Trojaner-Board - Bitte um Hilfe -Virus legt meinen PC lahm

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-06-2013

Ran by SYSTEM on 23-06-2013 14:55:50

Running from G:\

Windows Vista (TM) Business Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2007-07-23] (AMD)

HKLM\...\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe [318488 2008-04-07] (PDF Complete Inc)

HKLM\...\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)

HKLM\...\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [53248 2004-07-01] (Fellowes, Inc.)

HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-07-10] (Analog Devices, Inc.)

HKLM\...\Run: [NPSStartup]  [x]

HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: []  [x]

HKLM\...\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon [677144 2007-07-24] (Infineon Technologies AG)

HKLM\...\Run: [Controller] C:\Program Files\A1 Telekom Austria\Controller\Controller.exe /auto [13663600 2011-03-29] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)

HKU\Gast\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [ 2011-10-24] (Apple Inc.)

HKU\Gast\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [ 2012-01-19] (DT Soft Ltd)

HKU\josef\...\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN17K0852K05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 [ 2011-05-25] (Hewlett-Packard Co.)

HKU\josef\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)

HKU\josef\...\Run: [Internet Security] C:\ProgramData\tdefender.exe [ 2013-06-20] (Igor Pavlov)

Startup: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk ->  (No File)

Startup: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk

ShortcutTarget: E-Mail - Verknüpfung.lnk ->  (No File)

Startup: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk

ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
 

========================== Services (Whitelisted) =================
 

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-09-28] (Advanced Micro Devices, Inc.)

S2 FortiSslvpnDaemon; C:\Windows\system32\FortiSslvpnDaemon.exe [506400 2007-12-11] (Fortinet Inc.)

S2 gupdate1ca175a7433ed00; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-07] (Google Inc.)

S2 IFXSpMgtSrv; C:\Windows\system32\ifxspmgt.exe [677144 2007-07-24] (Infineon Technologies AG)

S2 IFXTCS; C:\Windows\System32\IFXTCS.exe [886040 2007-07-24] (Infineon Technologies AG)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] ()

S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()

S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-04-07] (PDF Complete Inc)

S2 PersonalSecureDriveService; C:\Windows\system32\IfxPsdSv.exe [140568 2007-07-24] (Infineon Technologies AG)

S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2013-04-13] ()

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] ()
 

==================== Drivers (Whitelisted) ====================
 

S0 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-03] (AMD Technologies Inc.)

S3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-06-21] ()

S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [74240 2007-11-26] (Broadcom Corporation)

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-02-11] (DT Soft Ltd)

S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()

S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)

S1 HWiNFO32; C:\Program Files\HWiNFO32\HWiNFO32.SYS [21624 2011-09-22] (REALiX(tm))

S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)

S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-06-21] ()

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

S1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [38816 2007-07-24] (Infineon Technologies AG)

S3 pppop; C:\Windows\System32\DRIVERS\pppop.sys [36384 2007-12-11] (Fortinet Inc.)

S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation)

S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation)

S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation)

S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation)

S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation)

S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation)

S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation)

S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)

S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)

