Windows Vista - Infektion mit Sirefef, Sirefef.AB

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2012 01 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 08-10-2012 19:51:31
Running from G:\
Windows Vista (TM) Home Premium  Service Pack 1 (X86) OS Language: German Standard 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13789728 2009-07-01] (NVIDIA Corporation)
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955088 2012-06-28] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [403144 2012-06-28] (Acronis)
HKU\Florian\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-11] (Microsoft Corporation)
HKU\Nina\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Nina\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [821048 2012-06-28] (Acronis)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-10-02] (Acronis)
4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
4 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-05-15] ()
4 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
4 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation)
2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [123248 2006-12-29] ()
2 syncagentsrv; "C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5915352 2012-06-28] (Acronis)
4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

2 ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [11632 2007-02-05] ()
3 AtcL001; C:\Windows\System32\DRIVERS\atl01v32.sys [48128 2007-03-15] (Attansic Technology corporation.)
3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [569728 2010-05-06] (AVerMedia TECHNOLOGIES, Inc.)
2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [15216 2006-11-16] ()
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1743232 2007-05-25] ()
4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2009-10-31] (Duplex Secure Ltd.)
0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-10-02] (Acronis)
0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-10-02] (Acronis)
0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-10-02] (Acronis)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-08 08:52 - 2012-10-08 08:52 - 00000000 ____D C:\FRST
2012-10-02 23:12 - 2012-10-02 23:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Acronis
2012-10-02 23:10 - 2012-10-02 23:10 - 00775232 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-10-02 23:08 - 2012-10-02 23:08 - 00001011 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
2012-10-02 23:08 - 2012-10-02 23:08 - 00000000 ____D C:\Program Files\Acronis
2012-10-02 23:07 - 2012-10-02 23:10 - 00000000 ____D C:\Program Files\Common Files\Acronis
2012-10-02 22:55 - 2012-08-25 23:30 - 225073224 ____A C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
2012-10-02 12:33 - 2012-10-02 12:33 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-02 12:32 - 2010-04-26 23:04 - 00381816 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsExec.exe
2012-10-02 12:26 - 2012-10-02 12:26 - 00000422 ____A C:\Windows\BitsRepairTool.log
2012-10-02 11:56 - 2012-10-02 11:56 - 00000000 ____D C:\Users\Nina\Desktop\Neuer Ordner
2012-10-01 09:11 - 2012-10-01 09:11 - 00000000 ____D C:\Users\Nina\AppData\Local\{ECDEF87C-64BF-4661-B9CC-BF20B5C042C5}
2012-10-01 09:02 - 2012-10-01 09:02 - 00000020 ____A C:\Users\Nina\defogger_reenable
2012-10-01 06:56 - 2012-10-01 06:56 - 00000000 ____D C:\Users\Nina\AppData\Local\{A083496B-F28A-454E-ACD6-AE190C1B0283}
2012-10-01 01:01 - 2012-10-01 01:01 - 00060392 ____A C:\Users\Nina\Desktop\Extras.Txt
2012-10-01 00:57 - 2012-10-01 00:57 - 01379872 ____A C:\Users\Nina\Desktop\OTL.Txt
