| |
| |||||||
Log-Analyse und Auswertung: Win7 GVU Trojaner / abges. Modus geht nicht / frst64 scan liegt vorWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.07.2013, 16:22
| #1 |
| |  Win7 GVU Trojaner / abges. Modus geht nicht / frst64 scan liegt vor Moin liebes Team von Trojaner-Board, auch mein laptop (win7) hat sich den GVU-Trojaner eingefangen. abgesicherter modus geht nicht, habe über einen zweitrechner frst64 auf USB gezogen und den scan laufen lassen, das log hängt dem posting an. wäre klasse, wenn ihr auch mir helfen könntet, das übersteigt sonst meine fähigkeiten! schoonmal ganz vielen dank im voraus, hier das log vom scan: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 02
Ran by SYSTEM on 16-07-2013 17:08:14
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10372368 2011-07-12] (Intel Corporation)
HKLM\...\Run: [Apoint] - %ProgramFiles%\Apoint\Apoint.exe [226672 2011-06-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] - C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [IntelliPoint] - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Ocs_SM] - C:\Users\NCSS\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-02-20] (OCS)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\NCSS\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-21] (Google Inc.)
HKU\NCSS\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia)
HKU\NCSS\...\Winlogon: [Shell] explorer.exe,C:\Users\NCSS\AppData\Roaming\skype.dat [70144 2011-11-17] () <==== ATTENTION
Startup: C:\Users\NCSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\NCSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-10] (Avira Operations GmbH & Co. KG)
S2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
S2 GobiQDLService; C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [318464 2011-03-04] (HUAWEI Technologies Co., Ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259512 2011-07-22] (Sony Corporation)
S2 SearchAnonymizer; C:\Users\NCSS\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-02-20] ()
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [342984 2011-03-09] ()
==================== Drivers (Whitelisted) ====================
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-10] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-10] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
S3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
S3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
S3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 0D28CD1E31B59D73F10BD8144C0762B3
C:\Windows\System32\DRIVERS\atikmpag.sys 66D5254B0DA7400CC7E26DC9BBD8E90E
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\AMPPAL.sys 9921E78BC29634235F4BF5809E7E8CDE
C:\Windows\System32\DRIVERS\amppal.sys 9921E78BC29634235F4BF5809E7E8CDE
C:\Windows\System32\DRIVERS\Apfiltr.sys 9DC1A45BA81C923DB68A162B0F0D0149
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Windows\System32\DRIVERS\ATSwpWDF.sys 26970F26EBAB7D5D1B795A3F9013CD80
C:\Windows\System32\DRIVERS\avgntflt.sys 26E38B5A58C6C55FAFBC563EEDDB0867
C:\Windows\System32\DRIVERS\avipbb.sys 9D1F00BEFF84CBBF46D7F052BC7E0565
C:\Windows\System32\DRIVERS\avkmgr.sys 248DB59FC86DE44D2779F4C7FB1A567D
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btmaux.sys A0CA8F0493D26E67436929856E32F585
C:\Windows\System32\DRIVERS\btmhsf.sys 2B72E1339186A059BE27BC1697F4A9C1
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\System32\DRIVERS\e1y60x64.sys 50AD8FC1DC800FF36087994C8F7FDFF2
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\gobi3kfilter.sys 9495607C14F345E9632B3E1C12CEA7B0
C:\Windows\System32\DRIVERS\gobi3kmbb.sys 3568FB393C8D4099B8412476C9E2B7B1
C:\Windows\System32\DRIVERS\gobi3kserial.sys DBB405772F1C21CB7ED51593BAD5880D
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\iBtFltCoex.sys E049DD2969A2C0AF9FF99DD5F1182695
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelaud.sys CADDF0927DAC63EDAE48F5C35A61D87D
C:\Windows\System32\drivers\RTKVHD64.sys CDB772F707AC24B43A20C821852CA61F
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdpmd64.sys 9937600A1584FF00565D5379EB4C9EDB
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iwdbus.sys 716F66336F10885D935B08174DC54242
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwNs64.sys AC69618DE5BCCE8747C9AB0AAE1003C1
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmbx64.sys 4903177FC90E77ABEB19021451E9475E
C:\Windows\System32\drivers\ccdcmbox64.sys E6844A4C97E5409BBE24BB4ED000320D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 01266516E6E88D183A2B58722EEB4443
C:\Windows\System32\DRIVERS\nusb3xhc.sys 5EC04F55CC5F165F21752712437DF638
C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys 3FDE033DFB0D07F8B7D5C9A3044AA121
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RtsPStor.sys 9D21618E7A3B2C75CF1A2ECBBE723730
