Bka interpol trojaner

Gothic87 · 27.10.2013, 17:44

Guten Abend bin neu hier und habe kaum ahnung.
folgendes problem habe mir den BKA Interpol europol.. trojaner eingefangen. habe hier schon beiträge gelesen und schon den Farbar's recavery scan tool ausgefürt.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013 01
Ran by SYSTEM on MININT-3VPSEPM on 27-10-2013 16:38:14
Running from H:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [ISW] - [x]
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] - C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2010-07-15] (Chicony)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CloneCDTray] - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE [112464 2009-12-04] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-06-21] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default
HKU\Elfi\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKU\Elfi\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\Elfi\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE [202576 2009-12-09] (NewSoft Technology Corporation)
HKU\Elfi\...\Run: [EPSON BX525WD Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAU.EXE /FU "C:\Windows\TEMP\E_SACF1.tmp" /EF "HKCU"
HKU\Elfi\...\Run: [PC Suite Tray] - "D:\Programme2\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\Elfi\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Elfi\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\Elfi\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-02-12] (TomTom)
HKU\Elfi\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\Elfi\...\Winlogon: [Shell] cmd.exe [344576 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
HKU\Elfi\...\Command Processor: "C:\Users\Elfi\AppData\Local\QgolQOrJD\JJhO1vKNv8.exe" <===== ATTENTION!

==================== Services (Whitelisted) =================

S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827520 2012-04-30] (Check Point Software Technologies)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-07-17] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445880 2012-06-21] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
S3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2010-03-31] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-03-31] (Huawei Technologies Co., Ltd.)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2012-04-30] (Check Point Software Technologies)
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
S1 oezlvlyp; \??\C:\Windows\system32\drivers\oezlvlyp.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atipmdag.sys 52679612D742BF74CA1BA6AB86DDF431
C:\Windows\System32\DRIVERS\atikmpag.sys 414E0788920A8C856032BE2CBF29F984
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\drivers\AmUStor.SYS 391887990CDAA83DE5C56C3FDE966DA1
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E642491F64E58CD5BC8FB8B347DCF65F
C:\Windows\System32\drivers\AtiHdmi.sys FB7602C5C508BE281368AAE0B61B51C6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 937BEB186A735ACA91D717044A49D17E
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 0B3F6C8F93C5C25977EA5A8B2E656357
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDFL.sys 9387A484D31209D7FC3F795A787294DB
C:\Windows\SysWow64\Drivers\ElbyCDFL.sys 9387A484D31209D7FC3F795A787294DB
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbnet.sys 477BC304201197F4057090BD60AF1739
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\SysWOW64\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbdev.sys B45B3647BA32749B94FA689175EC8C26
C:\Windows\system32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys 36FDF367A1DABFF903E2214023D71368
C:\Windows\System32\drivers\RTKVHD64.sys E8017F1662D9142F45CEAB694D013C00
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 1152F8BEB568F2F72F1C5C32A1F4E529
C:\Windows\System32\DRIVERS\k57nd60a.sys 12E27942DBB7C91880163634B0D8A776
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys E656FE10D6D27794AFA08136685A69E8
C:\Windows\System32\DRIVERS\kl2.sys D865DD8B0448E3F963D68C04C532858F
C:\Windows\System32\DRIVERS\klif.sys 055790D38D7EC73AEF03E4AA7F67BA03
C:\Windows\System32\Drivers\ksecdd.sys 16C1B906FC5EAD84769F90B736B6BF0E
C:\Windows\System32\Drivers\ksecpkg.sys 0B711550C56444879D71C7DAABDA6C83
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1E62x64.sys 2AC603C3188C704CFCE353659AA7AD71
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\NTIDrvr.sys 64DDD0DEE976302F4BD93E5EFCC2F013
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys BC0018C2D29F655188A0ED3FA94FDB24
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys FBF4DB6D53585437E41A113300002A2B
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys E5DC9BA9E439D6DBDD79F8CAACB5BF01
C:\Windows\System32\DRIVERS\rrnetcap.sys 2ABD2B3BA2EF0C3BA82284C2A5E28675
C:\Windows\System32\DRIVERS\rrnetcap.sys 2ABD2B3BA2EF0C3BA82284C2A5E28675
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssadbus.sys 52D6F40B50ECFC051979FEC68E74F0F8
C:\Windows\System32\DRIVERS\ssadmdfl.sys D6CFD3B2EABCF9327DE39C62BABFA1E3
C:\Windows\System32\DRIVERS\ssadmdm.sys 5EB01E6148742C3EC2185AC92F6D16FD
C:\Windows\System32\DRIVERS\ssudmdm.sys EA8F41484CCC5BA6A1455C2AD3D1BE3C
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys ED6D1424E5B0C21A57B28DD8508D6843
C:\Windows\System32\drivers\tbhsd.sys 4430E9B4C60AAB672D16E801BAD0555E
C:\Windows\System32\drivers\tcpip.sys 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\System32\DRIVERS\tcpip.sys 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys 825E7A1F48FB8BCFBA27C178AAB4E275
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys 2E22C1FD397A5A9FFEF55E9D1FC96C00
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 537A4E03D7103C12D42DFD8FFDB5BDC9
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys FBB21EBE49F6D560DB37AC25FBC68E66
C:\Windows\System32\DRIVERS\usbhub.sys 6B7A8A99C4A459E73C286A6763EA24CC
C:\Windows\system32\drivers\usbohci.sys 8C88AA7617B4CBC2E4BED61D26B33A27
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys 0B5B3B2DF3FD1709618ACFA50B8392B0
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsdatant.sys 239D8D72730226CD460BDC8CA0A23D43
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-27 16:34 - 2013-10-27 16:34 - 00000000 ____D C:\FRST
2013-10-27 06:50 - 2013-10-27 06:53 - 00000000 ____D C:\Users\Elfi\AppData\Local\QgolQOrJD
2013-10-27 06:50 - 2013-10-27 06:50 - 00322560 _____ C:\Users\Elfi\AppData\Roaming\GlOrX4Cx
2013-10-27 06:50 - 2013-10-27 06:50 - 00322560 _____ C:\Users\Elfi\AppData\Local\UtAvIgPqi
2013-10-27 06:50 - 2013-10-27 06:50 - 00322560 _____ C:\ProgramData\kMtQaOTz
2013-10-22 21:13 - 2013-10-22 21:19 - 00000000 ____D C:\Users\Elfi\Desktop\Neuer Ordner
2013-10-22 00:20 - 2013-10-27 07:13 - 00001803 _____ C:\Windows\setupact.log
2013-10-22 00:20 - 2013-10-22 00:20 - 00000000 _____ C:\Windows\setuperr.log
2013-10-08 00:04 - 2013-10-08 00:04 - 00000241 _____ C:\Windows\wininit.ini
2013-10-07 23:34 - 2013-10-07 23:57 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-07 23:33 - 2013-10-08 00:01 - 00000000 ____D C:\Users\Elfi\AppData\Roaming\Systweak
2013-10-07 23:33 - 2013-10-07 23:33 - 00003230 _____ C:\Windows\System32\Tasks\DigitalSite
2013-10-07 23:33 - 2013-10-07 23:33 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-07 23:33 - 2013-10-07 23:33 - 00000000 ____D C:\Users\Elfi\AppData\Roaming\DigitalSite
2013-10-07 23:33 - 2013-07-22 06:07 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2013-10-07 23:31 - 2013-10-07 23:31 - 00749248 _____ C:\Users\Elfi\Downloads\ZipExtractorSetup.exe

