| |
| |||||||
Log-Analyse und Auswertung: Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen RechnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.06.2014, 12:25
| #1 |
| |  Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner Hallo, Ich bin neu hier im Forum und hoffe auf Eure Hilfe, Danke im vorraus. Ich habe mir wohl einen schon bekannten Trojaner eingefanngen. Interpol Sperrbildschirm mit der Aufforderung 100, EUR zu zahlen um meinen Rechner wieder nutzen zu können. Nach Eurer Anleitung habe ich schon die Logfile mit frst gescannt, siehe hier Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by SYSTEM on MININT-OVC803V on 02-06-2014 12:41:01
Running from H:\
Platform: Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\Bocken\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Bocken\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\Bocken\...\Policies\system: [DisableLockWorkstation] 0
HKU\Bocken\...\Policies\system: [DisableChangePassword] 0
HKU\Default\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Sabrina Boy\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\Sabrina Boy\...\Policies\system: [DisableLockWorkstation] 0
HKU\Sabrina Boy\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp (Microsoft Corporation)
Startup: C:\Users\Bocken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Sabrina Boy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gywggg.cpp (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
S2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [123392 2014-05-25] ()
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-25] (globalUpdate)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-25] (globalUpdate)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
S2 TpmInitd; C:\Windows\system32\itsacapi_pe-2.3.exe [119296 2014-05-25] ()
S2 Winmgmt; C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172\gggwyg.dot [333052 2014-06-02] (Microsoft Corporation)
S2 Update raving reyven; "C:\Program Files (x86)\raving reyven\updateravingreyven.exe" [X]
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-17] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2013-06-20] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2013-06-20] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2013-06-20] (MCCI Corporation)
S1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
========================== Drivers MD5 =======================
C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 8155EA1864D1FA8B168C46C41ED97A76
C:\Windows\System32\DRIVERS\atikmpag.sys 4841C7AF2BAC05AE23955D65B4336446
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Windows\System32\drivers\AtiHdmi.sys 2D648572BA9A610952FCAFBA1E119C2D
C:\Windows\System32\DRIVERS\avgntflt.sys 7806BFCD1D7FA5EC23F7324D4EAFD25B
C:\Windows\System32\DRIVERS\avipbb.sys C3A58DBD18786C338126D30BF8C33D72
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 810BE94A9E42309B3F74217AC28BC6AC
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys E10D1912634974EA273A1588C75CCB76
C:\Windows\System32\Drivers\BTHUSB.sys 19B784B6ECBB3ADBB2242700FEE90BEC
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys EBCE0B0924835F635F620D19F0529DCE
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\SysWOW64\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 1384872112E8E7FD5786ECEB8BDDF4C9
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys FBACBED7A37B3223822470FF1D8EA00F
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys E76FDFFF07F8A2FA81FF250DDA0F6BBA
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdpmd64.sys FBACBED7A37B3223822470FF1D8EA00F
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys 5E939CF91EA4A841DBAFE4627E0292BB
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\optousb.sys 84DFFAD6904D29DAA208D28C0C00A8A6
C:\Windows\System32\DRIVERS\optovcm.sys 1B30BF9F42D6AC7CE27B8DC83F4B5913
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 483DF0B58CA532E5240E59DC41F30AA2
C:\Windows\SysWOW64\Drivers\RtsUStor.sys 483DF0B58CA532E5240E59DC41F30AA2
C:\Windows\System32\DRIVERS\Rt64win7.sys 20A466B9EA2BD828C0EC723F99B8CFE7
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 54E47AD086782D3AE9417C155CDCEB9B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssadbus.sys 52D6F40B50ECFC051979FEC68E74F0F8