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EA5532868BA76923D75BCB2A1448D810
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SFEP.sys 286D3889E6AB5589646FF8A63CB928AE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\tpm.sys DBCC20C02E8A3E43B03C304A4E40A84F
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys 907F50B8695DAA65A9445D27AD306E65
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys 3F7498527B48657091C355F683BEB0DD
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\WDKMD.sys 63CE387483E74A0BD79EE4E5EBA1FD2E
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-16 16:30 - 2013-07-16 16:30 - 00000000 ____D C:\FRST
2013-06-30 15:41 - 2013-06-30 17:34 - 00000004 _____ C:\Users\NCSS\AppData\Roaming\skype.ini
2013-06-27 18:00 - 2013-06-27 18:04 - 00001656 _____ C:\Windows\System32\ASOROSet.bin
2013-06-27 17:59 - 2013-06-30 15:57 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-06-27 17:59 - 2013-06-27 18:00 - 00000000 ____D C:\Windows\System32\config\RCCBakup
2013-06-27 17:43 - 2013-06-30 17:43 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-06-27 17:43 - 2013-06-27 17:43 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-06-27 17:43 - 2013-06-27 17:43 - 00000000 ____D C:\ProgramData\Systweak
2013-06-27 17:43 - 2013-06-27 17:43 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-06-27 17:43 - 2012-07-25 11:03 - 00016896 _____ C:\Windows\System32\sasnative64.exe
2013-06-27 17:42 - 2013-06-27 18:05 - 00000282 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-06-27 17:42 - 2013-06-27 18:05 - 00000274 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-06-27 17:42 - 2013-06-27 17:43 - 00000000 ____D C:\Users\NCSS\AppData\Roaming\Systweak
2013-06-27 17:42 - 2013-06-27 17:42 - 00003024 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-06-27 17:42 - 2013-06-27 17:42 - 00002868 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-06-27 17:42 - 2013-06-27 17:42 - 00001054 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-06-27 17:42 - 2013-06-27 17:42 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-06-27 17:42 - 2013-02-28 15:27 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2013-06-24 20:55 - 2013-06-24 21:25 - 00000000 ____D C:\Users\NCSS\Desktop\Lieke
2013-06-24 20:30 - 2013-06-24 21:26 - 00000000 ____D C:\Users\NCSS\Desktop\Paula
2013-06-16 13:37 - 2013-06-08 15:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 13:37 - 2013-06-08 15:06 - 02648064 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 13:37 - 2013-06-08 15:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 13:37 - 2013-06-08 13:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 13:37 - 2013-06-08 12:42 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 13:37 - 2013-06-08 12:40 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 13:37 - 2013-06-08 12:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 13:37 - 2013-06-08 12:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-16 13:36 - 2013-06-08 15:07 - 19233792 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 13:36 - 2013-06-08 15:06 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 13:36 - 2013-06-08 12:40 - 14327808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 13:36 - 2013-06-08 12:40 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
==================== One Month Modified Files and Folders =======
2013-07-16 16:30 - 2013-07-16 16:30 - 00000000 ____D C:\FRST
2013-06-30 18:35 - 2012-03-30 10:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 18:35 - 2012-01-21 14:31 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 18:35 - 2012-01-11 04:39 - 01686044 _____ C:\Windows\WindowsUpdate.log
2013-06-30 17:50 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 17:50 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 17:43 - 2013-06-27 17:43 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-06-30 17:42 - 2012-01-21 14:31 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 17:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-06-30 17:42 - 2009-07-14 05:51 - 00115077 _____ C:\Windows\setupact.log
2013-06-30 17:34 - 2013-06-30 15:41 - 00000004 _____ C:\Users\NCSS\AppData\Roaming\skype.ini
2013-06-30 17:31 - 2012-01-11 13:31 - 00696870 _____ C:\Windows\System32\perfh007.dat
2013-06-30 17:31 - 2012-01-11 13:31 - 00148134 _____ C:\Windows\System32\perfc007.dat
2013-06-30 17:31 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\System32\PerfStringBackup.INI
2013-06-30 17:25 - 2013-03-14 13:11 - 00000000 ___RD C:\Users\NCSS\Dropbox
2013-06-30 17:25 - 2013-03-14 08:58 - 00000000 ____D C:\Users\NCSS\AppData\Roaming\Dropbox
2013-06-30 15:57 - 2013-06-27 17:59 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-06-27 18:05 - 2013-06-27 17:42 - 00000282 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-06-27 18:05 - 2013-06-27 17:42 - 00000274 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-06-27 18:05 - 2012-01-21 13:56 - 00000000 ____D C:\users\NCSS
