5604 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:37:02.0367 5604 adp94xx - ok
09:37:02.0393 5604 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:37:02.0402 5604 adpahci - ok
09:37:02.0427 5604 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:37:02.0431 5604 adpu160m - ok
09:37:02.0458 5604 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:37:02.0461 5604 adpu320 - ok
09:37:02.0521 5604 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:37:02.0522 5604 AeLookupSvc - ok
09:37:02.0632 5604 [ 158ED54CE49CF828C1E46A811FFF8804 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
09:37:02.0650 5604 afcdp - ok
09:37:03.0001 5604 [ CD2B244F62BA9C4683597E3EDCB0FBE3 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
09:37:03.0133 5604 afcdpsrv - ok
09:37:03.0211 5604 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:37:03.0220 5604 AFD - ok
09:37:03.0250 5604 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:37:03.0253 5604 agp440 - ok
09:37:03.0275 5604 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:37:03.0278 5604 aic78xx - ok
09:37:03.0317 5604 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:37:03.0319 5604 ALG - ok
09:37:03.0345 5604 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
09:37:03.0348 5604 aliide - ok
09:37:03.0374 5604 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:37:03.0377 5604 amdagp - ok
09:37:03.0397 5604 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
09:37:03.0400 5604 amdide - ok
09:37:03.0438 5604 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:37:03.0440 5604 AmdK7 - ok
09:37:03.0466 5604 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:37:03.0468 5604 AmdK8 - ok
09:37:03.0526 5604 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:37:03.0527 5604 Appinfo - ok
09:37:03.0623 5604 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:37:03.0628 5604 Apple Mobile Device - ok
09:37:03.0655 5604 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
09:37:03.0660 5604 arc - ok
09:37:03.0697 5604 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:37:03.0700 5604 arcsas - ok
09:37:03.0763 5604 [ 66597AD6098352D11239C0C42100B176 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
09:37:03.0906 5604 ASLDRService - ok
09:37:04.0004 5604 [ F1A1B8C0E3B2542A2A9EC78EC0B3A591 ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
09:37:04.0037 5604 ASMMAP - ok
09:37:04.0076 5604 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:37:04.0078 5604 AsyncMac - ok
09:37:04.0114 5604 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
09:37:04.0119 5604 atapi - ok
09:37:04.0149 5604 [ B4C0D962A251555F3DAF42738CE6680D ] AtcL001 C:\Windows\system32\DRIVERS\atl01v32.sys
09:37:04.0152 5604 AtcL001 - ok
09:37:04.0175 5604 [ B607E1315332639B0FCA261F861FDD5F ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
09:37:04.0747 5604 ATKGFNEXSrv - ok
09:37:04.0808 5604 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:37:04.0823 5604 AudioEndpointBuilder - ok
09:37:04.0836 5604 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:37:04.0842 5604 Audiosrv - ok
09:37:04.0943 5604 [ 3E851CC6DB0C07A8CC640FD03EB6FDAE ] AVerAF15DMBTH C:\Windows\system32\Drivers\AVerAF15DMBTH.sys
09:37:05.0010 5604 AVerAF15DMBTH - ok
09:37:05.0131 5604 [ 95D7F9544B6C989D1AEBBBE4664BCD70 ] AVerRemote C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
09:37:05.0414 5604 AVerRemote - ok
09:37:05.0483 5604 [ 0DB0AB8415BFF81037981AF1D3BBBE97 ] AVerScheduleService C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
09:37:05.0727 5604 AVerScheduleService - ok
09:37:05.0781 5604 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:37:05.0783 5604 Beep - ok
09:37:05.0839 5604 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:37:05.0850 5604 BFE - ok
09:37:05.0923 5604 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
09:37:05.0949 5604 BITS - ok
09:37:05.0959 5604 blbdrive - ok
09:37:06.0015 5604 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:37:06.0020 5604 Bonjour Service - ok
09:37:06.0050 5604 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:37:06.0053 5604 bowser - ok
09:37:06.0090 5604 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:37:06.0092 5604 BrFiltLo - ok
09:37:06.0112 5604 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:37:06.0114 5604 BrFiltUp - ok
09:37:06.0150 5604 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:37:06.0153 5604 Browser - ok
09:37:06.0179 5604 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:37:06.0181 5604 Brserid - ok
09:37:06.0206 5604 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:37:06.0222 5604 BrSerWdm - ok
09:37:06.0255 5604 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:37:06.0256 5604 BrUsbMdm - ok
09:37:06.0266 5604 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
09:37:06.0269 5604 BrUsbSer - ok
09:37:06.0289 5604 [ A820438255F37AB8BAA2BD59753A8D81 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
09:37:06.0291 5604 BthEnum - ok
09:37:06.0311 5604 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:37:06.0314 5604 BTHMODEM - ok
09:37:06.0340 5604 [ B8C3D9DDF85FD197C3E5F849FEF71144 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:37:06.0344 5604 BthPan - ok
09:37:06.0366 5604 [ 4A74BBB2B6761789F42A6613479BDB1D ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
09:37:06.0371 5604 BTHPORT - ok
09:37:06.0409 5604 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
09:37:06.0424 5604 BthServ - ok
09:37:06.0458 5604 [ 1A407F9B707A06F55AA150F9AA072B09 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
09:37:06.0461 5604 BTHUSB - ok
09:37:06.0496 5604 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:37:06.0498 5604 cdfs - ok
09:37:06.0527 5604 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:37:06.0531 5604 cdrom - ok
09:37:06.0576 5604 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:37:06.0579 5604 CertPropSvc - ok
09:37:06.0607 5604 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:37:06.0609 5604 circlass - ok
09:37:06.0726 5604 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:37:06.0760 5604 CLFS - ok
09:37:06.0843 5604 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:37:06.0847 5604 clr_optimization_v2.0.50727_32 - ok
09:37:06.0900 5604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:37:06.0905 5604 clr_optimization_v4.0.30319_32 - ok
09:37:06.0955 5604 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:37:06.0963 5604 CmBatt - ok
09:37:06.0991 5604 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:37:06.0993 5604 cmdide - ok
09:37:07.0019 5604 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:37:07.0022 5604 Compbatt - ok
09:37:07.0031 5604 COMSysApp - ok
09:37:07.0045 5604 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:37:07.0047 5604 crcdisk - ok
09:37:07.0071 5604 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:37:07.0074 5604 Crusoe - ok
09:37:07.0136 5604 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:37:07.0139 5604 CryptSvc - ok
09:37:07.0203 5604 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:37:07.0216 5604 DcomLaunch - ok
09:37:07.0256 5604 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:37:07.0262 5604 DfsC - ok
09:37:07.0419 5604 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:37:07.0498 5604 DFSR - ok
09:37:07.0551 5604 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:37:07.0559 5604 Dhcp - ok
09:37:07.0605 5604 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:37:07.0617 5604 disk - ok
09:37:07.0659 5604 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:37:07.0664 5604 Dnscache - ok
09:37:07.0691 5604 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:37:07.0698 5604 dot3svc - ok
09:37:07.0724 5604 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:37:07.0728 5604 DPS - ok
09:37:07.0776 5604 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:37:07.0778 5604 drmkaud - ok
09:37:07.0833 5604 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:37:07.0850 5604 DXGKrnl - ok
09:37:07.0889 5604 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:37:07.0894 5604 E1G60 - ok
09:37:07.0927 5604 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:37:07.0940 5604 EapHost - ok
09:37:07.0996 5604 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:37:08.0001 5604 Ecache - ok
09:37:08.0049 5604 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:37:08.0059 5604 ehRecvr - ok
09:37:08.0094 5604 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
09:37:08.0097 5604 ehSched - ok
09:37:08.0122 5604 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
09:37:08.0132 5604 ehstart - ok
09:37:08.0174 5604 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:37:08.0184 5604 elxstor - ok
09:37:08.0238 5604 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:37:08.0255 5604 EMDMgmt - ok