C:\Windows\System32\DRIVERS\ssadmdfl.sys D6CFD3B2EABCF9327DE39C62BABFA1E3
C:\Windows\System32\DRIVERS\ssadmdm.sys 5EB01E6148742C3EC2185AC92F6D16FD
C:\Windows\System32\DRIVERS\ssm_bus.sys 8E1B485AEBF4743F05B4FB162F6ED430
C:\Windows\System32\DRIVERS\ssm_mdfl.sys 1DFDEE4A0E168B6362A6A0778EAFDB55
C:\Windows\System32\DRIVERS\ssm_mdm.sys 1FFCC272F19BD84596378780F5C9843D
C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 4998AE89119C7106C92F0A64E4840FF6
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys C06E6F4679CEB8F430B90A51D76D8D3C
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 537A4E03D7103C12D42DFD8FFDB5BDC9
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys FBB21EBE49F6D560DB37AC25FBC68E66
C:\Windows\System32\DRIVERS\usbhub.sys 6B7A8A99C4A459E73C286A6763EA24CC
C:\Windows\system32\drivers\usbohci.sys 8C88AA7617B4CBC2E4BED61D26B33A27
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys 0B5B3B2DF3FD1709618ACFA50B8392B0
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys BA8BD1C0182BD860A379C0DF959976F3
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 12:40 - 2014-06-02 12:41 - 00000000 ____D () C:\FRST
2014-06-02 02:00 - 2014-06-02 02:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 01:48 - 2014-06-02 01:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 01:27 - 2014-06-02 02:24 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 01:27 - 2014-06-02 01:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 01:23 - 2014-06-02 02:23 - 00000392 _____ () C:\Windows\setupact.log
2014-06-02 01:23 - 2014-06-02 01:23 - 00305472 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-06-02 01:23 - 2014-06-02 01:23 - 00000640 _____ () C:\Windows\PFRO.log
2014-06-02 01:23 - 2014-06-02 01:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-02 00:34 - 2014-06-02 00:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 00:21 - 2014-06-02 00:24 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 00:15 - 2014-06-02 00:19 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-06-02 00:05 - 2014-06-02 00:14 - 00000000 ____D () C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172
2014-06-01 10:19 - 2014-05-22 08:20 - 00061120 _____ (StdLib) C:\Windows\System32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-25 04:57 - 2014-05-25 04:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 04:56 - 2014-06-02 01:23 - 00000000 ____D () C:\Program Files (x86)\raving reyven
2014-05-25 04:56 - 2014-05-25 04:56 - 00123392 _____ () C:\Windows\System32\DlProtectSvc.exe
2014-05-25 04:56 - 2014-05-25 04:56 - 00119296 _____ () C:\Windows\System32\itsacapi_pe-2.3.exe
2014-05-25 04:56 - 2014-05-25 04:56 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-25 04:55 - 2014-06-02 00:44 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-05-25 04:55 - 2014-05-25 04:55 - 00003460 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-3.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00002194 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-4.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00001462 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-5.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00001366 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-1.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\globalUpdate
2014-05-25 04:55 - 2014-05-25 04:55 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-25 04:53 - 2014-05-25 04:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-05-25 04:53 - 2014-05-25 04:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\BupSystem
2014-05-25 04:51 - 2014-05-25 04:51 - 00468096 _____ () C:\Users\Sabrina Boy\Downloads\ccleaner.exe
2014-05-25 04:50 - 2014-05-25 04:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 04:50 - 2014-05-25 04:50 - 00000000 ____D () C:\users\Administrator
2014-05-20 10:23 - 2014-05-20 10:55 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-20 10:19 - 2014-06-02 02:07 - 00193649 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 00:59 - 2014-05-14 11:35 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
2014-05-07 04:00 - 2014-05-07 04:00 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-06 23:26 - 2014-05-06 23:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf69c5bb9541dd.job