==================== One Month Modified Files and Folders =======

2013-10-27 16:34 - 2013-10-27 16:34 - 00000000 ____D C:\FRST
2013-10-27 07:14 - 2012-04-17 07:28 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 07:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 07:13 - 2013-10-22 00:20 - 00001803 _____ C:\Windows\setupact.log
2013-10-27 07:11 - 2011-04-28 02:30 - 00000000 ____D C:\ProgramData\PC Suite
2013-10-27 06:53 - 2013-10-27 06:50 - 00000000 ____D C:\Users\Elfi\AppData\Local\QgolQOrJD
2013-10-27 06:50 - 2013-10-27 06:50 - 00322560 _____ C:\Users\Elfi\AppData\Roaming\GlOrX4Cx
2013-10-27 06:50 - 2013-10-27 06:50 - 00322560 _____ C:\Users\Elfi\AppData\Local\UtAvIgPqi
2013-10-27 06:50 - 2013-10-27 06:50 - 00322560 _____ C:\ProgramData\kMtQaOTz
2013-10-27 06:49 - 2010-11-01 17:32 - 00654400 _____ C:\Windows\System32\perfh007.dat
2013-10-27 06:49 - 2010-11-01 17:32 - 00130240 _____ C:\Windows\System32\perfc007.dat
2013-10-27 06:49 - 2009-07-13 21:13 - 01498568 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-27 06:46 - 2011-09-24 11:58 - 00000000 ____D C:\Users\Elfi\AppData\Roaming\.oit
2013-10-27 03:20 - 2012-04-17 07:28 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 03:02 - 2012-07-17 21:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-26 23:54 - 2009-07-13 20:45 - 00017376 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-26 23:54 - 2009-07-13 20:45 - 00017376 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-26 23:51 - 2012-05-09 23:48 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-22 21:19 - 2013-10-22 21:13 - 00000000 ____D C:\Users\Elfi\Desktop\Neuer Ordner
2013-10-22 00:20 - 2013-10-22 00:20 - 00000000 _____ C:\Windows\setuperr.log
2013-10-21 22:18 - 2012-07-14 10:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-20 10:15 - 2012-04-17 07:28 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-20 10:15 - 2012-04-17 07:28 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-17 23:06 - 2009-07-13 21:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-10 04:02 - 2012-07-17 21:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 04:02 - 2012-03-29 11:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 04:02 - 2011-06-10 12:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 00:04 - 2013-10-08 00:04 - 00000241 _____ C:\Windows\wininit.ini
2013-10-08 00:01 - 2013-10-07 23:33 - 00000000 ____D C:\Users\Elfi\AppData\Roaming\Systweak
2013-10-07 23:57 - 2013-10-07 23:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-07 23:47 - 2013-05-24 10:14 - 00000000 ___HD C:\Users\Elfi\AppData\Roaming\Xqtrfltzfvn
2013-10-07 23:47 - 2013-05-24 10:14 - 00000000 ___HD C:\Users\Elfi\AppData\Roaming\Vjjhjw
2013-10-07 23:46 - 2013-05-24 10:14 - 00000000 ___HD C:\Users\Elfi\AppData\Roaming\Mlllcaxmrfb
2013-10-07 23:46 - 2013-05-24 10:14 - 00000000 ___HD C:\Users\Elfi\AppData\Roaming\Gqpnvqgr
2013-10-07 23:46 - 2013-05-24 10:14 - 00000000 ___HD C:\Users\Elfi\AppData\Roaming\Dfiklyaxp
2013-10-07 23:41 - 2011-04-28 00:10 - 00000000 ____D C:\users\Elfi
2013-10-07 23:33 - 2013-10-07 23:33 - 00003230 _____ C:\Windows\System32\Tasks\DigitalSite
2013-10-07 23:33 - 2013-10-07 23:33 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-07 23:33 - 2013-10-07 23:33 - 00000000 ____D C:\Users\Elfi\AppData\Roaming\DigitalSite
2013-10-07 23:31 - 2013-10-07 23:31 - 00749248 _____ C:\Users\Elfi\Downloads\ZipExtractorSetup.exe
2013-10-04 03:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