S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

========================== Drivers MD5 =======================
 

C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7

C:\Windows\System32\drivers\ADIHdAud.sys B0269F270D29F0B0D602959271AB623B

C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303

C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE

C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7

C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5

C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA

C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360

C:\Windows\system32\drivers\ahcix86s.sys A484C7CD9702E5B938295E9356DD2847

C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91

C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578

C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C

C:\Windows\System32\DRIVERS\amdiox86.sys FF258424F0B2EF25EB98F04EE386E6E3

C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48

C:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D

C:\Windows\System32\DRIVERS\atikmdag.sys 5C297F25A4A09D14BFE2CAB5DE2F1457

C:\Windows\System32\DRIVERS\atikmpag.sys FF2E35D9BD35F36A0126A0CA7556E43D

C:\Windows\System32\DRIVERS\AmdLLD.sys AD8FA28D8ED0D0A689A0559085CE0F18

C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522

C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945

C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1

C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4

C:\Windows\System32\DRIVERS\atikmdag.sys 5C297F25A4A09D14BFE2CAB5DE2F1457

C:\Windows\System32\drivers\atipcie.sys A356E45E8432432C06981EA63A1E0FE8

C:\Windows\System32\DRIVERS\atksgt.sys F0D933B42CD0594048E4D5200AE9E417

C:\Windows\System32\DRIVERS\b57nd60x.sys 37C0FDC2B0C7B285910695194BF39826

C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6

C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397

C:\Windows\System32\DRIVERS\basp.sys EE0ABF2145B5E3261311E346E2E3C1E0

C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA

C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit

C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit

C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit

C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit

C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit

C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A

C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314

C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D

C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132

C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629

C:\Windows\system32\drivers\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A

C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871

C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410

C:\Windows\System32\drivers\csc.sys 9BDB2E89BE8D0EF37B1F25C3D3FC192C

C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C

C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A

C:\Windows\System32\DLA\DLABMFSM.SYS E328F653BB38DCA443B6B5C209550F16

C:\Windows\System32\DLA\DLABOIOM.SYS 5324FBE31307EDDD03DF5539225454C8

C:\Windows\System32\Drivers\DLACDBHM.SYS 5230CDB7E715F3A3B4A882E254CDD35D

C:\Windows\System32\DLA\DLADResM.SYS 5D71DB0C8C693324A20D6A6E230D3877

C:\Windows\System32\DLA\DLAIFS_M.SYS B89653704319073F71311A676BAF70D4

C:\Windows\System32\DLA\DLAOPIOM.SYS E08F04C7F7E0C31C9AC928ABAC9D0193

C:\Windows\System32\DLA\DLAPoolM.SYS DAA942572D1B3393040209BF5EADF4A8

C:\Windows\System32\Drivers\DLARTL_M.SYS 77FE51F0F8D86804CB81F6EF6BFB86DD

C:\Windows\System32\DLA\DLAUDFAM.SYS E1160A37A6F1A7607510744267501836

C:\Windows\System32\DLA\DLAUDF_M.SYS 26DAD89DC9DE1F7F4990849BC5731D03

C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80

C:\Windows\System32\Drivers\DRVMCDB.SYS C00440385CF9F3D142917C63F989E244

C:\Windows\System32\Drivers\DRVNDDM.SYS FFC371525AA55D1BAE18715EBCB8797C

C:\Windows\System32\DRIVERS\dtsoftbus01.sys 687AF6BB383885FF6A64071B189A7F3E

C:\Windows\System32\drivers\dxgkrnl.sys 5DE0FAEC9E5D1AAE74F8568897891A01

C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C

C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371

C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6

C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61

C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE

C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8

C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A

C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F

C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE

C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD

C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05

C:\Windows\system32\FsUsbExDisk.SYS 790A4CA68F44BE35967B3DF61F3E4675

C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5

C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5

C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ggflt.sys 007AEA2E06E7CEF7372E40C277163959

C:\Windows\System32\DRIVERS\ggsemc.sys C73DE35960CA75C5AB4AE636B127C64E

C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6

C:\Windows\System32\Drivers\ANDROIDUSB.sys CBD09ED9CF6822177EE85AEA4D8816A2

C:\Windows\System32\DRIVERS\htcnprot.sys 52395A94C127C0266D1C0F3CCE8A4345

C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE

C:\Program Files\HWiNFO32\HWiNFO32.SYS 79B69CD1DFBDC48CCAD4B8B6D4048786

C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4

C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD

C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718

C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF

C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3

C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1

C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68

C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9

C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614

C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034

C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit

C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\k750bus.sys FE8300320281D658A7854D5CFC02A63F

