Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Sirefef / 0.access


  • This topic is locked This topic is locked
5 replies to this topic

#1 Arete

Arete

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:00 AM

Posted 10 July 2012 - 08:15 AM

My problem:
I noticed that something is creating traffic on my machine so i googled and installed Malwarebytes (before i didnt have any antivir-application installed), then i started a quick scan and it found 7 or 8 infected files. I deleted them all and rebooted. After reboot Malwarebytes always tells me that it blocks some suspicious connection attempt, apparently initiated by "Trojan.Sirefef". I did a quick scan again and it found something called "0.access". I deleted the files again and rebooted but it found them again. Malware also tells me every few minutes that it succesfully stopped some suspicious outgoing connection attempt. I did again and again and they are always there again. Im using Windows XP. Can anyone help me?

I would appreciate any help very much.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:00 AM

Posted 10 July 2012 - 08:58 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Arete

Arete
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:00 AM

Posted 10 July 2012 - 01:20 PM

Thanks for your reply!!! :)
Sorry that it took so long, my connection is very slow and avast crashed one time.
Here are the results (all except the TDSS done after a fresh reboot, I didnt cleanup with Malwarebytes before, I just put the Trojan.Sirefef in quarantine when Malwarebytes asked after reboot). I used the default settings, except for TDSS where you said i shall select TDLFS file system.
Edit: Btw I didnt delete or quarantine anything with your tools which wasnt done automatically since you didnt tell me to.





