BKA Virus? -> schwarzer Bildschirm vor Login auch im abgesicherten Modus

steven28 · 04.09.2013, 13:25

HI Leute,

hab hier von einem Bekannten meines Chefs eine Latop mit Virus zur reperatur.
Soweit ich gehört habe ist ein BKA ähnlicher Trojaner drauf (konnte ich mangels Webfilter geschütztem Internetzugang nicht richtig teste

Symptom ist ein Schwarzer bildschirm bevor noch irgend eine Benutzeranmeldung oder irgendetwas erscheinen würde (auch im Abgesicherten Modus)
Hab schon mehrer Offline Scanner (CT Desinfect, Kaspersky Rescue, Windows Defender Offline)
drüber laufen lassen. Auch mittelles autoruns (offline)( nach verdächtigen booteinträgen gesucht und auch manuelle ein Paar Verdächtige Files umbeannant.
Alles bis jetzt erfolglos (sitz schon 3 Tage an dem ding und mir gehen die Ideen aus).
Entweder hab ich somit irgendetwas übersehen oder der Virus hat das System vernichtet

bevor ich nun aber die Leidige Neuinstallation durchführe wollte ich hier noch fragen ob irgendjemand im frst Log noch auffälligkeiten entdecken kann?
Files mit _blub_ oder _virus_ im Namen wurde von mir umbenannt