C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E

C:\Windows\system32\drivers\kbdhid.sys 18247836959BA67E3511B62846B9C2E0

C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20

C:\Windows\System32\DRIVERS\lirsgt.sys F8A7212D0864EF5E9185FB95E6623F4D

C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6

C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365

C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A

C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C

C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC

C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879

C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99

C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA

C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8

C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263

C:\Windows\system32\drivers\mouhid.sys 93B8D4869E12CFBE663915502900876F

C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600

C:\Windows\System32\DRIVERS\MpFilter.sys CF105EE42E3F71E648CEBB3F666E1CF0

C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6

C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E

C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C

C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2

C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03

C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C

C:\Windows\system32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D

C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7

C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515

C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62

C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07

C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E

C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B

C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB

C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C

C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A

C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C

C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416

C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42

C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61

C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389

C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3

C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3

C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78

C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\NisDrvWFP.sys 832E098BCA8235436FE2D8AE50AC3718

C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26

C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF

C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7

C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E

C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101

C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177

C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\parport.sys 8A79FDF04A73428597E2CAF9D0D67850

C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9

C:\Windows\System32\DRIVERS\parvdm.sys 6C580025C81CAF3AE9E3617C22CAD00E

C:\Windows\System32\DRIVERS\pccsmcfd.sys 175CC28DCF819F78CAA3FBD44AD9E52A

C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB

C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\drivers\psd.sys F21B077B1FBA7AA331FA1087078D92E8

C:\Windows\System32\DRIVERS\pppop.sys 3BD13194DB76F190B32DDACF8FE103BD

C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1

C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD

C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA

C:\Windows\System32\Drivers\PxHelp20.sys FEFFCFDC528764A04C8ED63D5FA6E711

C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7

C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3

C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0

C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF

C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D

C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935

C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899

C:\Windows\System32\DRIVERS\rdpdr.sys 943B18305EAE3935598A9B4A3D560B4C

C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C

C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A

C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD

C:\Windows\System32\DRIVERS\s3017bus.sys AA786AD3A2684D39630744787B00E6F4

C:\Windows\System32\DRIVERS\s3017mdfl.sys CBA4CA5BCE44084E98CE420FD6692D3A

C:\Windows\System32\DRIVERS\s3017mdm.sys 68036EFF647970D6C0399789C8707CAD

C:\Windows\System32\DRIVERS\s3017mgmt.sys 3672E7F9349BD98FD3F5AC33E7B2B1A6

C:\Windows\System32\DRIVERS\s3017nd5.sys B1133B37EB184AEF81D56B4302DBAE9C

C:\Windows\System32\DRIVERS\s3017obex.sys D81B1D504AA1426622E7EC09F25130A9

C:\Windows\System32\DRIVERS\s3017unic.sys 7B95C53EA8BB585013767EEF2875C0A0

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\seehcri.sys E5B56569A9F79B70314FEDE6C953641E