16:11:50.0140 2620 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
16:11:50.0656 2620 ============================================================
16:11:50.0656 2620 Current date / time: 2012/07/10 16:11:50.0656
16:11:50.0656 2620 SystemInfo:
16:11:50.0656 2620
16:11:50.0656 2620 OS Version: 5.1.2600 ServicePack: 3.0
16:11:50.0656 2620 Product type: Workstation
16:11:50.0656 2620 ComputerName: DELUXE-ZM4OXSJB
16:11:50.0656 2620 UserName: deluXe
16:11:50.0656 2620 Windows directory: C:\WINDOWS
16:11:50.0656 2620 System windows directory: C:\WINDOWS
16:11:50.0656 2620 Processor architecture: Intel x86
16:11:50.0656 2620 Number of processors: 3
16:11:50.0656 2620 Page size: 0x1000
16:11:50.0656 2620 Boot type: Normal boot
16:11:50.0656 2620 ============================================================
16:11:51.0781 2620 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:11:51.0781 2620 ============================================================
16:11:51.0781 2620 \Device\Harddisk0\DR0:
16:11:51.0781 2620 MBR partitions:
16:11:51.0781 2620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
16:11:51.0781 2620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x1869E559
16:11:51.0796 2620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249ED8A3, BlocksNum 0x4FD1425D
16:11:51.0796 2620 ============================================================
16:11:51.0812 2620 D: <-> \Device\Harddisk0\DR0\Partition1
16:11:51.0843 2620 E: <-> \Device\Harddisk0\DR0\Partition2
16:11:51.0875 2620 C: <-> \Device\Harddisk0\DR0\Partition0
16:11:51.0875 2620 ============================================================
16:11:51.0875 2620 Initialize success
16:11:51.0875 2620 ============================================================
16:12:24.0484 3504 ============================================================
16:12:24.0484 3504 Scan started
16:12:24.0484 3504 Mode: Manual; TDLFS;
16:12:24.0484 3504 ============================================================
16:12:25.0359 3504 Abiosdsk - ok
16:12:25.0359 3504 abp480n5 - ok
16:12:25.0375 3504 acedrv11 (da115c33158e4ed1cce74221f320b6b3) C:\WINDOWS\system32\drivers\acedrv11.sys
16:12:25.0375 3504 acedrv11 - ok
16:12:25.0406 3504 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:12:25.0406 3504 ACPI - ok
16:12:25.0421 3504 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:12:25.0421 3504 ACPIEC - ok
16:12:25.0421 3504 adpu160m - ok
16:12:25.0437 3504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:12:25.0437 3504 aec - ok
16:12:25.0468 3504 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
16:12:25.0468 3504 AFD - ok
16:12:25.0468 3504 Aha154x - ok
16:12:25.0468 3504 aic78u2 - ok
16:12:25.0468 3504 aic78xx - ok
16:12:25.0484 3504 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
16:12:25.0484 3504 Alerter - ok
16:12:25.0500 3504 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
16:12:25.0500 3504 ALG - ok
16:12:25.0500 3504 AliIde - ok
16:12:25.0578 3504 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
16:12:25.0593 3504 Ambfilt - ok
16:12:25.0609 3504 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
16:12:25.0609 3504 AmdPPM - ok
16:12:25.0609 3504 amsint - ok
16:12:25.0656 3504 AODDriver (5bd30b502168013c9ea03a5c2f1c9776) C:\Programme\GIGABYTE\ET6\i386\AODDriver.sys
16:12:25.0656 3504 AODDriver - ok
16:12:25.0656 3504 AppleCharger (75a8b998eb259dd512f01ea25bec7f3b) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys
16:12:25.0656 3504 AppleCharger - ok
16:12:25.0671 3504 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\WINDOWS\system32\AppleChargerSrv.exe
16:12:25.0671 3504 AppleChargerSrv - ok
16:12:25.0703 3504 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
16:12:25.0703 3504 AppMgmt - ok
16:12:25.0718 3504 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:12:25.0718 3504 Arp1394 - ok
16:12:25.0718 3504 asc - ok
16:12:25.0734 3504 asc3350p - ok
16:12:25.0734 3504 asc3550 - ok
16:12:25.0781 3504 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:12:25.0781 3504 aspnet_state - ok
16:12:25.0796 3504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:12:25.0796 3504 AsyncMac - ok
16:12:25.0812 3504 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:12:25.0812 3504 atapi - ok
16:12:25.0812 3504 Atdisk - ok
16:12:25.0859 3504 Ati HotKey Poller (7eeb8386f9ac3721edad9b21e5c2f2d4) C:\WINDOWS\system32\Ati2evxx.exe
16:12:25.0859 3504 Ati HotKey Poller - ok
16:12:26.0203 3504 ati2mtag (28f1b6ccd2e0a184da7d9f266bfeb267) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:12:26.0234 3504 ati2mtag - ok
16:12:26.0296 3504 AtiHDAudioService (f3c66593c93776a7614569137c74c724) C:\WINDOWS\system32\drivers\AtihdXP3.sys
16:12:26.0296 3504 AtiHDAudioService - ok
16:12:26.0312 3504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:12:26.0312 3504 Atmarpc - ok
16:12:26.0328 3504 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
16:12:26.0328 3504 AudioSrv - ok
16:12:26.0328 3504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:12:26.0328 3504 audstub - ok
16:12:26.0359 3504 BCUService (382b151daffe4a9ce9da9f564b66761e) C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
16:12:26.0375 3504 BCUService - ok
16:12:26.0375 3504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:12:26.0375 3504 Beep - ok
16:12:26.0406 3504 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\System32\qmgr.dll
16:12:26.0406 3504 BITS - ok
16:12:28.0453 3504 BMSPCLOC (3fc58578f4f7cb68d9bd7f64b3e69314) C:\DOKUME~1\deluXe\LOKALE~1\Temp\BMSPCLOC.sys
16:12:28.0484 3504 BMSPCLOC - ok
16:12:28.0546 3504 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
16:12:28.0546 3504 Browser - ok
16:12:28.0562 3504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:12:28.0562 3504 cbidf2k - ok
16:12:28.0578 3504 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:12:28.0578 3504 CCDECODE - ok
16:12:28.0578 3504 cd20xrnt - ok
16:12:28.0593 3504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:12:28.0593 3504 Cdaudio - ok
16:12:28.0625 3504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:12:28.0625 3504 Cdfs - ok
16:12:28.0625 3504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:12:28.0625 3504 Cdrom - ok
16:12:28.0640 3504 Changer - ok
16:12:28.0656 3504 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
16:12:28.0656 3504 CiSvc - ok
16:12:28.0656 3504 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
16:12:28.0656 3504 ClipSrv - ok
16:12:28.0703 3504 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:12:28.0703 3504 clr_optimization_v2.0.50727_32 - ok
16:12:28.0750 3504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:12:28.0750 3504 clr_optimization_v4.0.30319_32 - ok
16:12:28.0765 3504 CmdIde - ok