09:37:08.0320 5604 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:37:08.0326 5604 EventSystem - ok
09:37:08.0446 5604 [ 695E398E5858C10813E54FAFC933514F ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
09:37:08.0465 5604 EvtEng - ok
09:37:08.0514 5604 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:37:08.0532 5604 exfat - ok
09:37:08.0568 5604 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:37:08.0573 5604 fastfat - ok
09:37:08.0605 5604 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:37:08.0607 5604 fdc - ok
09:37:08.0635 5604 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:37:08.0638 5604 fdPHost - ok
09:37:08.0664 5604 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:37:08.0678 5604 FDResPub - ok
09:37:08.0711 5604 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:37:08.0713 5604 FileInfo - ok
09:37:08.0744 5604 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:37:08.0746 5604 Filetrace - ok
09:37:08.0782 5604 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:37:08.0784 5604 flpydisk - ok
09:37:08.0817 5604 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:37:08.0824 5604 FltMgr - ok
09:37:08.0886 5604 [ 17119D86FB4A43A99BF5242DD3038394 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
09:37:08.0896 5604 fltsrv - ok
09:37:08.0951 5604 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
09:37:08.0976 5604 FontCache - ok
09:37:09.0047 5604 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:37:09.0057 5604 FontCache3.0.0.0 - ok
09:37:09.0080 5604 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:37:09.0082 5604 Fs_Rec - ok
09:37:09.0112 5604 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:37:09.0114 5604 gagp30kx - ok
09:37:09.0140 5604 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:37:09.0142 5604 GEARAspiWDM - ok
09:37:09.0188 5604 [ BA4A798183529FE251A3DCFA650670BF ] ghaio C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
09:37:09.0199 5604 ghaio - ok
09:37:09.0246 5604 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:37:09.0264 5604 gpsvc - ok
09:37:09.0311 5604 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:37:09.0316 5604 gupdate - ok
09:37:09.0338 5604 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:37:09.0341 5604 gupdatem - ok
09:37:09.0397 5604 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:37:09.0405 5604 HdAudAddService - ok
09:37:09.0453 5604 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:37:09.0468 5604 HDAudBus - ok
09:37:09.0510 5604 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:37:09.0511 5604 HidBth - ok
09:37:09.0530 5604 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:37:09.0533 5604 HidIr - ok
09:37:09.0557 5604 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
09:37:09.0561 5604 hidserv - ok
09:37:09.0589 5604 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:37:09.0591 5604 HidUsb - ok
09:37:09.0634 5604 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:37:09.0638 5604 hkmsvc - ok
09:37:09.0654 5604 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:37:09.0662 5604 HpCISSs - ok
09:37:09.0708 5604 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:37:09.0721 5604 HTTP - ok
09:37:09.0752 5604 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:37:09.0754 5604 i2omp - ok
09:37:09.0828 5604 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:37:09.0831 5604 i8042prt - ok
09:37:09.0895 5604 [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
09:37:09.0910 5604 IAANTMON - ok
09:37:09.0946 5604 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:37:09.0951 5604 iaStor - ok
09:37:09.0981 5604 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:37:09.0992 5604 iaStorV - ok
09:37:10.0190 5604 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:37:10.0218 5604 idsvc - ok
09:37:10.0250 5604 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:37:10.0253 5604 iirsp - ok
09:37:10.0304 5604 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:37:10.0324 5604 IKEEXT - ok
09:37:10.0455 5604 [ B84732D9F8459ABF6323D28A3270DC19 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:37:10.0504 5604 IntcAzAudAddService - ok
09:37:10.0560 5604 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
09:37:10.0567 5604 intelide - ok
09:37:10.0591 5604 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:37:10.0593 5604 intelppm - ok
09:37:10.0627 5604 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:37:10.0632 5604 IPBusEnum - ok
09:37:10.0663 5604 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:37:10.0664 5604 IpFilterDriver - ok
09:37:10.0673 5604 IpInIp - ok
09:37:10.0701 5604 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:37:10.0705 5604 IPMIDRV - ok
09:37:10.0727 5604 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:37:10.0731 5604 IPNAT - ok
09:37:10.0857 5604 [ 1E6F080D5EDB4C3B4C4EB787A0848DCC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:37:10.0875 5604 iPod Service - ok
09:37:10.0913 5604 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:37:10.0927 5604 IRENUM - ok
09:37:10.0957 5604 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:37:10.0960 5604 isapnp - ok
09:37:11.0003 5604 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:37:11.0006 5604 iScsiPrt - ok
09:37:11.0021 5604 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:37:11.0024 5604 iteatapi - ok
09:37:11.0040 5604 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:37:11.0042 5604 iteraid - ok
09:37:11.0066 5604 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:37:11.0068 5604 kbdclass - ok
09:37:11.0093 5604 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:37:11.0095 5604 kbdhid - ok
09:37:11.0124 5604 [ CC2A86D7BBF14977340DCA61BBCBA771 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
09:37:11.0126 5604 kbfiltr - ok
09:37:11.0163 5604 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:37:11.0167 5604 KeyIso - ok
09:37:11.0209 5604 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:37:11.0223 5604 KSecDD - ok
09:37:11.0282 5604 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:37:11.0293 5604 KtmRm - ok
09:37:11.0353 5604 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
09:37:11.0361 5604 LanmanServer - ok
09:37:11.0402 5604 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:37:11.0419 5604 LanmanWorkstation - ok
09:37:11.0477 5604 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:37:11.0480 5604 LightScribeService - ok
09:37:11.0510 5604 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:37:11.0512 5604 lltdio - ok
09:37:11.0559 5604 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:37:11.0575 5604 lltdsvc - ok
09:37:11.0606 5604 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:37:11.0611 5604 lmhosts - ok
09:37:11.0652 5604 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:37:11.0686 5604 LSI_FC - ok
09:37:11.0710 5604 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:37:11.0733 5604 LSI_SAS - ok
09:37:11.0766 5604 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:37:11.0770 5604 LSI_SCSI - ok
09:37:11.0798 5604 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:37:11.0808 5604 luafv - ok
09:37:11.0848 5604 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:37:11.0853 5604 Mcx2Svc - ok
09:37:11.0884 5604 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
09:37:11.0887 5604 megasas - ok
09:37:11.0913 5604 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:37:11.0918 5604 MMCSS - ok
09:37:11.0940 5604 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:37:11.0942 5604 Modem - ok
09:37:11.0993 5604 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
09:37:12.0003 5604 MODEMCSA - ok
09:37:12.0060 5604 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:37:12.0061 5604 monitor - ok
09:37:12.0083 5604 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:37:12.0087 5604 mouclass - ok
09:37:12.0137 5604 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:37:12.0144 5604 mouhid - ok
09:37:12.0190 5604 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:37:12.0193 5604 MountMgr - ok
09:37:12.0278 5604 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:37:12.0299 5604 MpFilter - ok
09:37:12.0339 5604 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
09:37:12.0342 5604 mpio - ok
09:37:12.0474 5604 [ A69630D039C38018689190234F866D77 ] MpKslcfc6c124 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4FD79F5-E263-4FDE-A276-62196E5BA0C2}\MpKslcfc6c124.sys
09:37:12.0475 5604 MpKslcfc6c124 - ok
09:37:12.0517 5604 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:37:12.0530 5604 mpsdrv - ok
09:37:12.0585 5604 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:37:12.0595 5604 MpsSvc - ok
09:37:12.0622 5604 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:37:12.0625 5604 Mraid35x - ok