==================== One Month Modified Files and Folders =======
2014-06-02 12:41 - 2014-06-02 12:40 - 00000000 ____D () C:\FRST
2014-06-02 11:58 - 2011-07-05 20:49 - 00000000 ____D () C:\ProgramData\Recovery
2014-06-02 02:24 - 2014-06-02 01:27 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 02:23 - 2014-06-02 01:23 - 00000392 _____ () C:\Windows\setupact.log
2014-06-02 02:07 - 2014-05-20 10:19 - 00193649 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 02:07 - 2009-07-13 20:45 - 00023024 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 02:07 - 2009-07-13 20:45 - 00023024 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 02:00 - 2014-06-02 02:00 - 00000113 _____ () C:\ProgramData\RUNDLL32.EXE-2456-F.txt
2014-06-02 02:00 - 2011-03-09 08:41 - 00000000 ____D () C:\Users\Bocken\AppData\Local\Temp
2014-06-02 01:48 - 2014-06-02 01:48 - 00000366 _____ () C:\ProgramData\RUNDLL32.EXE-1160-F.txt
2014-06-02 01:27 - 2014-06-02 01:27 - 00000609 _____ () C:\ProgramData\RUNDLL32.EXE-2604-F.txt
2014-06-02 01:26 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2014-06-02 01:24 - 2011-03-05 07:59 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\Temp
2014-06-02 01:23 - 2014-06-02 01:23 - 00305472 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-06-02 01:23 - 2014-06-02 01:23 - 00000640 _____ () C:\Windows\PFRO.log
2014-06-02 01:23 - 2014-06-02 01:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-02 01:23 - 2014-05-25 04:56 - 00000000 ____D () C:\Program Files (x86)\raving reyven
2014-06-02 01:18 - 2011-08-12 08:55 - 00000000 ____D () C:\Windows\pss
2014-06-02 00:44 - 2014-05-25 04:55 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-06-02 00:34 - 2014-06-02 00:34 - 00069240 _____ () C:\Users\Bocken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 00:24 - 2014-06-02 00:21 - 00000455 _____ () C:\ProgramData\RUNDLL32.EXE-2672-F.txt
2014-06-02 00:19 - 2014-06-02 00:15 - 00002622 _____ () C:\ProgramData\RUNDLL32.EXE-3608-F.txt
2014-06-02 00:14 - 2014-06-02 00:05 - 00000000 ____D () C:\ProgramData\11764AFC2A3364905E8D1EAE8BD77172
2014-06-01 23:10 - 2010-07-17 10:47 - 00654852 _____ () C:\Windows\System32\perfh007.dat
2014-06-01 23:10 - 2010-07-17 10:47 - 00130434 _____ () C:\Windows\System32\perfc007.dat
2014-06-01 23:10 - 2009-07-13 21:13 - 01500294 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-25 04:57 - 2014-05-25 04:57 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\dlg
2014-05-25 04:57 - 2011-03-05 13:29 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-25 04:57 - 2011-03-05 13:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 04:56 - 2014-05-25 04:56 - 00123392 _____ () C:\Windows\System32\DlProtectSvc.exe
2014-05-25 04:56 - 2014-05-25 04:56 - 00119296 _____ () C:\Windows\System32\itsacapi_pe-2.3.exe
2014-05-25 04:56 - 2014-05-25 04:56 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-25 04:55 - 2014-05-25 04:55 - 00003460 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-3.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00002194 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-4.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00001462 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-5.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00001366 _____ () C:\Windows\Tasks\f0d91f53-b4b4-4abd-95db-8335c8813830-1.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-25 04:55 - 2014-05-25 04:55 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Local\globalUpdate
2014-05-25 04:55 - 2014-05-25 04:55 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-25 04:53 - 2014-05-25 04:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\Security System 2
2014-05-25 04:53 - 2014-05-25 04:53 - 00000000 ____D () C:\Users\Sabrina Boy\AppData\Roaming\BupSystem
2014-05-25 04:51 - 2014-05-25 04:51 - 00468096 _____ () C:\Users\Sabrina Boy\Downloads\ccleaner.exe
2014-05-25 04:50 - 2014-05-25 04:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-05-25 04:50 - 2014-05-25 04:50 - 00000000 ____D () C:\users\Administrator
2014-05-22 08:20 - 2014-06-01 10:19 - 00061120 _____ (StdLib) C:\Windows\System32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-20 10:55 - 2014-05-20 10:23 - 00000000 ____D () C:\Users\Sabrina Boy\Desktop\Vatertag