16:12:28.0781 3504 COMSysApp - ok
16:12:28.0796 3504 Cpqarray - ok
16:12:28.0796 3504 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
16:12:28.0812 3504 CryptSvc - ok
16:12:28.0812 3504 dac2w2k - ok
16:12:28.0812 3504 dac960nt - ok
16:12:28.0859 3504 DcomLaunch (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll
16:12:28.0859 3504 DcomLaunch - ok
16:12:28.0875 3504 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
16:12:28.0875 3504 Dhcp - ok
16:12:28.0890 3504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:12:28.0890 3504 Disk - ok
16:12:28.0890 3504 dmadmin - ok
16:12:28.0921 3504 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:12:28.0937 3504 dmboot - ok
16:12:28.0937 3504 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:12:28.0937 3504 dmio - ok
16:12:28.0953 3504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:12:28.0953 3504 dmload - ok
16:12:28.0953 3504 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
16:12:28.0953 3504 dmserver - ok
16:12:28.0953 3504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:12:28.0953 3504 DMusic - ok
16:12:28.0953 3504 Dnscache (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll
16:12:28.0953 3504 Dnscache - ok
16:12:28.0984 3504 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
16:12:28.0984 3504 Dot3svc - ok
16:12:29.0000 3504 dpti2o - ok
16:12:29.0000 3504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:12:29.0000 3504 drmkaud - ok
16:12:29.0031 3504 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
16:12:29.0031 3504 dtsoftbus01 - ok
16:12:29.0046 3504 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
16:12:29.0046 3504 EapHost - ok
16:12:29.0062 3504 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
16:12:29.0062 3504 ERSvc - ok
16:12:29.0093 3504 ES lite Service (b8fa96995726d1fa58476e352c02ad82) C:\Programme\Gigabyte\EasySaver\ESSVR.EXE
16:12:29.0093 3504 ES lite Service - ok
16:12:29.0109 3504 etdrv (3af0ae042afe486b22644cd3fbebf2e2) C:\WINDOWS\etdrv.sys
16:12:29.0109 3504 etdrv - ok
16:12:29.0140 3504 Eventlog (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe
16:12:29.0156 3504 Eventlog - ok
16:12:29.0171 3504 EventSystem (0f3edaee1ef97cf3db2be23a7289b78c) C:\WINDOWS\System32\es.dll
16:12:29.0171 3504 EventSystem - ok
16:12:29.0187 3504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:12:29.0187 3504 Fastfat - ok
16:12:29.0203 3504 FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
16:12:29.0203 3504 FastUserSwitchingCompatibility - ok
16:12:29.0218 3504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:12:29.0218 3504 Fdc - ok
16:12:29.0218 3504 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:12:29.0218 3504 Fips - ok
16:12:29.0234 3504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:12:29.0234 3504 Flpydisk - ok
16:12:29.0250 3504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:12:29.0250 3504 FltMgr - ok
16:12:29.0265 3504 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:12:29.0265 3504 FontCache3.0.0.0 - ok
16:12:29.0281 3504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:12:29.0281 3504 Fs_Rec - ok
16:12:29.0296 3504 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:12:29.0296 3504 Ftdisk - ok
16:12:31.0265 3504 fusbstor (3fc58578f4f7cb68d9bd7f64b3e69314) C:\DOKUME~1\deluXe\LOKALE~1\Temp\fusbstor.sys
16:12:31.0312 3504 fusbstor - ok
16:12:31.0328 3504 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
16:12:31.0328 3504 gdrv - ok
16:12:31.0375 3504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:12:31.0375 3504 Gpc - ok
16:12:31.0406 3504 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
16:12:31.0406 3504 gupdate - ok
16:12:31.0421 3504 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
16:12:31.0421 3504 gupdatem - ok
16:12:31.0453 3504 GVTDrv (689a8eef2a2d62b28a0a578a6196531c) C:\WINDOWS\system32\Drivers\GVTDrv.sys
16:12:31.0453 3504 GVTDrv - ok
16:12:31.0484 3504 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:12:31.0484 3504 HDAudBus - ok
16:12:31.0515 3504 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:12:31.0515 3504 helpsvc - ok
16:12:31.0515 3504 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
16:12:31.0531 3504 HidServ - ok
16:12:31.0546 3504 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:12:31.0546 3504 hidusb - ok
16:12:31.0562 3504 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
16:12:31.0562 3504 hkmsvc - ok
16:12:31.0578 3504 hpn - ok
16:12:31.0609 3504 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:12:31.0609 3504 HPZid412 - ok
16:12:31.0609 3504 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:12:31.0609 3504 HPZipr12 - ok
16:12:31.0625 3504 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:12:31.0625 3504 HPZius12 - ok
16:12:31.0640 3504 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
16:12:31.0640 3504 HTTP - ok
16:12:31.0656 3504 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
16:12:31.0656 3504 HTTPFilter - ok
16:12:31.0656 3504 i2omgmt - ok
16:12:31.0656 3504 i2omp - ok
16:12:31.0671 3504 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:12:31.0671 3504 i8042prt - ok
16:12:31.0703 3504 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:12:31.0703 3504 IDriverT - ok
16:12:31.0781 3504 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:12:31.0781 3504 idsvc - ok
16:12:31.0812 3504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:12:31.0812 3504 Imapi - ok
16:12:31.0828 3504 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
16:12:31.0828 3504 ImapiService - ok
16:12:31.0828 3504 ini910u - ok
16:12:32.0109 3504 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:12:32.0125 3504 IntcAzAudAddService - ok
16:12:32.0171 3504 IntelIde - ok
16:12:32.0187 3504 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:12:32.0187 3504 ip6fw - ok
16:12:32.0203 3504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:12:32.0203 3504 IpFilterDriver - ok
16:12:32.0203 3504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:12:32.0203 3504 IpInIp - ok
16:12:32.0218 3504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:12:32.0218 3504 IpNat - ok
16:12:32.0218 3504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:12:32.0218 3504 IPSec - ok
16:12:35.0390 3504 iraspptp (3fc58578f4f7cb68d9bd7f64b3e69314) C:\DOKUME~1\deluXe\LOKALE~1\Temp\iraspptp.sys
16:12:35.0406 3504 iraspptp - ok
16:12:35.0562 3504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:12:35.0562 3504 IRENUM - ok
16:12:35.0578 3504 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:12:35.0578 3504 isapnp - ok
16:12:35.0609 3504 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
16:12:35.0609 3504 JavaQuickStarterService - ok