09:37:12.0658 5604 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:37:12.0660 5604 MRxDAV - ok
09:37:12.0702 5604 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:37:12.0714 5604 mrxsmb - ok
09:37:12.0756 5604 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:37:12.0764 5604 mrxsmb10 - ok
09:37:12.0788 5604 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:37:12.0791 5604 mrxsmb20 - ok
09:37:12.0834 5604 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
09:37:12.0836 5604 msahci - ok
09:37:12.0860 5604 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:37:12.0863 5604 msdsm - ok
09:37:12.0888 5604 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:37:12.0895 5604 MSDTC - ok
09:37:12.0918 5604 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:37:12.0920 5604 Msfs - ok
09:37:12.0974 5604 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:37:12.0984 5604 msisadrv - ok
09:37:13.0015 5604 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:37:13.0021 5604 MSiSCSI - ok
09:37:13.0030 5604 msiserver - ok
09:37:13.0068 5604 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:37:13.0077 5604 MSKSSRV - ok
09:37:13.0168 5604 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:37:13.0178 5604 MsMpSvc - ok
09:37:13.0204 5604 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:37:13.0207 5604 MSPCLOCK - ok
09:37:13.0226 5604 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:37:13.0229 5604 MSPQM - ok
09:37:13.0259 5604 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:37:13.0264 5604 MsRPC - ok
09:37:13.0296 5604 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:37:13.0298 5604 mssmbios - ok
09:37:13.0308 5604 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:37:13.0310 5604 MSTEE - ok
09:37:13.0347 5604 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
09:37:13.0349 5604 MTsensor - ok
09:37:13.0363 5604 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:37:13.0365 5604 Mup - ok
09:37:13.0402 5604 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:37:13.0421 5604 napagent - ok
09:37:13.0456 5604 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:37:13.0474 5604 NativeWifiP - ok
09:37:13.0546 5604 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:37:13.0561 5604 NDIS - ok
09:37:13.0594 5604 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:37:13.0596 5604 NdisTapi - ok
09:37:13.0626 5604 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:37:13.0628 5604 Ndisuio - ok
09:37:13.0653 5604 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:37:13.0658 5604 NdisWan - ok
09:37:13.0696 5604 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:37:13.0701 5604 NDProxy - ok
09:37:13.0718 5604 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:37:13.0720 5604 NetBIOS - ok
09:37:13.0763 5604 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:37:13.0769 5604 netbt - ok
09:37:13.0785 5604 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:37:13.0789 5604 Netlogon - ok
09:37:13.0831 5604 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:37:13.0844 5604 Netman - ok
09:37:13.0882 5604 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:37:13.0892 5604 netprofm - ok
09:37:13.0919 5604 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:37:13.0924 5604 NetTcpPortSharing - ok
09:37:14.0011 5604 [ A15F219208843A5A210C8CB391384453 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
09:37:14.0061 5604 NETw3v32 - ok
09:37:14.0159 5604 [ CB3AF516A6797B27725E3F1E73F3496C ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
09:37:14.0236 5604 NETw4v32 - ok
09:37:14.0276 5604 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:37:14.0279 5604 nfrd960 - ok
09:37:14.0333 5604 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:37:14.0337 5604 NisDrv - ok
09:37:14.0396 5604 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
09:37:14.0406 5604 NisSrv - ok
09:37:14.0438 5604 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:37:14.0447 5604 NlaSvc - ok
09:37:14.0483 5604 NMIndexingService - ok
09:37:14.0516 5604 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:37:14.0519 5604 Npfs - ok
09:37:14.0552 5604 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:37:14.0558 5604 nsi - ok
09:37:14.0594 5604 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:37:14.0596 5604 nsiproxy - ok
09:37:14.0672 5604 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:37:14.0703 5604 Ntfs - ok
09:37:14.0739 5604 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:37:14.0742 5604 ntrigdigi - ok
09:37:14.0780 5604 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:37:14.0783 5604 Null - ok
09:37:15.0168 5604 [ 5CE5B23855262ACABAECCE156F48DD88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:37:15.0460 5604 nvlddmkm - ok
09:37:15.0499 5604 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:37:15.0503 5604 nvraid - ok
09:37:15.0517 5604 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:37:15.0520 5604 nvstor - ok
09:37:15.0571 5604 [ 6DF4CC671CD9704840C5522627F3ED43 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:37:15.0581 5604 nvsvc - ok
09:37:15.0604 5604 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:37:15.0606 5604 nv_agp - ok
09:37:15.0615 5604 NwlnkFlt - ok
09:37:15.0631 5604 NwlnkFwd - ok
09:37:15.0692 5604 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:37:15.0706 5604 odserv - ok
09:37:15.0763 5604 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:37:15.0766 5604 ohci1394 - ok
09:37:15.0803 5604 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:37:15.0808 5604 ose - ok
09:37:15.0871 5604 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:37:15.0893 5604 p2pimsvc - ok
09:37:15.0915 5604 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:37:15.0929 5604 p2psvc - ok
09:37:15.0963 5604 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
09:37:15.0967 5604 Parport - ok
09:37:15.0999 5604 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:37:16.0002 5604 partmgr - ok
09:37:16.0015 5604 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
09:37:16.0017 5604 Parvdm - ok
09:37:16.0046 5604 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:37:16.0053 5604 PcaSvc - ok
09:37:16.0087 5604 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:37:16.0090 5604 pci - ok
09:37:16.0112 5604 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
09:37:16.0114 5604 pciide - ok
09:37:16.0156 5604 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:37:16.0162 5604 pcmcia - ok
09:37:16.0225 5604 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:37:16.0249 5604 PEAUTH - ok
09:37:16.0346 5604 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:37:16.0392 5604 pla - ok
09:37:16.0431 5604 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:37:16.0441 5604 PlugPlay - ok
09:37:16.0504 5604 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:37:16.0518 5604 PNRPAutoReg - ok
09:37:16.0542 5604 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:37:16.0558 5604 PNRPsvc - ok
09:37:16.0612 5604 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:37:16.0625 5604 PolicyAgent - ok
09:37:16.0666 5604 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:37:16.0699 5604 PptpMiniport - ok
09:37:16.0743 5604 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
09:37:16.0745 5604 Processor - ok
09:37:16.0779 5604 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:37:16.0789 5604 ProfSvc - ok
09:37:16.0807 5604 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:37:16.0811 5604 ProtectedStorage - ok
09:37:16.0846 5604 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:37:16.0848 5604 PSched - ok
09:37:16.0921 5604 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:37:16.0946 5604 ql2300 - ok
09:37:16.0968 5604 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:37:16.0972 5604 ql40xx - ok
09:37:17.0017 5604 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:37:17.0028 5604 QWAVE - ok
09:37:17.0052 5604 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:37:17.0054 5604 QWAVEdrv - ok
09:37:17.0127 5604 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
09:37:17.0133 5604 RapiMgr - ok
09:37:17.0168 5604 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:37:17.0171 5604 RasAcd - ok
09:37:17.0206 5604 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:37:17.0214 5604 RasAuto - ok
09:37:17.0242 5604 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:37:17.0246 5604 Rasl2tp - ok
09:37:17.0285 5604 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:37:17.0297 5604 RasMan - ok
09:37:17.0329 5604 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:37:17.0331 5604 RasPppoe - ok
09:37:17.0367 5604 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:37:17.0371 5604 RasSstp - ok
09:37:17.0396 5604 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:37:17.0404 5604 rdbss - ok