2014-05-15 22:40 - 2013-08-17 11:06 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-15 22:37 - 2011-03-10 23:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-05-14 11:35 - 2014-05-14 00:59 - 00015363 _____ () C:\Users\Sabrina Boy\Documents\Widerspruch Bescheid Bock 2013.odt
2014-05-07 04:00 - 2014-05-07 04:00 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-06 23:26 - 2014-05-06 23:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf69c5bb9541dd.job
Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
Some content of TEMP:
====================
C:\Users\Bocken\AppData\Local\Temp\avgnt.exe
C:\Users\Sabrina Boy\AppData\Local\Temp\avgnt.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2013-06-23 05:26:13
Restore point made on: 2013-06-23 05:26:21
Restore point made on: 2013-06-23 05:26:22
Restore point made on: 2013-06-23 05:26:22
Restore point made on: 2013-06-23 05:26:27
Restore point made on: 2013-06-23 05:26:30
Restore point made on: 2013-06-23 05:26:38
Restore point made on: 2014-03-06 03:18:46
Restore point made on: 2014-03-06 03:31:16
Restore point made on: 2014-03-06 03:31:43
Restore point made on: 2014-03-06 03:32:05
Restore point made on: 2014-03-06 03:32:38
Restore point made on: 2014-03-06 03:39:12
Restore point made on: 2014-03-06 04:15:33
Restore point made on: 2014-03-15 09:34:14
Restore point made on: 2014-03-17 23:59:04
Restore point made on: 2014-03-25 23:58:47
Restore point made on: 2014-03-26 00:02:05
Restore point made on: 2014-03-28 06:58:27
Restore point made on: 2014-03-31 23:45:12
Restore point made on: 2014-04-10 02:00:29
Restore point made on: 2014-04-14 22:42:10
Restore point made on: 2014-04-19 12:12:41
Restore point made on: 2014-04-19 12:16:22
Restore point made on: 2014-04-22 23:31:43
Restore point made on: 2014-04-26 00:58:44
Restore point made on: 2014-05-04 04:10:08
Restore point made on: 2014-05-04 04:32:49
Restore point made on: 2014-05-04 04:32:56
Restore point made on: 2014-05-04 13:06:31
Restore point made on: 2014-05-13 04:15:27
Restore point made on: 2014-05-14 11:45:31
Restore point made on: 2014-05-15 22:37:11
Restore point made on: 2014-05-20 10:21:42
Restore point made on: 2014-05-22 19:46:50
Restore point made on: 2014-06-01 10:21:53
Restore point made on: 2014-06-01 10:23:31
Restore point made on: 2014-06-01 23:42:13
Restore point made on: 2014-06-01 23:45:36
Restore point made on: 2014-06-02 01:16:43
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=Y:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {current}
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{008ec3c1-c4bb-11df-9d1f-fe7ff272e1c4}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{008ec3c1-c4bb-11df-9d1f-fe7ff272e1c4}
systemroot \windows
nx OptIn
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx OptIn
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {c279be75-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {008ec3c1-c4bb-11df-9d1f-fe7ff272e1c4}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Optionen zum RAM-Datentr„gersetup
---------------------------------
Bezeichner {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3183.88 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3173.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:281.96 GB) (Free:201.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:15.84 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: (Intenso) (Removable) (Total:7.81 GB) (Free:7.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 91CA769B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=282 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 76CDA3CF)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)
LastRegBack: 2013-06-23 04:12
==================== End Of Log ============================
Leider bin ich kein Profi am Rechner und bitte vorab um Verständnis, Danke! |
| Themen zu Interpol Sperrbildschirm-Keinen Zugriff mehr auf meinen Rechner |
| administrator, bootmgr, conduitsearch, conduitsearch entfernen, explorer.exe, i8042prt.sys, igdpmd64.sys, js/toolbar.crossrider.b, launch, registry, services.exe, svchost.exe, usbvideo.sys, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.google.e, win32/downloadsponsor.a, win32/pricegong.a, win32/toolbar.conduit.b, win32/toolbar.conduit.o, win32/toolbar.conduit.p, win32/toolbar.conduit.q, win64/kryptik.fz, winlogon.exe |
Baum-Darstellung