16:12:37.0625 3504 jftdisk (3fc58578f4f7cb68d9bd7f64b3e69314) C:\DOKUME~1\deluXe\LOKALE~1\Temp\jftdisk.sys
16:12:37.0625 3504 jftdisk - ok
16:12:37.0796 3504 JRAID (6242e8dd2e43e8a0dda517d62c9680e6) C:\WINDOWS\system32\DRIVERS\jraid.sys
16:12:37.0796 3504 JRAID - ok
16:12:37.0828 3504 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:12:37.0828 3504 Kbdclass - ok
16:12:37.0828 3504 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:12:37.0828 3504 kbdhid - ok
16:12:37.0859 3504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:12:37.0859 3504 kmixer - ok
16:12:37.0859 3504 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
16:12:37.0859 3504 KSecDD - ok
16:12:37.0875 3504 lanmanserver (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
16:12:37.0875 3504 lanmanserver - ok
16:12:37.0890 3504 lanmanworkstation (c0db1e9367681ecd7ecca9615c1d0f9b) C:\WINDOWS\System32\wkssvc.dll
16:12:37.0890 3504 lanmanworkstation - ok
16:12:37.0890 3504 lbrtfdc - ok
16:12:37.0906 3504 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
16:12:37.0921 3504 LmHosts - ok
16:12:37.0937 3504 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
16:12:37.0937 3504 mbamchameleon - ok
16:12:37.0953 3504 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
16:12:37.0953 3504 MBAMProtector - ok
16:12:38.0015 3504 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
16:12:38.0015 3504 MBAMService - ok
16:12:38.0046 3504 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
16:12:38.0046 3504 MBAMSwissArmy - ok
16:12:38.0062 3504 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
16:12:38.0062 3504 Messenger - ok
16:12:38.0062 3504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:12:38.0062 3504 mnmdd - ok
16:12:38.0078 3504 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
16:12:38.0078 3504 mnmsrvc - ok
16:12:38.0093 3504 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:12:38.0093 3504 Modem - ok
16:12:38.0156 3504 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
16:12:38.0171 3504 Monfilt - ok
16:12:38.0171 3504 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:12:38.0171 3504 Mouclass - ok
16:12:38.0187 3504 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:12:38.0187 3504 mouhid - ok
16:12:38.0203 3504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:12:38.0203 3504 MountMgr - ok
16:12:38.0234 3504 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
16:12:38.0234 3504 MozillaMaintenance - ok
16:12:38.0234 3504 mraid35x - ok
16:12:38.0265 3504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:12:38.0265 3504 MRxDAV - ok
16:12:38.0312 3504 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:12:38.0312 3504 MRxSmb - ok
16:12:38.0343 3504 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Programme\Microsoft LifeCam\MSCamS32.exe
16:12:38.0343 3504 MSCamSvc - ok
16:12:38.0359 3504 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
16:12:38.0359 3504 MSDTC - ok
16:12:38.0375 3504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:12:38.0375 3504 Msfs - ok
16:12:38.0390 3504 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
16:12:38.0390 3504 MSHUSBVideo - ok
16:12:38.0390 3504 MSIServer - ok
16:12:38.0406 3504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:12:38.0406 3504 MSKSSRV - ok
16:12:38.0406 3504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:12:38.0406 3504 MSPCLOCK - ok
16:12:38.0421 3504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:12:38.0421 3504 MSPQM - ok
16:12:38.0437 3504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:12:38.0437 3504 mssmbios - ok
16:12:38.0437 3504 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:12:38.0437 3504 MSTEE - ok
16:12:38.0453 3504 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:12:38.0453 3504 Mup - ok
16:12:38.0468 3504 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:12:38.0468 3504 NABTSFEC - ok
16:12:38.0484 3504 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
16:12:38.0500 3504 napagent - ok
16:12:38.0500 3504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:12:38.0500 3504 NDIS - ok
16:12:38.0515 3504 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:12:38.0515 3504 NdisIP - ok
16:12:38.0515 3504 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:12:38.0531 3504 NdisTapi - ok
16:12:38.0531 3504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:12:38.0531 3504 Ndisuio - ok
16:12:38.0546 3504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:12:38.0562 3504 NdisWan - ok
16:12:38.0562 3504 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:12:38.0562 3504 NDProxy - ok
16:12:38.0578 3504 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:12:38.0578 3504 NetBIOS - ok
16:12:38.0640 3504 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:12:38.0640 3504 NetBT - ok
16:12:38.0656 3504 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:12:38.0656 3504 NetDDE - ok
16:12:38.0656 3504 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:12:38.0656 3504 NetDDEdsdm - ok
16:12:38.0671 3504 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
16:12:38.0671 3504 Netlogon - ok
16:12:38.0687 3504 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
16:12:38.0687 3504 Netman - ok
16:12:38.0718 3504 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:12:38.0718 3504 NetTcpPortSharing - ok
16:12:38.0734 3504 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:12:38.0734 3504 NIC1394 - ok
16:12:38.0750 3504 Nla (f12b9d9a069331877d006cc81b4735f9) C:\WINDOWS\System32\mswsock.dll
16:12:38.0750 3504 Nla - ok
16:12:38.0796 3504 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\4ppz\CDBurnerXP\NMSAccessU.exe
16:12:38.0812 3504 NMSAccess - ok
16:12:38.0812 3504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:12:38.0812 3504 Npfs - ok
16:12:38.0843 3504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:12:38.0843 3504 Ntfs - ok
16:12:38.0843 3504 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
16:12:38.0843 3504 NtLmSsp - ok
16:12:38.0890 3504 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
16:12:38.0890 3504 NtmsSvc - ok
16:12:38.0906 3504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:12:38.0906 3504 Null - ok
16:12:38.0921 3504 nusb3hub (68c890ddb21028cb1ea5551b47b29e1b) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
16:12:38.0921 3504 nusb3hub - ok
16:12:38.0953 3504 nusb3xhc (2cf970c1a9e05d3b91039c2dd4471c0e) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
16:12:38.0953 3504 nusb3xhc - ok
16:12:38.0968 3504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:12:38.0968 3504 NwlnkFlt - ok
16:12:38.0984 3504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:12:38.0984 3504 NwlnkFwd - ok
16:12:38.0984 3504 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:12:38.0984 3504 ohci1394 - ok