09:37:17.0436 5604 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:37:17.0438 5604 RDPCDD - ok
09:37:17.0475 5604 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:37:17.0483 5604 rdpdr - ok
09:37:17.0492 5604 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:37:17.0495 5604 RDPENCDD - ok
09:37:17.0529 5604 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:37:17.0536 5604 RDPWD - ok
09:37:17.0583 5604 [ B3611F5CC7052FE52998984A4361880F ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
09:37:17.0589 5604 RegSrvc - ok
09:37:17.0633 5604 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:37:17.0639 5604 RemoteAccess - ok
09:37:17.0677 5604 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:37:17.0686 5604 RemoteRegistry - ok
09:37:17.0718 5604 [ 7EC90C316177BA3F1BCE92005264B447 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:37:17.0721 5604 RFCOMM - ok
09:37:17.0754 5604 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
09:37:17.0757 5604 rimmptsk - ok
09:37:17.0774 5604 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
09:37:17.0777 5604 rimsptsk - ok
09:37:17.0790 5604 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
09:37:17.0792 5604 rismxdp - ok
09:37:17.0829 5604 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:37:17.0833 5604 RpcLocator - ok
09:37:17.0868 5604 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
09:37:17.0881 5604 RpcSs - ok
09:37:17.0917 5604 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:37:17.0920 5604 rspndr - ok
09:37:17.0954 5604 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
09:37:17.0957 5604 RTL8169 - ok
09:37:17.0969 5604 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:37:17.0973 5604 SamSs - ok
09:37:17.0988 5604 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:37:17.0993 5604 sbp2port - ok
09:37:18.0039 5604 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:37:18.0047 5604 SCardSvr - ok
09:37:18.0108 5604 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:37:18.0121 5604 Schedule - ok
09:37:18.0153 5604 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:37:18.0155 5604 SCPolicySvc - ok
09:37:18.0191 5604 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:37:18.0195 5604 sdbus - ok
09:37:18.0229 5604 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:37:18.0236 5604 SDRSVC - ok
09:37:18.0264 5604 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:37:18.0267 5604 secdrv - ok
09:37:18.0298 5604 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:37:18.0304 5604 seclogon - ok
09:37:18.0321 5604 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
09:37:18.0328 5604 SENS - ok
09:37:18.0341 5604 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:37:18.0343 5604 Serenum - ok
09:37:18.0365 5604 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
09:37:18.0369 5604 Serial - ok
09:37:18.0407 5604 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:37:18.0409 5604 sermouse - ok
09:37:18.0446 5604 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:37:18.0455 5604 SessionEnv - ok
09:37:18.0500 5604 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
09:37:18.0503 5604 sffdisk - ok
09:37:18.0539 5604 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:37:18.0542 5604 sffp_mmc - ok
09:37:18.0571 5604 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
09:37:18.0573 5604 sffp_sd - ok
09:37:18.0595 5604 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:37:18.0598 5604 sfloppy - ok
09:37:18.0647 5604 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:37:18.0659 5604 ShellHWDetection - ok
09:37:18.0683 5604 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:37:18.0687 5604 sisagp - ok
09:37:18.0705 5604 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:37:18.0707 5604 SiSRaid2 - ok
09:37:18.0732 5604 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:37:18.0737 5604 SiSRaid4 - ok
09:37:18.0781 5604 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:37:18.0787 5604 SkypeUpdate - ok
09:37:18.0925 5604 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:37:19.0056 5604 slsvc - ok
09:37:19.0089 5604 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:37:19.0096 5604 SLUINotify - ok
09:37:19.0136 5604 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:37:19.0140 5604 Smb - ok
09:37:19.0223 5604 [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
09:37:19.0255 5604 smserial - ok
09:37:19.0326 5604 [ 1BC68A9A70F92D5EFFBF0700AE2D7432 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
09:37:19.0333 5604 snapman - ok
09:37:19.0368 5604 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:37:19.0375 5604 SNMPTRAP - ok
09:37:19.0468 5604 [ 750771BB0F0EDA12BBC93F223FE682D4 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
09:37:19.0518 5604 SNP2UVC - ok
09:37:19.0546 5604 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:37:19.0549 5604 spldr - ok
09:37:19.0581 5604 [ D1E30EEA74ED4C65A72AFDE5B6FA36EE ] spmgr C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
09:37:19.0585 5604 spmgr - ok
09:37:19.0623 5604 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:37:19.0632 5604 Spooler - ok
09:37:19.0708 5604 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\System32\Drivers\sptd.sys
09:37:19.0728 5604 sptd - ok
09:37:19.0766 5604 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:37:19.0771 5604 srv - ok
09:37:19.0811 5604 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:37:19.0817 5604 srv2 - ok
09:37:19.0847 5604 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:37:19.0851 5604 srvnet - ok
09:37:19.0884 5604 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:37:19.0894 5604 SSDPSRV - ok
09:37:19.0939 5604 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:37:19.0948 5604 SstpSvc - ok
09:37:19.0960 5604 Steam Client Service - ok
09:37:19.0996 5604 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:37:20.0015 5604 stisvc - ok
09:37:20.0034 5604 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:37:20.0036 5604 swenum - ok
09:37:20.0088 5604 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:37:20.0098 5604 swprv - ok
09:37:20.0133 5604 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:37:20.0136 5604 Symc8xx - ok
09:37:20.0150 5604 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:37:20.0153 5604 Sym_hi - ok
09:37:20.0174 5604 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:37:20.0177 5604 Sym_u3 - ok
09:37:20.0422 5604 [ 9AD49345CBCAFB82DBE0CC9CDD55E3D2 ] syncagentsrv C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
09:37:20.0651 5604 syncagentsrv - ok
09:37:20.0685 5604 [ 760E4F5A1E754BBE4A1BD2A0B54F6AA6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:37:20.0692 5604 SynTP - ok
09:37:20.0751 5604 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:37:20.0773 5604 SysMain - ok
09:37:20.0802 5604 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:37:20.0811 5604 TabletInputService - ok
09:37:20.0856 5604 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:37:20.0870 5604 TapiSrv - ok
09:37:20.0904 5604 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:37:20.0911 5604 TBS - ok
09:37:20.0973 5604 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:37:21.0000 5604 Tcpip - ok
09:37:21.0033 5604 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:37:21.0048 5604 Tcpip6 - ok
09:37:21.0091 5604 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:37:21.0093 5604 tcpipreg - ok
09:37:21.0122 5604 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:37:21.0125 5604 TDPIPE - ok
09:37:21.0206 5604 [ E04AB70501B2AD59DA3612C175AFD5D7 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
09:37:21.0229 5604 tdrpman - ok
09:37:21.0262 5604 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:37:21.0264 5604 TDTCP - ok
09:37:21.0305 5604 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:37:21.0309 5604 tdx - ok
09:37:21.0333 5604 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:37:21.0336 5604 TermDD - ok
09:37:21.0376 5604 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:37:21.0394 5604 TermService - ok
09:37:21.0424 5604 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:37:21.0434 5604 Themes - ok
09:37:21.0457 5604 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:37:21.0462 5604 THREADORDER - ok
09:37:21.0499 5604 [ 4E4BA74565E8300596025FDF8B271CD1 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
09:37:21.0518 5604 timounter - ok
09:37:21.0566 5604 [ 6D9AD3534A9CF7E4B86C6EAE8BC335F6 ] TPM C:\Windows\system32\drivers\tpm.sys
09:37:21.0568 5604 TPM - ok
09:37:21.0599 5604 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:37:21.0606 5604 TrkWks - ok
09:37:21.0656 5604 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:37:21.0683 5604 TrustedInstaller - ok