2013-06-27 18:04 - 2013-06-27 18:00 - 00001656 _____ C:\Windows\System32\ASOROSet.bin
2013-06-27 18:04 - 2010-11-21 04:47 - 00135688 _____ C:\Windows\PFRO.log
2013-06-27 18:04 - 2009-07-14 03:34 - 84672512 _____ C:\Windows\System32\config\SOFTWARE.bak
2013-06-27 18:04 - 2009-07-14 03:34 - 20971520 _____ C:\Windows\System32\config\SYSTEM.bak
2013-06-27 18:04 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\System32\config\SECURITY.bak
2013-06-27 18:01 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\System32\config\SAM.bak
2013-06-27 18:00 - 2013-06-27 17:59 - 00000000 ____D C:\Windows\System32\config\RCCBakup
2013-06-27 17:43 - 2013-06-27 17:43 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-06-27 17:43 - 2013-06-27 17:43 - 00000000 ____D C:\ProgramData\Systweak
2013-06-27 17:43 - 2013-06-27 17:43 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-06-27 17:43 - 2013-06-27 17:42 - 00000000 ____D C:\Users\NCSS\AppData\Roaming\Systweak
2013-06-27 17:42 - 2013-06-27 17:42 - 00003024 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-06-27 17:42 - 2013-06-27 17:42 - 00002868 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-06-27 17:42 - 2013-06-27 17:42 - 00001054 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-06-27 17:42 - 2013-06-27 17:42 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-06-27 11:42 - 2012-01-21 14:31 - 00000000 ____D C:\Users\NCSS\AppData\Local\Google
2013-06-24 21:26 - 2013-06-24 20:30 - 00000000 ____D C:\Users\NCSS\Desktop\Paula
2013-06-24 21:25 - 2013-06-24 20:55 - 00000000 ____D C:\Users\NCSS\Desktop\Lieke
2013-06-24 20:56 - 2013-05-21 19:58 - 00000000 ____D C:\Users\NCSS\Desktop\Nähanleitungen
2013-06-23 11:55 - 2013-04-16 13:38 - 00035328 _____ C:\Users\NCSS\Desktop\Pflanzen Blühzeit.xls
2013-06-19 06:17 - 2013-03-14 13:11 - 00001015 _____ C:\Users\NCSS\Desktop\Dropbox.lnk
2013-06-16 19:47 - 2012-09-06 05:45 - 00013083 _____ C:\Users\NCSS\Documents\EÜR privat.xlsx
Files to move or delete:
====================
C:\Users\NCSS\AppData\Roaming\skype.dat
C:\Users\NCSS\AppData\Roaming\skype.ini
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-09 18:55:58
Restore point made on: 2013-05-13 15:11:31
Restore point made on: 2013-05-18 14:08:41
Restore point made on: 2013-05-21 17:40:07
Restore point made on: 2013-05-24 18:54:50
Restore point made on: 2013-06-02 09:54:52
Restore point made on: 2013-06-05 17:31:34
Restore point made on: 2013-06-10 20:08:56
Restore point made on: 2013-06-14 16:15:35
Restore point made on: 2013-06-16 13:36:26
Restore point made on: 2013-06-21 14:05:10
Restore point made on: 2013-06-25 13:50:25
Restore point made on: 2013-06-27 17:46:36
Restore point made on: 2013-06-29 17:39:42
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=Y:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {580ff2a4-3c50-11e1-b9c2-f0bf97e47f29}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {580ff2a4-3c50-11e1-b9c2-f0bf97e47f29}
nx OptIn
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{580ff2a7-3c50-11e1-b9c2-f0bf97e47f29}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{580ff2a7-3c50-11e1-b9c2-f0bf97e47f29}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {580ff2a4-3c50-11e1-b9c2-f0bf97e47f29}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {580ff2a7-3c50-11e1-b9c2-f0bf97e47f29}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8107.82 MB
Available physical RAM: 7265.73 MB
Total Pagefile: 8106.02 MB
Available Pagefile: 7259.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:679.41 GB) (Free:389.93 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:19.13 GB) (Free:1.1 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: (PKBACK# 001) (Removable) (Total:15.06 GB) (Free:13.99 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: B529EE86)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 66205247)
Partition 1: (Not Active) - (Size=875 GB) - (Type=0A)
Partition 2: (Not Active) - (Size=932 GB) - (Type=69)
Partition 3: (Not Active) - (Size=931 GB) - (Type=6D)
Partition 4: (Not Active) - (Size=27 MB) - (Type=66)
LastRegBack: 2013-06-05 17:08
==================== End Of Log ============================
|
| Themen zu Win7 GVU Trojaner / abges. Modus geht nicht / frst64 scan liegt vor |
| abgesicherter modus, adobe flash player, association, bootmgr, desktop, explorer, farbar, farbar recovery scan tool, flash player, frst.txt, google, gvu trojaner, hdaudio.sys, home, hängt, igdpmd64.sys, malware.packer.r1gen, microsoft, opera, realtek, regclean, registry, rundll, scan, services.exe, svchost.exe, system, trojaner, usb, usbvideo.sys, win32/kryptik.bewl, winlogon, winlogon.exe |
Baum-Darstellung