16:12:39.0093 3504 OODefragAgent (a696d9a45009fb110922fb1a53002fac) C:\Programme\4ppz\OO Defrag\oodag.exe
16:12:39.0109 3504 OODefragAgent - ok
16:12:39.0156 3504 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
16:12:39.0156 3504 Parport - ok
16:12:39.0156 3504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:12:39.0156 3504 PartMgr - ok
16:12:39.0171 3504 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:12:39.0171 3504 ParVdm - ok
16:12:39.0171 3504 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:12:39.0171 3504 PCI - ok
16:12:39.0171 3504 PCIDump - ok
16:12:39.0187 3504 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:12:39.0187 3504 PCIIde - ok
16:12:39.0203 3504 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:12:39.0203 3504 Pcmcia - ok
16:12:39.0218 3504 PDCOMP - ok
16:12:39.0218 3504 PDFRAME - ok
16:12:39.0234 3504 PDRELI - ok
16:12:39.0250 3504 PDRFRAME - ok
16:12:39.0265 3504 perc2 - ok
16:12:39.0265 3504 perc2hib - ok
16:12:39.0328 3504 PlugPlay (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe
16:12:39.0328 3504 PlugPlay - ok
16:12:39.0343 3504 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
16:12:39.0343 3504 Pml Driver HPZ12 - ok
16:12:39.0375 3504 PnkBstrA (681da309716aeb98bc901d7a0458d931) C:\WINDOWS\system32\PnkBstrA.exe
16:12:39.0375 3504 PnkBstrA - ok
16:12:39.0390 3504 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
16:12:39.0390 3504 PolicyAgent - ok
16:12:39.0390 3504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:12:39.0390 3504 PptpMiniport - ok
16:12:39.0390 3504 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
16:12:39.0406 3504 Processor - ok
16:12:39.0421 3504 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
16:12:39.0421 3504 prodrv06 - ok
16:12:39.0437 3504 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
16:12:39.0437 3504 prohlp02 - ok
16:12:39.0437 3504 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
16:12:39.0437 3504 prosync1 - ok
16:12:39.0437 3504 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:12:39.0437 3504 ProtectedStorage - ok
16:12:39.0453 3504 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:12:39.0453 3504 PSched - ok
16:12:39.0453 3504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:12:39.0453 3504 Ptilink - ok
16:12:39.0453 3504 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:12:39.0453 3504 PxHelp20 - ok
16:12:39.0453 3504 ql1080 - ok
16:12:39.0453 3504 Ql10wnt - ok
16:12:39.0468 3504 ql12160 - ok
16:12:39.0468 3504 ql1240 - ok
16:12:39.0468 3504 ql1280 - ok
16:12:39.0484 3504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:12:39.0484 3504 RasAcd - ok
16:12:39.0500 3504 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
16:12:39.0500 3504 RasAuto - ok
16:12:39.0500 3504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:12:39.0500 3504 Rasl2tp - ok
16:12:39.0515 3504 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
16:12:39.0515 3504 RasMan - ok
16:12:39.0515 3504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:12:39.0531 3504 RasPppoe - ok
16:12:39.0531 3504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:12:39.0531 3504 Raspti - ok
16:12:39.0562 3504 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:12:39.0562 3504 Rdbss - ok
16:12:39.0578 3504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:12:39.0578 3504 RDPCDD - ok
16:12:39.0593 3504 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:12:39.0609 3504 rdpdr - ok
16:12:39.0625 3504 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:12:39.0640 3504 RDPWD - ok
16:12:39.0656 3504 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
16:12:39.0671 3504 RDSessMgr - ok
16:12:39.0687 3504 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:12:39.0687 3504 redbook - ok
16:12:39.0703 3504 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
16:12:39.0703 3504 RemoteAccess - ok
16:12:39.0734 3504 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
16:12:39.0734 3504 RemoteRegistry - ok
16:12:39.0750 3504 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
16:12:39.0750 3504 RpcLocator - ok
16:12:39.0781 3504 RpcSs (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll
16:12:39.0781 3504 RpcSs - ok
16:12:39.0796 3504 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
16:12:39.0796 3504 RSVP - ok
16:12:39.0984 3504 RTHDMIAzAudService (3a5d16604e1744964e08432354c489a3) C:\WINDOWS\system32\drivers\RtKHDMI.sys
16:12:40.0000 3504 RTHDMIAzAudService - ok
16:12:40.0078 3504 RTLE8023xp (c48e7bbc6a17a0676079e11a13e82549) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:12:40.0078 3504 RTLE8023xp - ok
16:12:40.0093 3504 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:12:40.0109 3504 SamSs - ok
16:12:40.0125 3504 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
16:12:40.0125 3504 SCardSvr - ok
16:12:40.0140 3504 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
16:12:40.0140 3504 Schedule - ok
16:12:40.0171 3504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:12:40.0171 3504 Secdrv - ok
16:12:40.0171 3504 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
16:12:40.0171 3504 seclogon - ok
16:12:40.0171 3504 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
16:12:40.0171 3504 SENS - ok
16:12:40.0171 3504 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:12:40.0171 3504 serenum - ok
16:12:40.0171 3504 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
16:12:40.0187 3504 Serial - ok
16:12:40.0203 3504 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
16:12:40.0203 3504 sfhlp01 - ok
16:12:40.0203 3504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:12:40.0218 3504 Sfloppy - ok
16:12:40.0218 3504 ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
16:12:40.0218 3504 ShellHWDetection - ok
16:12:40.0234 3504 Simbad - ok
16:12:40.0281 3504 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Programme\Skype\Updater\Updater.exe
16:12:40.0281 3504 SkypeUpdate - ok
16:12:40.0296 3504 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:12:40.0296 3504 SLIP - ok
16:12:40.0296 3504 Sparrow - ok
16:12:40.0328 3504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:12:40.0328 3504 splitter - ok
16:12:40.0328 3504 Spooler (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe
16:12:40.0328 3504 Spooler - ok
16:12:40.0343 3504 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:12:40.0343 3504 sr - ok
16:12:40.0343 3504 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
16:12:40.0343 3504 srservice - ok
16:12:40.0359 3504 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
16:12:40.0359 3504 Srv - ok
16:12:40.0375 3504 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