2012-09-30 23:07 - 2012-09-30 23:07 - 00000000 ____D C:\Users\Nina\AppData\Local\{3A09E88B-5581-46ED-9BC1-37B250087C21}
2012-09-30 21:44 - 2012-09-30 11:45 - 00602112 ____A (OldTimer Tools) C:\Users\Nina\Desktop\OTL.exe
2012-09-30 21:44 - 2012-09-30 11:45 - 00302592 ____A C:\Users\Nina\Desktop\soo9ymcb.exe
2012-09-30 10:04 - 2012-09-30 10:04 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Malwarebytes
2012-09-30 10:02 - 2012-09-30 10:02 - 00000913 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-09-30 10:02 - 2012-09-30 10:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-30 10:02 - 2012-09-07 05:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-30 08:53 - 2012-09-30 08:53 - 00000214 ____A C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
2012-09-30 08:11 - 2012-10-01 09:12 - 00000000 ____D C:\Program Files\Steam
2012-09-30 08:11 - 2012-09-30 23:08 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-09-30 08:11 - 2012-09-30 08:11 - 00000793 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-30 07:01 - 2012-10-02 12:44 - 00001912 ____A C:\Windows\epplauncher.mif
2012-09-30 06:58 - 2012-10-02 12:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-30 06:19 - 2012-09-30 06:20 - 00000000 ____D C:\Users\Nina\AppData\Local\{E6D7D3C0-3687-457D-8D8D-AF6830A285E0}
2012-09-29 10:22 - 2012-09-29 10:22 - 00000000 ____D C:\Users\Nina\AppData\Local\{20666CC0-4259-43A3-A916-C011F1229BFD}
2012-09-27 19:57 - 2012-09-27 19:57 - 00000000 ____D C:\Users\Nina\AppData\Local\{D21FCDC8-0591-4A39-A636-7040B1A90BC8}
2012-09-27 07:40 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-27 07:40 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-27 07:40 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-27 07:40 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-27 07:40 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-27 07:40 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-27 07:40 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-27 07:40 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-27 07:40 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-27 07:40 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-27 07:40 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-27 07:40 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-27 07:40 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-27 06:49 - 2012-09-27 06:49 - 00000000 ____D C:\Users\Nina\AppData\Local\{928279D6-6C89-49E1-8F47-762BC1025D61}
2012-09-27 04:36 - 2012-09-27 04:36 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-27 04:36 - 2012-09-27 04:36 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-09-27 02:57 - 2012-09-27 02:57 - 00000000 ____D C:\Users\Nina\AppData\Local\{8771A15B-7446-4500-82BD-7D9955761C20}
2012-09-25 23:16 - 2012-09-25 23:16 - 00000000 ____D C:\Users\Nina\AppData\Local\{75BAB726-26B3-489B-AB66-6C843DD63D67}
2012-09-25 01:44 - 2012-09-25 01:44 - 00000000 ____D C:\Users\Nina\AppData\Local\{8E93B501-DBF1-44CF-8D06-26E71FF5752E}
2012-09-22 11:01 - 2012-09-22 11:01 - 00000000 ____D C:\Users\Nina\AppData\Local\{6396CA56-3F9E-4835-A99D-8072AA846B38}
2012-09-19 11:42 - 2012-09-19 11:42 - 00000000 ____D C:\Users\Florian\AppData\Roaming\dvdcss
10508-02-27 20:36 - 2012-06-02 14:25 - 00000000 ____D C:\Users\Nina\Documents\NINA - Queen of Awesomeness and Antarctica
10508-02-27 20:35 - 2012-06-02 14:25 - 00000000 ____D C:\Users\Nina\Documents\Uni und Schule
10508-02-27 20:34 - 2012-06-07 10:19 - 00000000 ____D C:\Users\Nina\Documents\pics from NZ friends