Danke für lesen

Zitat:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01
Ran by SYSTEM on MININT-6DPTVIK on 04-09-2013 12:34:48
Running from H:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-01] (Avira Operations GmbH & Co. KG)
S2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
S2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] ()
S2 GtDetectSc; C:\Program Files\T-Mobile\GlobeTrotter Connect\GtDetectSc.exe [314880 2008-05-08] (OptionNV)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-24] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [124928 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [80896 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10624 2007-03-30] (Option N.V.)
S2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\AMPPAL.sys 449D90F1FB6402773C2F1ECCEAE15F74
C:\Windows\System32\DRIVERS\amppal.sys 449D90F1FB6402773C2F1ECCEAE15F74
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 26E38B5A58C6C55FAFBC563EEDDB0867
C:\Windows\System32\DRIVERS\avipbb.sys 9D1F00BEFF84CBBF46D7F052BC7E0565
C:\Windows\System32\DRIVERS\avkmgr.sys 248DB59FC86DE44D2779F4C7FB1A567D
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btmaux.sys 988CC6CC49303665D3B2435C51505C3F
C:\Windows\System32\DRIVERS\btmhsf.sys 2B4B508AFAC2A563931AF1FE875A5B16
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys E13A438F9E51DD034730678E33B73290
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Gt51Ip.sys E69D3BFF7AE9C6D33419A80E13692C2F
C:\Windows\System32\DRIVERS\gt72ubus.sys 7E1EF45F4287614AC48E5AD7B5B46D70
C:\Windows\System32\DRIVERS\gtptser.sys 261CD8A73E74B496C29007EA761CDA05
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\iBtFltCoex.sys 9E3D44CE737388F6BBBB6DD4A1C1847C
C:\Windows\System32\DRIVERS\igdkmd64.sys 54E37A4E66B2CA1C38E9728FAD5F9822
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelaud.sys CADDF0927DAC63EDAE48F5C35A61D87D
C:\Windows\System32\drivers\RTKVHD64.sys F242E36CDA231701CFA702641C20FAEC
C:\Windows\System32\DRIVERS\IntcDAud.sys 6C9FFFECA9FED31347D211C5D1FFBD2D
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\drivers\iusb3hcs.sys 8E4577C6E0D3114170509159DE658907
C:\Windows\system32\drivers\iusb3hub.sys FE76346E9B57DA575BD1B3BD0CCAD7FF
C:\Windows\system32\drivers\iusb3xhc.sys 1008CD90DA2198FFD250298DEB9DF160
C:\Windows\system32\drivers\iwdbus.sys 716F66336F10885D935B08174DC54242
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\system32\drivers\HECIx64.sys 6B01B7414A105B9E51652089A03027CF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwNs64.sys B51E9AD4F4E4F8DBE0AB882756BC5DAB
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Program Files (x86)\PHotkey\PEGAGFN.sys EE926C59CBD4DC4DC9FBB85014A2F1A5
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 135A64530D7699AD48F29D73A658DD11
C:\Windows\System32\DRIVERS\Rt64win7.sys 9140DB0911DE035FED0A9A77A2D156EA
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\SynTP.sys E157A3A7A09BDBB74AFEAB352D5D76F1
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\system32\drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-03 12:34 - 2013-09-03 12:34 - 00000000 ____D C:\FRST
2013-09-02 19:22 - 2013-09-02 19:22 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-09-02 17:30 - 2013-09-04 12:26 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-02 13:30 - 2013-09-02 13:30 - 00000000 ____D C:\Users\Johannes ZZZ\AppData\Local\virus
2013-08-31 18:06 - 2013-08-31 18:06 - 00003288 ____N C:\bootsqm.dat
2013-08-30 15:38 - 2013-08-30 15:38 - 01328127 _____ C:\Users\Johannes ZZZ\AppData\Roaming\virus_2433f433
2013-08-30 15:38 - 2013-08-30 15:38 - 01328110 _____ C:\ProgramData\__blub_2433f433
2013-08-21 16:19 - 2013-07-09 07:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-21 16:19 - 2013-07-09 06:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-21 16:19 - 2013-07-09 06:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-21 16:19 - 2013-07-09 06:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-21 16:19 - 2013-07-09 06:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-21 16:19 - 2013-07-09 05:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-21 16:19 - 2013-07-09 05:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-21 16:19 - 2013-07-09 03:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-21 16:19 - 2013-07-09 03:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-21 16:19 - 2013-07-09 03:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-21 16:19 - 2013-07-09 03:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-17 07:28 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-17 07:28 - 2013-07-09 06:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-17 07:28 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-17 07:28 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-17 07:28 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-17 07:28 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-17 07:28 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-17 07:28 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-17 07:28 - 2013-07-06 07:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-17 07:28 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-17 07:09 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-17 07:09 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-17 07:05 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-17 07:05 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-17 07:05 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-17 07:05 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 13:36 - 2013-07-26 06:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-16 13:36 - 2013-07-26 06:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-16 13:36 - 2013-07-26 06:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-16 13:36 - 2013-07-26 06:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-16 13:36 - 2013-07-26 06:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-16 13:36 - 2013-07-26 06:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-16 13:36 - 2013-07-26 06:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-16 13:36 - 2013-07-26 06:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-16 13:36 - 2013-07-26 06:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-16 13:36 - 2013-07-26 06:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-16 13:36 - 2013-07-26 06:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-16 13:36 - 2013-07-26 06:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-16 13:36 - 2013-07-26 06:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-16 13:36 - 2013-07-26 06:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-16 13:36 - 2013-07-26 04:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-16 13:36 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 13:36 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 13:36 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 13:36 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 13:36 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 13:36 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 13:36 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 13:36 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 13:36 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 13:36 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 13:36 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 13:36 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 13:36 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 13:36 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 13:36 - 2013-07-26 03:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-16 13:36 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

2013-09-04 12:26 - 2013-09-02 17:30 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-03 12:46 - 2012-05-11 10:22 - 00000000 ____D C:\users\Johannes ZZZ
2013-09-03 12:34 - 2013-09-03 12:34 - 00000000 ____D C:\FRST
2013-09-02 19:22 - 2013-09-02 19:22 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-09-02 13:30 - 2013-09-02 13:30 - 00000000 ____D C:\Users\Johannes ZZZ\AppData\Local\virus
2013-09-01 16:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 16:53 - 2009-07-14 05:51 - 00110059 _____ C:\Windows\setupact.log
2013-09-01 07:27 - 2012-05-11 10:11 - 01152435 _____ C:\Windows\WindowsUpdate.log
2013-09-01 07:23 - 2012-05-11 10:34 - 00000000 ____D C:\Users\Johannes ZZZ\Documents\Youcam
2013-08-31 18:06 - 2013-08-31 18:06 - 00003288 ____N C:\bootsqm.dat
2013-08-30 15:38 - 2013-08-30 15:38 - 01328127 _____ C:\Users\Johannes ZZZ\AppData\Roaming\virus_2433f433
2013-08-30 15:38 - 2013-08-30 15:38 - 01328110 _____ C:\ProgramData\__blub_2433f433
2013-08-30 15:33 - 2009-07-14 05:45 - 00017488 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 15:33 - 2009-07-14 05:45 - 00017488 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 16:54 - 2012-05-11 11:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-29 16:22 - 2008-06-03 12:16 - 00271360 _____ C:\Users\Johannes ZZZ\Documents\Outlook.pst
2013-08-22 15:58 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-16 13:32 - 2012-02-21 19:50 - 00654166 _____ C:\Windows\System32\perfh007.dat
2013-08-16 13:32 - 2012-02-21 19:50 - 00130006 _____ C:\Windows\System32\perfc007.dat
2013-08-16 13:32 - 2009-07-14 06:13 - 01519874 _____ C:\Windows\System32\PerfStringBackup.INI