16:12:40.0375 3504 SSDPSRV - ok
16:12:40.0406 3504 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
16:12:40.0406 3504 StarOpen - ok
16:12:40.0421 3504 Steam Client Service - ok
16:12:40.0453 3504 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
16:12:40.0453 3504 stisvc - ok
16:12:40.0468 3504 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:12:40.0468 3504 streamip - ok
16:12:40.0484 3504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:12:40.0484 3504 swenum - ok
16:12:40.0500 3504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:12:40.0500 3504 swmidi - ok
16:12:40.0515 3504 SwPrv - ok
16:12:40.0531 3504 symc810 - ok
16:12:40.0546 3504 symc8xx - ok
16:12:40.0562 3504 sym_hi - ok
16:12:40.0562 3504 sym_u3 - ok
16:12:40.0578 3504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:12:40.0578 3504 sysaudio - ok
16:12:40.0593 3504 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
16:12:40.0609 3504 SysmonLog - ok
16:12:40.0640 3504 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
16:12:40.0640 3504 TapiSrv - ok
16:12:40.0671 3504 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:12:40.0671 3504 Tcpip - ok
16:12:40.0687 3504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:12:40.0687 3504 TDPIPE - ok
16:12:40.0687 3504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:12:40.0687 3504 TDTCP - ok
16:12:40.0703 3504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:12:40.0703 3504 TermDD - ok
16:12:40.0718 3504 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
16:12:40.0718 3504 TermService - ok
16:12:40.0734 3504 Themes (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
16:12:40.0734 3504 Themes - ok
16:12:40.0765 3504 thsu (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\nbqcbty.sys
16:12:40.0765 3504 thsu - ok
16:12:40.0781 3504 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
16:12:40.0781 3504 TlntSvr - ok
16:12:40.0781 3504 TosIde - ok
16:12:40.0781 3504 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
16:12:40.0796 3504 TrkWks - ok
16:12:40.0796 3504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:12:40.0796 3504 Udfs - ok
16:12:40.0796 3504 ultra - ok
16:12:40.0828 3504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:12:40.0828 3504 Update - ok
16:12:40.0843 3504 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
16:12:40.0859 3504 upnphost - ok
16:12:40.0875 3504 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
16:12:40.0875 3504 UPS - ok
16:12:40.0906 3504 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:12:40.0906 3504 usbaudio - ok
16:12:40.0921 3504 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:12:40.0921 3504 usbccgp - ok
16:12:40.0937 3504 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:12:40.0937 3504 usbehci - ok
16:12:40.0953 3504 usbfilter (e5b14557793164db879ee56f5b59c3e2) C:\WINDOWS\system32\DRIVERS\usbfilter.sys
16:12:40.0953 3504 usbfilter - ok
16:12:40.0984 3504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:12:40.0984 3504 usbhub - ok
16:12:40.0984 3504 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:12:40.0984 3504 usbohci - ok
16:12:41.0015 3504 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:12:41.0015 3504 usbprint - ok
16:12:41.0031 3504 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:12:41.0031 3504 usbscan - ok
16:12:41.0031 3504 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:12:41.0031 3504 USBSTOR - ok
16:12:41.0046 3504 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:12:41.0046 3504 usbvideo - ok
16:12:41.0046 3504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:12:41.0046 3504 VgaSave - ok
16:12:41.0062 3504 ViaIde - ok
16:12:41.0078 3504 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:12:41.0078 3504 VolSnap - ok
16:12:41.0109 3504 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
16:12:41.0109 3504 VSS - ok
16:12:41.0125 3504 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
16:12:41.0125 3504 W32Time - ok
16:12:41.0140 3504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:12:41.0140 3504 Wanarp - ok
16:12:41.0140 3504 WDICA - ok
16:12:41.0156 3504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:12:41.0156 3504 wdmaud - ok
16:12:41.0171 3504 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
16:12:41.0171 3504 WebClient - ok
16:12:41.0218 3504 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:12:41.0218 3504 winmgmt - ok
16:12:41.0343 3504 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:12:41.0359 3504 wlidsvc - ok
16:12:41.0421 3504 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:12:41.0421 3504 WmdmPmSN - ok
16:12:41.0453 3504 Wmi (53e1ccf332a2f40b5e08476921cd8b44) C:\WINDOWS\System32\advapi32.dll
16:12:41.0453 3504 Wmi - ok
16:12:41.0468 3504 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:12:41.0468 3504 WmiAcpi - ok
16:12:41.0484 3504 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:12:41.0484 3504 WmiApSrv - ok
16:12:41.0562 3504 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:12:41.0562 3504 WPFFontCache_v0400 - ok
16:12:41.0578 3504 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:12:41.0578 3504 WSTCODEC - ok
16:12:41.0593 3504 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\System32\wuauserv.dll
16:12:41.0593 3504 wuauserv - ok
16:12:41.0609 3504 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:12:41.0609 3504 WudfPf - ok
16:12:41.0625 3504 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:12:41.0625 3504 WudfRd - ok
16:12:41.0640 3504 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:12:41.0640 3504 WudfSvc - ok
16:12:41.0671 3504 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
16:12:41.0671 3504 WZCSVC - ok
16:12:41.0703 3504 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
16:12:41.0718 3504 xmlprov - ok
16:12:41.0750 3504 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
16:12:42.0125 3504 \Device\Harddisk0\DR0 - ok
16:12:42.0125 3504 Boot (0x1200) (817d4f027e5b48e39bfb29925bf96dd3) \Device\Harddisk0\DR0\Partition0
16:12:42.0125 3504 \Device\Harddisk0\DR0\Partition0 - ok
16:12:42.0140 3504 Boot (0x1200) (0e94f871ecd77fc392e26c4532ecedb4) \Device\Harddisk0\DR0\Partition1
16:12:42.0140 3504 \Device\Harddisk0\DR0\Partition1 - ok
16:12:42.0156 3504 Boot (0x1200) (ede602b1a4f1e13eb344d429592daf27) \Device\Harddisk0\DR0\Partition2
16:12:42.0156 3504 \Device\Harddisk0\DR0\Partition2 - ok
16:12:42.0156 3504 ============================================================
16:12:42.0156 3504 Scan finished
16:12:42.0156 3504 ============================================================
16:12:42.0187 1120 Detected object count: 0
16:12:42.0187 1120 Actual detected object count: 0
16:13:28.0984 2052 Deinitialize success











aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 17:07:48
-----------------------------
17:07:48.546 OS Version: Windows 5.1.2600 Service Pack 3
17:07:48.546 Number of processors: 3 586 0x402
17:07:48.546 ComputerName: DELUXE-ZM4OXSJB UserName: deluXe
17:07:48.843 Initialize success
17:07:56.859 AVAST engine defs: 12071000
17:08:02.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
17:08:02.562 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953868MB BusType: 3
17:08:02.562 Disk 0 MBR read successfully
17:08:02.562 Disk 0 MBR scan
17:08:02.593 Disk 0 Windows XP default MBR code
17:08:02.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
17:08:02.609 Disk 0 Partition - 00 0F Extended LBA 853861 MB offset 204796620
17:08:02.609 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199996 MB offset 204796683
17:08:02.625 Disk 0 Partition - 00 05 Extended 653864 MB offset 614389860
17:08:02.625 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 653864 MB offset 614389923
17:08:02.625 Disk 0 scanning sectors +1953504000
17:08:02.687 Disk 0 scanning C:\WINDOWS\system32\drivers
17:08:06.875 Service scanning
17:08:16.359 Modules scanning
17:08:18.625 Disk 0 trace - called modules:
17:08:18.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS
17:08:18.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a693ab8]
17:08:18.640 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a6726b0]
17:08:18.640 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8a695d98]
17:08:18.640 \Driver\atapi[0x8a67c518] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xba5b06c1]
17:08:19.156 AVAST engine scan C:\WINDOWS
17:08:21.984 AVAST engine scan C:\WINDOWS\system32
17:09:15.203 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:09:44.734 AVAST engine scan C:\WINDOWS\system32\drivers
17:09:51.359 AVAST engine scan C:\Dokumente und Einstellungen\deluXe
17:43:52.890 File: C:\Dokumente und Einstellungen\deluXe\Lokale Einstellungen\Anwendungsdaten\{0dbacd2f-b21e-f05d-acf8-bed44b3b6162}\U\000000cb.@ **INFECTED** Win32:Malware-gen
17:43:52.968 File: C:\Dokumente und Einstellungen\deluXe\Lokale Einstellungen\Anwendungsdaten\{0dbacd2f-b21e-f05d-acf8-bed44b3b6162}\U\80000000.@ **INFECTED** Win64:Sirefef-A [Trj]
17:43:53.062 File: C:\Dokumente und Einstellungen\deluXe\Lokale Einstellungen\Anwendungsdaten\{0dbacd2f-b21e-f05d-acf8-bed44b3b6162}\U\80000032.@ **INFECTED** Win32:Atraps-PF [Trj]
17:59:32.500 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:05:33.609 Scan finished successfully
18:08:47.734 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\deluXe\Desktop\MBR.dat"
18:08:47.734 The log file has been saved successfully to "C:\Dokumente und Einstellungen\deluXe\Desktop\aswMBR.txt"










