BKA - Virus neu "Mit Webcam Bild" Erst einmal "Hallo" beim Trojaner Board - bin neu dabei und ihr seit auch meine letzte Hoffnung.
Habe einen BKA/Landeskriminalamt/U-Cash Virus (mit Webcam Bild) eingefangen.
Betriebssystem: Windows7 Build 7601 :SP1
Mit Kaspersky Rettungs-CD mit neuesten Update hat die "unlockwindows" Funktion nichts gebracht.
Bitte um Hilfe - bin am verzweifeln...
Hier der Scan mit FRST64: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2013 01
Ran by SYSTEM on 03-07-2013 20:47:50
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" [1123320 2010-06-15] (Check Point Software Technologies)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [357936 2009-08-28] (Acronis)
HKLM\...\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [1043968 2010-06-28] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [129584 2010-09-21] (VMware, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5078416 2009-08-28] (Acronis)
HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [221256 2011-09-07] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKU\Admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-17] (Google Inc.)
HKU\Cary\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Cary\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Cary\...\Run: [acSecurityLayer] C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe [3605704 2012-05-22] (A-Trust GmbH)
HKU\Cary\...\Run: [AdobeBridge] [x]
HKU\Dummy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-17] (Google Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\a.sign Client.lnk
ShortcutTarget: a.sign Client.lnk -> C:\Program Files (x86)\A-Trust GmbH\a.sign Client\ASignLauncher.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Cary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Cary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\Cary\AppData\Local\Temp\tldaqkrgqskqutuebig.bfg (Microsoft Corporation)
Startup: C:\Users\Dummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) =================
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S2 GtDetectSc; C:\Program Files (x86)\Option\GlobeTrotter Connect\GtDetectSc.exe [312320 2007-12-18] (OptionNV)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [823288 2010-06-15] (Check Point Software Technologies)
S2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-09-24] (Nitro PDF Software)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)
S2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] ()
S2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2010-03-25] (Vodafone)
S2 vsmon; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2435592 2010-06-28] (Check Point Software Technologies LTD)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021840 2011-04-20] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-02] (SlySoft, Inc.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-20] (Avira Operations GmbH & Co. KG)
S0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2011-01-17] (Bytemobile, Inc.)
S3 GKUPRO2D; C:\Windows\System32\Drivers\GKUPRO2D.sys [120064 2012-06-10] (Gemalto)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10624 2009-08-18] (Option N.V.)
S3 GTUQBUS; C:\Windows\System32\DRIVERS\gtuqbus.sys [50944 2009-08-18] (Option N.V.)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33528 2010-06-15] (Check Point Software Technologies)
S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2011-01-17] (Bytemobile, Inc.)
S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2011-01-17] (Bytemobile, Inc.)
S0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2011-04-19] (Acronis)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458840 2010-05-15] (Check Point Software Technologies LTD)
S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-07-15] (Jungo)
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\afcdp.sys 7F64EA2FCE77830C020B2E387C0FAC05
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\AnyDVD.sys 147866AF11F5EAB84C52436C9CAE3693
C:\Windows\system32\drivers\Apfiltr.sys 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 08BAAA2432E81031A6C3B11AD5A67E2B
C:\Windows\System32\DRIVERS\avgntflt.sys 09E6069EF94B345061B4BD3CEBD974C8
C:\Windows\System32\DRIVERS\avipbb.sys 488486DAD09A5B6C6DBB8B990A8B2307
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\BMLoad.sys 8B1E76B5F86DF4396D77AB09787F6D37
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\drivers\btwampfl.sys 59E3510784548C6939C1B3B985C232E3
C:\Windows\System32\drivers\btwaudio.sys 1872074ED0A3FB22E3F1E3197B984BFA
C:\Windows\System32\DRIVERS\btwavdt.sys 691CF076C33AB1C3A5B2FD5450300733
C:\Windows\System32\DRIVERS\btwl2cap.sys 07096D2BC22CCB6CEA5A532DF0BE8A75
C:\Windows\System32\DRIVERS\btwrchid.sys C9273B20DEC8CE38DBCE5D29DE63C907
C:\Windows\System32\DRIVERS\busenum.sys FC278504BFA3AC7E9ED92359D0EE7282
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\Drivers\GKUPRO2D.sys 1A2D1C54C3731A8D511032884EC53339
C:\Windows\System32\drivers\grmnusb.sys 2ED7FF3E1ADA4092632393781518B3A7
C:\Windows\System32\DRIVERS\gtptser.sys 2F3DBA5CDC388BC0500DE0EEDC8C81AE
C:\Windows\System32\DRIVERS\gtuqbus.sys 3DDC61C7F44238285990EACEA448C68B
C:\Windows\system32\drivers\hcmon.sys 94D46DED293C216822FB39DF2EC6ADD4
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys 4B6363CD4610BB848531BB260B15DFCC
C:\Windows\System32\drivers\RTKVHD64.sys 526E482AFB586CB1CDD687869DECF686
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 01F2AB91DE44A98834C27D265E8EBECB