C:\Windows\System32\DRIVERS\serenum.sys CE9EC966638EF0B10B864DDEDF62A099

C:\Windows\System32\DRIVERS\serial.sys 6D663022DB3E7058907784AE14B69898

C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624

C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86

C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5

C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3

C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2

C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94

C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04

C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF

C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91

C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF

C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44

C:\Windows\System32\DRIVERS\ss_bbus.sys EAA66218CD39F5BB1B4853A78C67C787

C:\Windows\System32\DRIVERS\ss_bmdfl.sys 91765F99914ED8693D8BC76524F21581

C:\Windows\System32\DRIVERS\ss_bmdm.sys 840E7B738B03C10EE91D9B7D3D6EFF15

C:\Windows\System32\DRIVERS\serscan.sys EF70B3D22B4BFFDA6EA851ECB063EFAA

C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56

C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit

C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit

C:\Windows\System32\drivers\tcpip.sys 078218D74C4EFC2CE7E4C6DF22A94F2F

C:\Windows\System32\DRIVERS\tcpip.sys 078218D74C4EFC2CE7E4C6DF22A94F2F

C:\Windows\System32\drivers\tcpipreg.sys 4C11A1820DDC37FA653913AD680ACCAE

C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56

C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021

C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54

C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7

C:\Windows\System32\drivers\tpm.sys CB258C2F726F1BE73C507022BE33EBB3

C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206

C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38

C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C

C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F

C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6

C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27

C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C

C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit

C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2

C:\Windows\System32\Drivers\usbaapl.sys E8C1B9EBAC65288E1B51E8A987D98AF6

C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142

C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B

C:\Windows\System32\DRIVERS\usbfilter.sys 9C2C6B2353A5FF7796A19DC07EA2D1FE

C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42

C:\Windows\System32\DRIVERS\usbohci.sys CE697FEE0D479290D89BEC80DFE793B7

C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5

C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9

C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD

C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F

C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4

C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C

C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC

C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE

C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC

C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43

C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28

C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A

C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9

C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26

C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26

C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F

C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A

C:\Windows\System32\DRIVERS\WinUSB.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE

C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E

C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA

C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C

C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070

C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-06-23 14:55 - 2013-06-23 14:55 - 00000000 ___DC C:\FRST

2013-06-23 13:16 - 2013-06-23 13:12 - 00135360 ___AC (Symantec Corporation) C:\Users\josef\Desktop\FixBlast.exe

2013-06-23 13:00 - 2009-08-04 09:02 - 00754688 ___AC (Microsoft Corporation) C:\Windows\System32\webservices.dll

2013-06-20 20:15 - 2013-06-20 20:15 - 00847360 ___AC (Igor Pavlov) C:\ProgramData\tdefender.exe

2013-06-12 19:27 - 2013-05-17 00:08 - 12329984 ___AC (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-12 19:27 - 2013-05-16 23:49 - 09738752 ___AC (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-12 19:27 - 2013-05-16 23:39 - 01800704 ___AC (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-12 19:27 - 2013-05-16 23:28 - 01129472 ___AC (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-12 19:27 - 2013-05-16 23:28 - 01104384 ___AC (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-12 19:27 - 2013-05-16 23:27 - 01427968 ___AC (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-06-12 19:27 - 2013-05-16 23:26 - 00231936 ___AC (Microsoft Corporation) C:\Windows\System32\url.dll

2013-06-12 19:27 - 2013-05-16 23:23 - 00065024 ___AC (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-12 19:27 - 2013-05-16 23:21 - 00717824 ___AC (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-12 19:27 - 2013-05-16 23:21 - 00142848 ___AC (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-06-12 19:27 - 2013-05-16 23:20 - 00420864 ___AC (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-06-12 19:27 - 2013-05-16 23:19 - 00607744 ___AC (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-12 19:27 - 2013-05-16 23:17 - 01796096 ___AC (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-12 19:27 - 2013-05-16 23:17 - 00073216 ___AC (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-06-12 19:27 - 2013-05-16 23:16 - 02382848 ___AC (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-12 19:27 - 2013-05-16 23:12 - 00176640 ___AC (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-12 13:23 - 2013-05-08 04:40 - 00914792 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-06-12 13:23 - 2013-05-08 02:58 - 00031232 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys

2013-06-12 13:23 - 2013-05-02 05:04 - 00443904 ___AC (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 13:23 - 2013-05-02 05:03 - 00037376 ___AC (Microsoft Corporation) C:\Windows\System32\printcom.dll

2013-06-12 13:23 - 2013-04-24 05:00 - 00985600 ___AC (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 13:23 - 2013-04-24 05:00 - 00133120 ___AC (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 13:23 - 2013-04-24 05:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 13:23 - 2013-04-24 05:00 - 00041984 ___AC (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 13:23 - 2013-04-24 02:46 - 00812544 ___AC (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 13:21 - 2013-05-02 23:03 - 03603832 ___AC (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-06-12 13:21 - 2013-05-02 23:03 - 03551096 ___AC (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-06-12 13:21 - 2013-04-17 13:30 - 00024576 ___AC (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-10 16:25 - 2013-06-10 16:25 - 102199341 ___AC C:\Users\josef\Downloads\andrea&daniel&johannes.zip