Files to move or delete:
====================
C:\ProgramData\virus_bsasssblsass.exe
C:\Users\Johannes ZZZ\__hpothb07__.dat

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-11 16:44:15
Restore point made on: 2013-04-11 16:44:22
Restore point made on: 2013-04-11 16:44:22
Restore point made on: 2013-04-11 16:44:23
Restore point made on: 2013-04-11 16:45:11
Restore point made on: 2013-04-11 16:45:22
Restore point made on: 2013-04-11 16:45:29
Restore point made on: 2013-05-16 07:22:23
Restore point made on: 2013-05-16 14:43:00
Restore point made on: 2013-05-17 06:58:56
Restore point made on: 2013-06-14 17:02:47
Restore point made on: 2013-06-28 13:52:53
Restore point made on: 2013-07-02 17:55:35
Restore point made on: 2013-07-04 05:40:23
Restore point made on: 2013-07-08 05:33:23
Restore point made on: 2013-07-12 05:47:12
Restore point made on: 2013-07-13 06:21:25
Restore point made on: 2013-07-15 16:53:24
Restore point made on: 2013-08-16 13:29:22
Restore point made on: 2013-08-19 17:35:11
Restore point made on: 2013-08-22 08:12:32
Restore point made on: 2013-08-29 16:53:44
Restore point made on: 2013-09-03 13:36:03

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=Y:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {de95124e-9b50-11e1-816e-82393b3e1c01}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {de951250-9b50-11e1-816e-82393b3e1c01}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {de95124e-9b50-11e1-816e-82393b3e1c01}
nx OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner {de951250-9b50-11e1-816e-82393b3e1c01}
device ramdisk=[C:]\Recovery\de951250-9b50-11e1-816e-82393b3e1c01\Winre.wim,{de951251-9b50-11e1-816e-82393b3e1c01}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\de951250-9b50-11e1-816e-82393b3e1c01\Winre.wim,{de951251-9b50-11e1-816e-82393b3e1c01}
systemroot \windows
nx OptIn
winpe Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {de95124e-9b50-11e1-816e-82393b3e1c01}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes

EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes

Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM-Defekte
-----------
Bezeichner {badmemory}

Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}

Ger„teoptionen
--------------
Bezeichner {de951251-9b50-11e1-816e-82393b3e1c01}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\de951250-9b50-11e1-816e-82393b3e1c01\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8086.48 MB
Available physical RAM: 7260.29 MB
Total Pagefile: 8084.63 MB
Available Pagefile: 7252.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:414.66 GB) (Free:352.42 GB) NTFS
Drive e: (Recover) (Fixed) (Total:50 GB) (Free:20.88 GB) NTFS
Drive f: (GRMCENXVOL_DE_DVD) (CDROM) (Total:2.86 GB) (Free:0 GB) UDF
Drive h: (HITMANPRO) (Removable) (Total:30.05 GB) (Free:29.67 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (Size: 30 GB) (Disk ID: 9D29AB1C)
Partition 1: (Active) - (Size=30 GB) - (Type=0B)

LastRegBack: 2013-08-27 11:33

==================== End Of Log ============================

Danke LG
Stefan

BKA Virus? -> schwarzer Bildschirm vor Login auch im abgesicherten Modus

Log-Analyse und Auswertung: BKA Virus? -> schwarzer Bildschirm vor Login auch im abgesicherten Modus

BKA Virus? -> schwarzer Bildschirm vor Login auch im abgesicherten Modus

Ähnliche Themen: BKA Virus? -> schwarzer Bildschirm vor Login auch im abgesicherten Modus