09:37:21.0715 5604 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:37:21.0718 5604 tssecsrv - ok
09:37:21.0751 5604 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:37:21.0753 5604 tunmp - ok
09:37:21.0773 5604 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:37:21.0776 5604 tunnel - ok
09:37:21.0811 5604 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:37:21.0814 5604 uagp35 - ok
09:37:21.0849 5604 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:37:21.0857 5604 udfs - ok
09:37:21.0891 5604 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:37:21.0898 5604 UI0Detect - ok
09:37:21.0913 5604 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:37:21.0916 5604 uliagpkx - ok
09:37:21.0944 5604 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:37:21.0953 5604 uliahci - ok
09:37:21.0984 5604 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:37:21.0988 5604 UlSata - ok
09:37:22.0015 5604 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:37:22.0021 5604 ulsata2 - ok
09:37:22.0067 5604 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:37:22.0070 5604 umbus - ok
09:37:22.0108 5604 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
09:37:22.0111 5604 UMPass - ok
09:37:22.0141 5604 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:37:22.0154 5604 upnphost - ok
09:37:22.0211 5604 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:37:22.0215 5604 usbaudio - ok
09:37:22.0252 5604 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:37:22.0256 5604 usbccgp - ok
09:37:22.0291 5604 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:37:22.0294 5604 usbcir - ok
09:37:22.0317 5604 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:37:22.0319 5604 usbehci - ok
09:37:22.0346 5604 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:37:22.0353 5604 usbhub - ok
09:37:22.0371 5604 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:37:22.0374 5604 usbohci - ok
09:37:22.0408 5604 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:37:22.0411 5604 usbprint - ok
09:37:22.0449 5604 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:37:22.0452 5604 USBSTOR - ok
09:37:22.0478 5604 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:37:22.0480 5604 usbuhci - ok
09:37:22.0528 5604 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:37:22.0534 5604 usbvideo - ok
09:37:22.0577 5604 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:37:22.0585 5604 UxSms - ok
09:37:22.0610 5604 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:37:22.0627 5604 vds - ok
09:37:22.0652 5604 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:37:22.0655 5604 vga - ok
09:37:22.0689 5604 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:37:22.0692 5604 VgaSave - ok
09:37:22.0711 5604 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:37:22.0714 5604 viaagp - ok
09:37:22.0741 5604 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:37:22.0744 5604 ViaC7 - ok
09:37:22.0761 5604 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
09:37:22.0763 5604 viaide - ok
09:37:22.0810 5604 [ 9D71C424898E029E316FA93AD494950E ] vididr C:\Windows\system32\DRIVERS\vididr.sys
09:37:22.0815 5604 vididr - ok
09:37:22.0831 5604 [ 47AB6AC7635E40F3C55C5A32CC4B86A8 ] vidsflt67 C:\Windows\system32\DRIVERS\vsflt67.sys
09:37:22.0836 5604 vidsflt67 - ok
09:37:22.0853 5604 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:37:22.0855 5604 volmgr - ok
09:37:22.0902 5604 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:37:22.0907 5604 volmgrx - ok
09:37:22.0925 5604 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:37:22.0933 5604 volsnap - ok
09:37:22.0973 5604 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:37:22.0978 5604 vsmraid - ok
09:37:23.0039 5604 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:37:23.0075 5604 VSS - ok
09:37:23.0101 5604 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:37:23.0115 5604 W32Time - ok
09:37:23.0158 5604 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:37:23.0160 5604 WacomPen - ok
09:37:23.0193 5604 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:37:23.0196 5604 Wanarp - ok
09:37:23.0206 5604 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:37:23.0208 5604 Wanarpv6 - ok
09:37:23.0243 5604 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
09:37:23.0248 5604 WcesComm - ok
09:37:23.0293 5604 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:37:23.0305 5604 wcncsvc - ok
09:37:23.0334 5604 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:37:23.0341 5604 WcsPlugInService - ok
09:37:23.0381 5604 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
09:37:23.0384 5604 Wd - ok
09:37:23.0427 5604 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:37:23.0443 5604 Wdf01000 - ok
09:37:23.0482 5604 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:37:23.0491 5604 WdiServiceHost - ok
09:37:23.0501 5604 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:37:23.0508 5604 WdiSystemHost - ok
09:37:23.0556 5604 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:37:23.0565 5604 WebClient - ok
09:37:23.0601 5604 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:37:23.0610 5604 Wecsvc - ok
09:37:23.0644 5604 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:37:23.0652 5604 wercplsupport - ok
09:37:23.0686 5604 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:37:23.0696 5604 WerSvc - ok
09:37:23.0709 5604 WinHttpAutoProxySvc - ok
09:37:23.0765 5604 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:37:23.0771 5604 Winmgmt - ok
09:37:23.0838 5604 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:37:23.0877 5604 WinRM - ok
09:37:23.0911 5604 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
09:37:23.0914 5604 winusb - ok
09:37:23.0973 5604 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:37:23.0994 5604 Wlansvc - ok
09:37:24.0132 5604 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:37:24.0181 5604 wlidsvc - ok
09:37:24.0207 5604 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:37:24.0210 5604 WmiAcpi - ok
09:37:24.0243 5604 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:37:24.0246 5604 wmiApSrv - ok
09:37:24.0329 5604 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:37:24.0355 5604 WMPNetworkSvc - ok
09:37:24.0395 5604 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:37:24.0403 5604 WPCSvc - ok
09:37:24.0443 5604 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:37:24.0454 5604 WPDBusEnum - ok
09:37:24.0487 5604 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
09:37:24.0490 5604 WpdUsb - ok
09:37:24.0590 5604 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:37:24.0602 5604 WPFFontCache_v0400 - ok
09:37:24.0638 5604 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:37:24.0640 5604 ws2ifsl - ok
09:37:24.0650 5604 WSearch - ok
09:37:24.0780 5604 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:37:24.0841 5604 wuauserv - ok
09:37:24.0875 5604 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:37:24.0879 5604 WUDFRd - ok
09:37:24.0908 5604 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:37:24.0916 5604 wudfsvc - ok
09:37:24.0930 5604 ================ Scan global ===============================
09:37:24.0943 5604 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:37:24.0999 5604 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:37:25.0030 5604 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:37:25.0083 5604 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:37:25.0097 5604 [Global] - ok
09:37:25.0098 5604 ================ Scan MBR ==================================
09:37:25.0111 5604 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:37:25.0415 5604 \Device\Harddisk0\DR0 - ok
09:37:25.0426 5604 [ C3BF017D6EE85E7F3DFBBF8A248A7F54 ] \Device\Harddisk1\DR3
09:37:25.0996 5604 \Device\Harddisk1\DR3 - ok
09:37:25.0996 5604 ================ Scan VBR ==================================
09:37:26.0000 5604 [ D0F303C7823B71BCC4E52A371BF2F3DE ] \Device\Harddisk0\DR0\Partition1
09:37:26.0003 5604 \Device\Harddisk0\DR0\Partition1 - ok
09:37:26.0025 5604 [ A9724774CF11B9E64C91443B658E497A ] \Device\Harddisk0\DR0\Partition2
09:37:26.0028 5604 \Device\Harddisk0\DR0\Partition2 - ok
09:37:26.0034 5604 [ 3D080CBEF46552F3FE8A993973EBDDF8 ] \Device\Harddisk1\DR3\Partition1
09:37:26.0035 5604 \Device\Harddisk1\DR3\Partition1 - ok
09:37:26.0036 5604 ============================================================
09:37:26.0036 5604 Scan finished
09:37:26.0036 5604 ============================================================
09:37:26.0047 3252 Detected object count: 0
09:37:26.0048 3252 Actual detected object count: 0
09:54:26.0568 2492 Deinitialize success
|
|
08.10.2012, 22:03
| #18 |
| /// Malwareteam | Windows Vista - Infektion mit Sirefef, Sirefef.AB Du hast aswMBR nicht per Rechtsklick als Administrator ausgeführt.