C:\Dokumente und Einstellungen\deluXe\Lokale Einstellungen\Anwendungsdaten\{0dbacd2f-b21e-f05d-acf8-bed44b3b6162}\n Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\Dokumente und Einstellungen\deluXe\Lokale Einstellungen\Anwendungsdaten\{0dbacd2f-b21e-f05d-acf8-bed44b3b6162}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Dokumente und Einstellungen\deluXe\Lokale Einstellungen\Anwendungsdaten\{0dbacd2f-b21e-f05d-acf8-bed44b3b6162}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Dokumente und Einstellungen\deluXe\Lokale Einstellungen\Temp\NODC9F5.tmp Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6J01S9MR\field[1].swf SWF/Exploit.Blacole.AG trojan cleaned by deleting - quarantined
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\89CLW38Z\spn[1].jar Java/Exploit.CVE-2012-0507.CS trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{0dbacd2f-b21e-f05d-acf8-bed44b3b6162}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory multiple threats

Edited by Arete, 10 July 2012 - 01:24 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:00 AM

Posted 10 July 2012 - 01:51 PM

We need advanced tools here

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 Arete

Arete
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:00 AM

Posted 10 July 2012 - 02:53 PM

sounds serious, maybe i should just format :(
thanks for your efforts anyway!! :)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:00 AM

Posted 10 July 2012 - 07:29 PM

Your decision as to what action to take should be made by reading and asking yourself the questions presented in "When Should I Format, How Should I Reinstall?" In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.


Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.


Should you choose to not disinfect ,please send me a Personal Message so I can close the other post also rather than have our techs analyze and work a fix for a machine that has been formatted,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users