==================== 3 Months Modified Files ==================

2012-10-08 07:48 - 2007-04-18 09:33 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-10-08 07:48 - 2006-11-02 14:01 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-08 07:48 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-08 07:47 - 2009-12-15 22:29 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-08 07:47 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-08 07:47 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-08 07:20 - 2009-12-15 22:29 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-07 22:45 - 2006-11-02 11:33 - 01458792 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-07 22:44 - 2007-11-06 10:54 - 01580696 ____A C:\Windows\WindowsUpdate.log
2012-10-07 20:55 - 2007-11-06 12:19 - 00059542 ____A C:\Windows\PFRO.log
2012-10-02 23:10 - 2012-10-02 23:10 - 00775232 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-10-02 23:08 - 2012-10-02 23:08 - 00001011 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
2012-10-02 12:54 - 2007-12-26 18:52 - 00052566 ____A C:\Users\Nina\AppData\Roaming\nvModes.001
2012-10-02 12:44 - 2012-09-30 07:01 - 00001912 ____A C:\Windows\epplauncher.mif
2012-10-02 12:33 - 2012-10-02 12:33 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-02 12:26 - 2012-10-02 12:26 - 00000422 ____A C:\Windows\BitsRepairTool.log
2012-10-01 09:02 - 2012-10-01 09:02 - 00000020 ____A C:\Users\Nina\defogger_reenable
2012-10-01 06:55 - 2007-11-06 12:21 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-10-01 01:01 - 2012-10-01 01:01 - 00060392 ____A C:\Users\Nina\Desktop\Extras.Txt
2012-10-01 00:57 - 2012-10-01 00:57 - 01379872 ____A C:\Users\Nina\Desktop\OTL.Txt
2012-09-30 11:45 - 2012-09-30 21:44 - 00602112 ____A (OldTimer Tools) C:\Users\Nina\Desktop\OTL.exe
2012-09-30 11:45 - 2012-09-30 21:44 - 00302592 ____A C:\Users\Nina\Desktop\soo9ymcb.exe
2012-09-30 10:02 - 2012-09-30 10:02 - 00000913 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-09-30 09:34 - 2010-02-22 23:39 - 00035541 ____A C:\Users\Florian\AppData\Roaming\nvModes.001
2012-09-30 08:53 - 2012-09-30 08:53 - 00000214 ____A C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
2012-09-30 08:11 - 2012-09-30 08:11 - 00000793 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-27 07:36 - 2006-11-02 11:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-27 04:36 - 2012-09-27 04:36 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-27 03:16 - 2007-12-25 16:47 - 00052566 ____A C:\Users\Nina\AppData\Roaming\nvModes.dat
2012-09-27 02:54 - 2006-11-02 13:52 - 00086153 ____A C:\Windows\setupact.log
2012-09-25 01:52 - 2007-11-06 11:11 - 00002631 ____A C:\Users\Nina\Desktop\Microsoft Office Word 2007.lnk
2012-09-19 11:39 - 2010-02-14 13:41 - 00102376 ____A C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-07 05:04 - 2012-09-30 10:02 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-30 10:03 - 2012-08-30 10:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 10:03 - 2012-03-20 08:44 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-25 23:30 - 2012-10-02 22:55 - 225073224 ____A C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
2012-08-24 08:27 - 2012-09-27 07:40 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 08:03 - 2012-09-27 07:40 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 07:59 - 2012-09-27 07:40 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 07:51 - 2012-09-27 07:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 07:51 - 2012-09-27 07:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 07:51 - 2012-09-27 07:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 07:49 - 2012-09-27 07:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 07:48 - 2012-09-27 07:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 07:45 - 2012-09-27 07:40 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 07:44 - 2012-09-27 07:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 07:44 - 2012-09-27 07:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 07:43 - 2012-09-27 07:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:40 - 2012-09-27 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-19 07:56 - 2006-11-02 13:47 - 00380544 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-22 18:34 - 2007-12-23 21:51 - 00102376 ____A C:\Users\Nina\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-12 17:15 - 2006-11-02 11:23 - 00000219 ____A C:\Windows\win.ini


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-10-07 22:04:23

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 2046.48 MB
Available physical RAM: 1642.89 MB
Total Pagefile: 1854.95 MB
Available Pagefile: 1711.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.94 MB

==================== Partitions =============================

1 Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:23.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:109.6 GB) (Free:31.07 GB) NTFS
4 Drive f: () (Removable) (Total:3.85 GB) (Free:0.73 GB) FAT32
5 Drive g: () (Removable) (Total:0.94 GB) (Free:0.65 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Datentr ###  Status      GrӇe    Frei     Dyn  GPT
  --------  ----------  -------  -------  ---  ---
       0    Online       233 GB      0 B         
       1    Online      3946 MB      0 B         
       2    Online       968 MB      0 B         



Last Boot: 2012-10-07 22:47

==================== End Of Log ============================