__________________Bitte wiederholen
__________________ |
|
08.10.2012, 23:52
| #19 |
| | Windows Vista - Infektion mit Sirefef, Sirefef.AB Ausgeführt als Admin hatte ich es, aber nicht auf scan gedrückt  Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 09:29:12
-----------------------------
09:29:12.268 OS Version: Windows 6.0.6002 Service Pack 2
09:29:12.269 Number of processors: 2 586 0xF0B
09:29:12.271 ComputerName: NINA-PC UserName: Nina
09:29:45.973 Initialize success
09:33:13.913 AVAST engine defs: 12100800
09:36:25.842 The log file has been saved successfully to "G:\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 10:08:15
-----------------------------
10:08:15.401 OS Version: Windows 6.0.6002 Service Pack 2
10:08:15.401 Number of processors: 2 586 0xF0B
10:08:15.403 ComputerName: NINA-PC UserName: Nina
10:08:16.312 Initialize success
10:08:30.657 AVAST engine defs: 12100800
10:08:33.728 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:08:33.734 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
10:08:33.752 Disk 0 MBR read successfully
10:08:33.759 Disk 0 MBR scan
10:08:33.819 Disk 0 Windows VISTA default MBR code
10:08:33.839 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 7000 MB offset 2048
10:08:33.861 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119237 MB offset 14338048
10:08:33.897 Disk 0 Partition - 00 05 Extended 112236 MB offset 258535424
10:08:33.963 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 112235 MB offset 258537472
10:08:34.023 Disk 0 scanning sectors +488394752
10:08:34.192 Disk 0 scanning C:\Windows\system32\drivers
10:09:12.229 Service scanning
10:09:45.134 Service MpKslcfc6c124 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4FD79F5-E263-4FDE-A276-62196E5BA0C2}\MpKslcfc6c124.sys **LOCKED** 32
10:10:29.441 Modules scanning
10:10:40.172 Disk 0 trace - called modules:
10:10:40.194
10:10:41.536 AVAST engine scan C:\Windows
10:10:56.602 AVAST engine scan C:\Windows\system32
10:18:18.375 AVAST engine scan C:\Windows\system32\drivers
10:18:58.274 AVAST engine scan C:\Users\Nina
11:10:13.439 AVAST engine scan C:\ProgramData
11:16:09.106 Scan finished successfully
11:47:59.862 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
11:48:00.082 The log file has been saved successfully to "G:\aswMBR.txt"
|
|
09.10.2012, 12:22
| #20 |
| /// Malwareteam | Windows Vista - Infektion mit Sirefef, Sirefef.AB Hi Langsam wirds kniffelig... Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
Hinweis: Wie boote ich von CD
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
12.10.2012, 12:30
| #21 |
| /// Malwareteam | Windows Vista - Infektion mit Sirefef, Sirefef.AB Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist!
__________________ --> Windows Vista - Infektion mit Sirefef, Sirefef.AB |
|
12.10.2012, 13:29
| #22 |
| | Windows Vista - Infektion mit Sirefef, Sirefef.AB Hey - nein, es es kein Desinteresse. Zu allem übel ist am donnerstag der Nagel eue router gestorben. Ergo, kein internet  3g ist hier leider zu teuer für alles ausser e-mail. Der provider schickt mir einen neuen Router, der sollte morgen hier sein.Ich habe den scan gemacht und poste ihn so bald ich kann. Es wurde (auch nach dem 2. Versuch) keine extras.txt auf c:/ angelegt. |
|
12.10.2012, 14:22
| #23 |
| /// Malwareteam | Windows Vista - Infektion mit Sirefef, Sirefef.AB Ok, kein Problem, Unvorhergesehenes geschieht Bitte poste das Scanergebnis sobald es bei dir möglich ist
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
15.10.2012, 22:19
| #24 |
| | Windows Vista - Infektion mit Sirefef, Sirefef.AB Ok ... mein Provider hat es seit Donnerstag noch nicht geschafft die Verbindung wieder hin zu kriegen, aber es muss ja weiter gehen. Also hier, in voller 3G übertragungspracht, das Log. Wie gesagt, keine extras.txt. Habe die ganze Kiste noch mal gescannt. Code:
ATTFilter OTL logfile created on: 10/10/2012 8:37:17 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 21.67 Gb Free Space | 18.61% Space Free | Partition Type: NTFS
Drive D: | 109.60 Gb Total Space | 31.07 Gb Free Space | 28.35% Space Free | Partition Type: NTFS
Drive E: | 967.22 Mb Total Space | 663.44 Mb Free Space | 68.59% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (NMIndexingService)
SRV - [2012/10/02 18:10:31 | 003,459,024 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/09/30 03:44:09 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/12 00:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 00:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/12 21:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/28 00:32:18 | 005,915,352 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/06/28 00:29:42 | 000,821,048 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/12/07 09:13:14 | 000,397,312 | ---- | M] () [Disabled] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009/10/31 02:48:42 | 000,348,160 | ---- | M] (AVerMedia) [Disabled] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/15 13:47:48 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/02/12 08:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/05 22:13:14 | 000,094,208 | ---- | M] () [Disabled] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006/12/28 20:17:50 | 000,123,248 | ---- | M] () [Auto] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/10/02 18:10:44 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/10/02 18:10:11 | 000,775,232 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012/10/02 18:10:03 | 000,614,592 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/10/02 18:09:12 | 000,126,880 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012/10/02 18:09:11 | 000,086,496 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\vsflt67.sys -- (vidsflt67) Acronis Disk Storage Filter (67)
DRV - [2012/10/02 18:09:06 | 000,177,600 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/10/02 18:09:03 | 000,080,416 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012/08/30 05:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/05/06 06:35:16 | 000,569,728 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerAF15DMBTH.sys -- (AVerAF15DMBTH)
DRV - [2009/10/31 05:38:28 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/25 22:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/01 07:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/05/24 22:15:15 | 001,743,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/04/30 10:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/15 02:41:15 | 000,048,128 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atl01v32.sys -- (AtcL001)
DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/05 07:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/01/24 06:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/15 22:02:19 | 000,015,216 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006/11/02 05:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Florian_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\Florian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com
IE - HKU\Florian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Mcx1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Nina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\22.0.1229.92\npchrome_frame.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Mcx1_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\22.0.1229.92\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Nina\Documents\Uni und Schule
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Nina\Documents\pics from NZ friends
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Nina\Documents\NINA - Queen of Awesomeness and Antarctica
[2012/10/08 16:28:55 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nina\Desktop\tdsskiller.exe
[2012/10/08 16:28:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Nina\Desktop\aswMBR.exe
[2012/10/08 03:52:34 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/02 18:12:19 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Acronis
[2012/10/02 18:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012/10/02 18:10:41 | 000,234,752 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\afcdp.sys
[2012/10/02 18:10:10 | 000,775,232 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tdrpman.sys
[2012/10/02 18:10:02 | 000,614,592 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012/10/02 18:09:12 | 000,126,880 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vididr.sys
[2012/10/02 18:09:10 | 000,086,496 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vsflt67.sys
[2012/10/02 18:09:06 | 000,177,600 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012/10/02 18:09:03 | 000,080,416 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\fltsrv.sys
[2012/10/02 18:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2012/10/02 18:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012/10/02 18:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2012/10/02 08:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/10/02 07:33:25 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/02 07:32:33 | 000,381,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\PsExec.exe
[2012/10/02 06:56:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Desktop\Neuer Ordner
[2012/10/02 01:03:54 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\ElevatedDiagnostics
[2012/10/01 04:11:50 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{ECDEF87C-64BF-4661-B9CC-BF20B5C042C5}
[2012/10/01 01:56:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{A083496B-F28A-454E-ACD6-AE190C1B0283}
[2012/09/30 18:07:59 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{3A09E88B-5581-46ED-9BC1-37B250087C21}