2013-06-01 20:05 - 2013-06-01 20:06 - 00000000 ___DC C:\Program Files\Dropbox

2013-06-01 19:58 - 2013-06-21 13:07 - 00000000 ___DC C:\Users\josef\AppData\Roaming\Dropbox
 

==================== One Month Modified Files and Folders ========
 

2013-06-23 14:55 - 2013-06-23 14:55 - 00000000 ___DC C:\FRST

2013-06-23 13:53 - 2006-11-02 14:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-06-23 13:53 - 2006-11-02 14:01 - 00000006 __AHC C:\Windows\Tasks\SA.DAT

2013-06-23 13:51 - 2011-04-17 19:01 - 00000300 ___AC C:\Windows\Tasks\BearShareNAG.job

2013-06-23 13:51 - 2009-08-07 13:38 - 00001094 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-23 13:51 - 2008-12-28 11:28 - 00000416 ___AC C:\Windows\Tasks\PCConfidential.job

2013-06-23 13:51 - 2006-11-02 13:47 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-23 13:51 - 2006-11-02 13:47 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-23 13:32 - 2008-08-21 17:56 - 01997258 ___AC C:\Windows\WindowsUpdate.log

2013-06-23 13:12 - 2013-06-23 13:16 - 00135360 ___AC (Symantec Corporation) C:\Users\josef\Desktop\FixBlast.exe

2013-06-23 13:03 - 2012-05-02 20:07 - 00000884 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-23 13:01 - 2006-11-02 12:18 - 00000000 ___DC C:\Windows\System32\de-DE

2013-06-21 15:48 - 2012-09-02 14:02 - 00000338 ___AC C:\Windows\Tasks\HP Photo Creations Communicator.job

2013-06-21 13:07 - 2013-06-01 19:58 - 00000000 ___DC C:\Users\josef\AppData\Roaming\Dropbox

2013-06-21 11:58 - 2009-08-07 13:38 - 00001098 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-20 20:15 - 2013-06-20 20:15 - 00847360 ___AC (Igor Pavlov) C:\ProgramData\tdefender.exe

2013-06-16 19:10 - 2006-11-02 11:24 - 73381792 ___AC (Microsoft Corporation) C:\Windows\System32\mrt.exe

2013-06-15 12:07 - 2006-11-02 12:18 - 00000000 ___DC C:\Windows\Microsoft.NET

2013-06-14 21:33 - 2006-11-02 11:33 - 01477314 ___AC C:\Windows\System32\PerfStringBackup.INI

2013-06-13 21:24 - 2008-11-09 18:45 - 00000000 ___DC C:\Program Files\Mozilla Firefox

2013-06-13 12:02 - 2012-05-02 20:07 - 00692104 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-13 12:02 - 2011-06-03 09:32 - 00071048 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-12 21:44 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache

2013-06-12 21:26 - 2006-11-02 14:00 - 00092384 ___AC C:\Windows\PFRO.log

2013-06-12 19:28 - 2008-08-26 16:09 - 00000000 ___DC C:\ProgramData\Microsoft Help

2013-06-10 16:25 - 2013-06-10 16:25 - 102199341 ___AC C:\Users\josef\Downloads\andrea&daniel&johannes.zip

2013-06-07 12:42 - 2012-11-09 08:05 - 00001971 ___AC C:\Users\Public\Desktop\Google Chrome.lnk