ZeroAccess:
C:\Windows\Installer\{b8123e2b-c4d6-d19d-3a13-9a9ec0c57ece}
C:\Windows\Installer\{b8123e2b-c4d6-d19d-3a13-9a9ec0c57ece}\@
C:\Windows\Installer\{b8123e2b-c4d6-d19d-3a13-9a9ec0c57ece}\U\00000001.@
C:\Windows\Installer\{b8123e2b-c4d6-d19d-3a13-9a9ec0c57ece}\U\00000004.@
C:\Windows\Installer\{b8123e2b-c4d6-d19d-3a13-9a9ec0c57ece}\U\000000cb.@
C:\Windows\Installer\{b8123e2b-c4d6-d19d-3a13-9a9ec0c57ece}\L\00000004.@
C:\Windows\Installer\{b8123e2b-c4d6-d19d-3a13-9a9ec0c57ece}\L\1afb2d56
C:\Windows\Installer\{b8123e2b-c4d6-d19d-3a13-9a9ec0c57ece}\L\201d3dde

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1996258713-3965154596-4204642585-1000\$b8123e2bc4d6d19d3a139a9ec0c57ece

ZeroAccess:
C:\Users\Elfi\AppData\Local\396b2c07
C:\Users\Elfi\AppData\Local\396b2c07\@
C:\Users\Elfi\AppData\Local\396b2c07\U\80000000.$
C:\Users\Elfi\AppData\Local\396b2c07\U\800000cb.$

ZeroAccess:
C:\Users\Elfi\AppData\Local\{b8123e2b-c4d6-d19d-3a13-9a9ec0c57ece}
C:\Users\Elfi\AppData\Local\{b8123e2b-c4d6-d19d-3a13-9a9ec0c57ece}\@

Files to move or delete:
====================
C:\Users\Elfi\AppData\Local\QgolQOrJD\JJhO1vKNv8.exe
C:\ProgramData\agoir.bat
C:\ProgramData\agoir.pad
C:\ProgramData\agoir.reg
C:\Users\Elfi\taskmgr.exe


Some content of TEMP:
====================
C:\Users\Elfi\AppData\Local\Temp\F576.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

1
Restore point made on: 2013-10-27 03:04:17

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {a62c839c-e621-11df-9459-ad516ed94a21}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {a62c839c-e621-11df-9459-ad516ed94a21}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\a62c839e-e621-11df-9459-ad516ed94a21\Winre.wim,{a62c839f-e621-11df-9459-ad516ed94a21}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\a62c839e-e621-11df-9459-ad516ed94a21\Winre.wim,{a62c839f-e621-11df-9459-ad516ed94a21}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {a62c839c-e621-11df-9459-ad516ed94a21}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {a62c839f-e621-11df-9459-ad516ed94a21}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\a62c839e-e621-11df-9459-ad516ed94a21\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 3956.5 MB
Available physical RAM: 3243.38 MB
Total Pagefile: 3954.64 MB
Available Pagefile: 3242.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:52.61 GB) (Free:3.23 GB) NTFS
Drive e: (Lokaler Datenträger) (Fixed) (Total:400.36 GB) (Free:170.63 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:1.24 GB) NTFS
Drive h: () (Removable) (Total:14.9 GB) (Free:14.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: EBD8EBD8)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=53 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=400 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 002C966D)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-10-21 11:21

==================== End Of Log ============================

Bka interpol trojaner

Log-Analyse und Auswertung: Bka interpol trojaner

Bka interpol trojaner

Ähnliche Themen: Bka interpol trojaner