[2012/09/30 16:44:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012/09/30 05:04:03 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes
[2012/09/30 05:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/30 05:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/30 05:02:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/30 05:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/30 03:53:30 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/09/30 03:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012/09/30 03:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/09/30 03:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/09/30 01:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/30 01:19:50 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{E6D7D3C0-3687-457D-8D8D-AF6830A285E0}
[2012/09/29 05:22:35 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{20666CC0-4259-43A3-A916-C011F1229BFD}
[2012/09/27 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{D21FCDC8-0591-4A39-A636-7040B1A90BC8}
[2012/09/27 02:40:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/27 02:40:40 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2012/09/27 02:40:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/27 02:40:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/27 02:40:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/27 02:40:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/27 02:40:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/09/27 02:40:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/27 02:40:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/27 02:40:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/27 01:49:33 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{928279D6-6C89-49E1-8F47-762BC1025D61}
[2012/09/26 23:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/26 23:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/26 22:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/09/26 22:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/09/26 21:57:18 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{8771A15B-7446-4500-82BD-7D9955761C20}
[2012/09/25 18:16:10 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{75BAB726-26B3-489B-AB66-6C843DD63D67}
[2012/09/24 20:44:17 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{8E93B501-DBF1-44CF-8D06-26E71FF5752E}
[2012/09/22 06:01:27 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{6396CA56-3F9E-4835-A99D-8072AA846B38}
[2012/09/19 06:42:52 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\dvdcss
[2007/01/24 06:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
========== Files - Modified Within 30 Days ==========
[2012/10/10 02:22:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/10 02:21:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 02:21:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 02:21:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/10 02:20:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/10 02:16:56 | 000,633,584 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/10/10 02:16:56 | 000,600,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/10 02:16:56 | 000,128,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/10/10 02:16:56 | 000,106,018 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/10 02:15:00 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/10/10 02:12:05 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/10/10 02:12:04 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/08 16:25:34 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nina\Desktop\tdsskiller.exe
[2012/10/08 16:24:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nina\Desktop\aswMBR.exe
[2012/10/02 18:10:44 | 000,234,752 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\afcdp.sys
[2012/10/02 18:10:11 | 000,775,232 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tdrpman.sys
[2012/10/02 18:10:03 | 000,614,592 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012/10/02 18:09:12 | 000,126,880 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vididr.sys
[2012/10/02 18:09:11 | 000,086,496 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vsflt67.sys
[2012/10/02 18:09:06 | 000,177,600 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012/10/02 18:09:03 | 000,080,416 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\fltsrv.sys
[2012/10/02 18:08:54 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
[2012/10/02 18:08:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2012/10/02 07:54:22 | 000,052,566 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\nvModes.001
[2012/10/02 07:44:05 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/02 07:44:00 | 000,001,833 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/02 07:33:25 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/01 01:55:21 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012/09/30 06:45:58 | 000,302,592 | ---- | M] () -- C:\Users\Nina\Desktop\soo9ymcb.exe
[2012/09/30 06:45:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012/09/30 05:02:26 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/30 05:02:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/30 04:34:04 | 000,035,541 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\nvModes.001
[2012/09/30 03:53:30 | 000,000,214 | ---- | M] () -- C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
[2012/09/30 03:11:10 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/09/30 03:11:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/09/26 23:36:32 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/26 23:36:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/26 22:16:37 | 000,052,566 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\nvModes.dat
[2012/09/26 22:03:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/09/24 20:52:42 | 000,002,631 | ---- | M] () -- C:\Users\Nina\Desktop\Microsoft Office Word 2007.lnk
========== Files Created - No Company Name ==========
[2012/10/02 18:08:54 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
[2012/10/02 17:55:27 | 225,073,224 | ---- | C] () -- C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
[2012/10/02 17:23:45 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/10/02 17:23:33 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/09/30 16:44:59 | 000,302,592 | ---- | C] () -- C:\Users\Nina\Desktop\soo9ymcb.exe
[2012/09/30 05:02:26 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/30 03:53:30 | 000,000,214 | ---- | C] () -- C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
[2012/09/30 03:11:10 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/09/30 02:01:17 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/30 01:58:29 | 000,001,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/26 23:36:32 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/02 15:32:02 | 000,006,656 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/03 07:17:09 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN
[2010/07/03 07:17:09 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJX.BIN
[2010/07/03 07:17:09 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN
[2010/07/03 07:17:09 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN
[2010/07/03 07:17:09 | 000,000,189 | ---- | C] () -- C:\Windows\System32\AP6RMKS.BIN
[2010/07/03 07:17:09 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN
[2010/07/03 07:15:45 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2010/07/03 07:15:45 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2010/07/03 07:15:36 | 000,606,208 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2010/07/03 07:15:36 | 000,311,296 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2010/07/03 07:15:36 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2010/07/03 07:15:36 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2010/07/03 07:15:36 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2010/07/03 07:15:36 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2010/07/03 07:15:36 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2010/02/22 18:39:28 | 000,035,541 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\nvModes.001
[2010/02/22 18:39:26 | 000,035,541 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\nvModes.dat
[2009/10/22 10:42:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 10:42:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/30 06:10:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/10/24 12:26:02 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/10/24 12:26:02 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/10/24 12:26:02 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/10/24 12:25:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/10/24 12:25:53 | 000,008,981 | ---- | C] () -- C:\Windows\HL-2030.INI
[2008/10/24 12:25:05 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/10/24 12:25:05 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2008/10/11 15:00:37 | 000,000,680 | ---- | C] () -- C:\Users\Nina\AppData\Local\d3d9caps.dat
[2008/08/19 21:01:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/20 22:01:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/03/13 05:52:12 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008/03/13 05:52:12 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2007/12/31 14:48:57 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/12/26 13:52:08 | 000,052,566 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\nvModes.001
[2007/12/25 11:47:44 | 000,052,566 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\nvModes.dat
[2007/12/25 07:49:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/12/25 05:52:45 | 000,000,546 | ---- | C] () -- C:\Windows\System32\ABF3Sc.DAT