2013-06-04 18:50 - 2006-11-02 13:52 - 00226881 ___AC C:\Windows\setupact.log

2013-06-01 20:06 - 2013-06-01 20:05 - 00000000 ___DC C:\Program Files\Dropbox

2013-05-30 10:24 - 2009-02-28 14:39 - 00000000 ___DC C:\Program Files\Finale NotePad 2008
 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-3282792964-1840882654-3543117350-1000\$8853efe0c6e8481fba40f239681a3b28
 

Files to move or delete:

====================

C:\ProgramData\tdefender.exe
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2013-06-20 11:32:10

Restore point made on: 2013-06-21 08:30:28

Restore point made on: 2013-06-23 13:00:24
 

==================== BCD ================================
 
 

Windows-Start-Manager

---------------------

Bezeichner              {bootmgr}

device                  partition=C:

description             Windows Boot Manager

locale                  de-DE

inherit                 {globalsettings}

default                 {default}

resumeobject            {17646b51-db3c-11dc-b3a3-0018716eb820}

displayorder            {default}

toolsdisplayorder       {memdiag}

timeout                 30

resume                  No
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {default}

device                  partition=C:

path                    \Windows\system32\winload.exe

description             Microsoft Windows Vista

locale                  de-DE

inherit                 {bootloadersettings}

recoverysequence        {current}

recoveryenabled         Yes

osdevice                partition=C:

systemroot              \Windows

resumeobject            {17646b51-db3c-11dc-b3a3-0018716eb820}

nx                      OptIn

numproc                 2

detecthal               No

usefirmwarepcisettings  No
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {current}

device                  ramdisk=[D:]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

path                    \windows\system32\boot\winload.exe

description             Windows Recovery Environment

osdevice                ramdisk=[D:]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

systemroot              \windows

nx                      OptIn

detecthal               Yes

winpe                   Yes
 

Wiederaufnahme aus dem Ruhezustand

----------------------------------

Bezeichner              {17646b51-db3c-11dc-b3a3-0018716eb820}

device                  partition=C:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  de-DE

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

pae                     Yes

debugoptionenabled      No
 

Windows-Speichertestprogramm

----------------------------

Bezeichner              {memdiag}

device                  partition=C:

path                    \boot\memtest.exe

description             Windows-Speicherdiagnose

locale                  de-DE

inherit                 {globalsettings}

badmemoryaccess         Yes
 

Windows-Legacybetriebssystem-Ladeprogramm

-----------------------------------------

Bezeichner              {ntldr}

device                  unknown

path                    \ntldr

description             Frhere Windows-Version
 

EMS-Einstellungen

-----------------

Bezeichner              {emssettings}

bootems                 Yes
 

Debuggereinstellungen

---------------------

Bezeichner              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200
 

RAM-Defekte

-----------

Bezeichner              {badmemory}
 

Globale Einstellungen

---------------------

Bezeichner              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}
 

Startladeprogramm-Einstellungen

-------------------------------

Bezeichner              {bootloadersettings}

inherit                 {globalsettings}
 

Einstellungen zur Ladeprogrammfortsetzung

-----------------------------------------

Bezeichner              {resumeloadersettings}

inherit                 {globalsettings}
 

Ger„teoptionen

--------------

Bezeichner              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

description             Ramdisk Device Options

ramdisksdidevice        partition=D:

ramdisksdipath          \boot.sdi
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 25%

Total physical RAM: 1790.58 MB

Available physical RAM: 1329.94 MB

Total Pagefile: 1550.35 MB

Available Pagefile: 1410.03 MB

Total Virtual: 2047.88 MB

Available Virtual: 1963.02 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:147.09 GB) (Free:35.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (OS_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.73 GB) NTFS

Drive g: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 149 GB) (Disk ID: A57F7B24)

Partition 1: (Active) - (Size=147 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
 

========================================================

Disk: 2 (Size: 974 MB) (Disk ID: 956DACEB)

Partition 1: (Not Active) - (Size=974 MB) - (Type=0E)
 
 

LastRegBack: 2013-06-23 13:10
 

==================== End Of Log ============================