[2007/12/23 17:22:18 | 000,099,328 | ---- | C] () -- C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/06 07:27:29 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2007/11/06 07:27:25 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/11/06 07:27:18 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2007/11/06 07:21:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2007/11/06 07:05:36 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/05/24 22:15:15 | 001,743,232 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/05/09 03:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/04/18 05:14:04 | 000,633,584 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007/04/18 05:14:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007/04/18 05:14:04 | 000,128,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007/04/18 05:14:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/04/18 05:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/04/18 04:33:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/04/16 15:31:38 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,380,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,600,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,018 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/08 22:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
========== LOP Check ==========
[2010/02/14 08:41:53 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Teleca
[2011/12/06 16:12:44 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\.minecraft
[2009/11/04 03:52:55 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Academic Software Zurich
[2012/10/02 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Acronis
[2011/12/11 07:27:08 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Audacity
[2009/10/31 05:55:29 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\DAEMON Tools Lite
[2011/07/10 10:12:46 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ScummVM
[2009/09/04 15:03:29 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Teleca
[2009/08/30 06:10:37 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Thunderbird
[2012/10/02 18:11:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2007/12/31 14:48:15 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2010/07/03 07:17:29 | 000,000,000 | ---D | M] -- C:\ProgramData\AVerTV
[2009/10/31 05:37:36 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/12/26 06:13:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Mindjet
[2007/11/06 07:10:24 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/09/03 11:57:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Teleca
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/04/28 08:37:55 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2007/11/06 06:12:40 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2010/02/28 06:39:32 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/10/10 02:21:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
|
|
16.10.2012, 16:45
| #25 |
| /// Malwareteam | Windows Vista - Infektion mit Sirefef, Sirefef.AB Hi Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
17.10.2012, 00:01
| #26 |
| | Windows Vista - Infektion mit Sirefef, Sirefef.AB Log gekürzt, volles Log im Anhang Code:
ATTFilter 11:39:47.0780 5256 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:39:48.0880 5256 ============================================================
11:39:48.0880 5256 Current date / time: 2012/10/17 11:39:48.0880
11:39:48.0880 5256 SystemInfo:
11:39:48.0880 5256
11:39:48.0880 5256 OS Version: 6.0.6002 ServicePack: 2.0
11:39:48.0881 5256 Product type: Workstation
11:39:48.0881 5256 ComputerName: NINA-PC
11:39:48.0881 5256 UserName: Nina
11:39:48.0881 5256 Windows directory: C:\Windows
11:39:48.0881 5256 System windows directory: C:\Windows
11:39:48.0881 5256 Processor architecture: Intel x86
11:39:48.0881 5256 Number of processors: 2
11:39:48.0881 5256 Page size: 0x1000
11:39:48.0881 5256 Boot type: Normal boot
11:39:48.0882 5256 ============================================================
11:39:49.0002 5256 BG loaded
11:39:49.0653 5256 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x3A38B, SectorsPerTrack: 0x20, TracksPerCylinder: 0x40, Type 'K0', Flags 0x00000050
11:39:49.0677 5256 Drive \Device\Harddisk1\DR2 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:39:49.0679 5256 ============================================================
11:39:49.0679 5256 \Device\Harddisk0\DR0:
11:39:49.0679 5256 MBR partitions:
11:39:49.0679 5256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0xE8E2800
11:39:49.0692 5256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF68F800, BlocksNum 0xDB35800
11:39:49.0693 5256 \Device\Harddisk1\DR2:
11:39:49.0694 5256 MBR partitions:
11:39:49.0694 5256 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E3BE0
11:39:49.0694 5256 ============================================================
11:39:49.0769 5256 C: <-> \Device\Harddisk0\DR0\Partition1
11:39:49.0859 5256 D: <-> \Device\Harddisk0\DR0\Partition2
11:39:49.0860 5256 ============================================================
11:39:49.0860 5256 Initialize success
11:39:49.0860 5256 ============================================================
11:39:59.0820 5872 ============================================================
11:39:59.0820 5872 Scan started
11:39:59.0821 5872 Mode: Manual; SigCheck; TDLFS;
11:39:59.0821 5872 ============================================================
11:40:04.0760 5872 ================ Scan system memory ========================
11:40:04.0761 5872 System memory - ok
11:40:04.0761 5872 ================ Scan services =============================
11:40:06.0098 5872 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
11:40:06.0386 5872 ACPI - ok
11:40:06.0847 5872 [ FE1E7BDA5639D5EC9BD575137D0C3516 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:40:07.0079 5872 AcrSch2Svc - ok
...
11:49:59.0250 4400 C:\Windows\System32\wsqmcons.exe - ok
11:49:59.0261 4400 [ 8A38B5E8493A9D103083B8620AC5F3A1 ] C:\Windows\System32\tdh.dll
11:49:59.0261 4400 C:\Windows\System32\tdh.dll - ok
11:49:59.0268 4400 [ 2A965923FE3D6D5119A770D9B40B1C16 ] C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe
11:49:59.0268 4400 C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe - ok
11:49:59.0272 4400 ============================================================
11:49:59.0272 4400 Scan finished
11:49:59.0272 4400 ============================================================
11:49:59.0287 3684 Detected object count: 11
11:49:59.0287 3684 Actual detected object count: 11
11:51:43.0665 3684 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0665 3684 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0665 3684 ASMMAP ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0665 3684 ASMMAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0668 3684 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0668 3684 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0670 3684 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0670 3684 AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0672 3684 AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0672 3684 AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0674 3684 AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0674 3684 AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0677 3684 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0678 3684 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0681 3684 ghaio ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0681 3684 ghaio ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0688 3684 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0688 3684 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0692 3684 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0692 3684 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0696 3684 spmgr ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0696 3684 spmgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
18.10.2012, 17:39
| #27 |
| /// the machine /// TB-Ausbilder    | Windows Vista - Infektion mit Sirefef, Sirefef.AB Hi, ich übernehme ab hier, da DerJazzer sehr beschäftigt ist im Moment. Beschreibe bitte was für Probleme noch mit dem System bestehen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.10.2012, 21:55
| #28 |
| | Windows Vista - Infektion mit Sirefef, Sirefef.AB Soweit ich erkennen kann, scheinen alle Anzeichen einer Infektion beseitigt zu sein. MSE läuft wieder. Windows update konnte wiederhergestellt werden. Jetzt bleibt noch die Firewall und das Sicherheitscenter. Die Firewall lässt sich mit Fehler 5 nicht mehr aktivieren, ebenso der Sicherheitscenterdienst. Leider habe ich keine passendes deutsches Windows Vista Home Pemium incl. SP2 Medium hier, um ein inplace Upgrade zu machen. |
|
19.10.2012, 16:26
| #29 |
| /// the machine /// TB-Ausbilder | Windows Vista - Infektion mit Sirefef, Sirefef.AB Downloade dir bitte Farbar's Service Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.10.2012, 01:35
| #30 |
| | Windows Vista - Infektion mit Sirefef, Sirefef.ABCode:
ATTFilter Farbar Service Scanner Version: 19-10-2012
Ran by Nina (administrator) on 20-10-2012 at 12:14:10
Running from "G:\"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-17 11:55] - [2012-06-02 13:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-07-29 13:05] - [2008-01-19 20:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
| Themen zu Windows Vista - Infektion mit Sirefef, Sirefef.AB |
| alarm, anleitung, befall, bild, datei, defekt, dienst, fehler, firewall, gmer, infektion, malwarebytes, nicht mehr, nichts, scan, scanner, sicherheitscenter, starten, system, tan, updates, vista, windows, windows vista, wirklich |
Linear-Darstellung