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys 6F4607E2333FE21E9E3FF8133A88B35B
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s64.sys 18555F48844C2861D9DCE8F2B7223AE5
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys 285ACEC1B13A15BA520AAE06BACB9CFF
C:\Windows\system32\drivers\nusb3xhc.sys F6D625FF7B56BB6EA063F0D3A5BBC996
C:\Windows\System32\drivers\nvhda64v.sys 857FB74754EBFF94EE3AD40788740916
C:\Windows\System32\DRIVERS\nvlddmkm.sys FBE6AC1C3591CB67543FAD15ABD26BCB
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\system32\drivers\regi.sys 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6
C:\Windows\system32\drivers\regi.sys 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\system32\drivers\rimssne64.sys FA6ABC06B629DA29634D31F1FE0347BD
C:\Windows\system32\drivers\risdsne64.sys 8F8539A7F5C117D4407B2985995671F2
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\SFEP.sys 286D3889E6AB5589646FF8A63CB928AE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys 20635287FAA016E4E2A07E86C02759B8
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\system32\drivers\tcpipBM.sys FBA939B917976B2C37F1B235DFCD4876
C:\Windows\system32\drivers\tcpipBM.sys FBA939B917976B2C37F1B235DFCD4876
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdrpm251.sys DF9179B7BDF0C5B71F9C3D93C016BAE5
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\timntr.sys F7546EAD58CC3000AC02CF9529B9934E
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys AF1B9474D67897D0C2CFF58E0ACEACCC
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\VClone.sys 84BB306B7863883018D7F3EB0C453BD5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmci.sys 72433D7CFE64134C7D1492785C79EFD6
C:\Windows\system32\drivers\VMkbd.sys 95569794560DB9AA8CF27F890096FFE9
C:\Windows\System32\DRIVERS\vmnetadapter.sys 9D54F1339E78C95BF3D9939EBCB66378
C:\Windows\System32\DRIVERS\vmnetbridge.sys FB54EF3AA613D2832FD3812E7CB2FC75
C:\Windows\system32\drivers\vmnetuserif.sys C220E38410A4E4BA359A366DB081D2EA
C:\Windows\System32\Drivers\vmusb.sys 415B167695C4B5960A13098622EF3D80
C:\Windows\system32\drivers\vmx86.sys 8BAF654FDAD3420D1DAFD57196147457
C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys 3BB37A860A72ED211E66E539943A7B3E
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsdatant.sys 48BFA6276BCC0535F5F8898107ED489A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys E61C910E2DDF4797C1B1F9239636E894
C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys E61C910E2DDF4797C1B1F9239636E894
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\drivers\windrvr6.sys 62A3E830ACC39EAD6CBB69095001F7B0
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys 5250193EF8E173AA7491250F00EB367F
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-03 19:30 - 2010-11-20 14:24 - 00345088 ____A (Microsoft Corporation) C:\Windows\System32\Utilman.exe
2013-07-03 16:31 - 2013-07-03 16:31 - 00000000 ____D C:\FRST
2013-07-03 16:22 - 2013-07-03 16:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-07-03 16:21 - 2013-07-03 16:21 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-03 16:21 - 2013-07-03 16:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-03 16:21 - 2013-07-03 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 16:21 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-03 16:20 - 2013-07-03 16:20 - 00231217 ____A C:\Users\Admin\Desktop\Bka Virus Detective V1.1.zip
2013-07-03 15:56 - 2013-07-03 15:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Intel
2013-07-03 15:52 - 2013-07-03 15:53 - 00018443 ____A C:\AdwCleaner[S1].txt
2013-07-03 15:52 - 2013-07-03 15:52 - 00018282 ____A C:\Users\Admin\Desktop\AdwCleaner[R1].txt
2013-07-03 15:51 - 2013-07-03 15:52 - 00018282 ____A C:\AdwCleaner[R1].txt
2013-07-03 15:50 - 2013-07-03 15:50 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-03 15:47 - 2013-07-03 15:47 - 00650027 ____A C:\Users\Admin\Desktop\adwcleaner.exe
2013-07-03 13:38 - 2013-07-03 13:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Avira
2013-07-03 13:37 - 2013-07-03 16:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Orbit
2013-07-03 13:37 - 2013-07-03 13:39 - 299798528 ____A C:\Users\Admin\Downloads\kav_rescue_10.iso
2013-07-03 13:37 - 2013-07-03 13:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ProgSense
2013-07-03 13:35 - 2013-07-03 13:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Google
2013-07-03 13:34 - 2013-07-03 13:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-07-03 13:34 - 2013-07-03 13:34 - 00000000 ____D C:\Users\Admin\Documents\Bluetooth-Exchange-Ordner
2013-07-03 13:34 - 2013-07-03 13:34 - 00000000 ____D C:\Users\Admin\AppData\Local\Broadcom
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Autodesk
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-07-03 13:32 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\Documents\ForceField Shared Files
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Sony Corporation
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\CheckPoint
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-07-03 13:28 - 2013-07-03 13:28 - 00000165 ____A C:\ProgramData\gibeutuqksqgrkqadlt.reg
2013-07-03 13:28 - 2013-07-03 13:28 - 00000070 ____A C:\ProgramData\gibeutuqksqgrkqadlt.bat
2013-06-20 13:16 - 2013-06-20 13:16 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Avira
2013-06-20 13:11 - 2013-07-01 09:21 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-20 13:10 - 2013-06-20 13:10 - 00001994 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-20 13:10 - 2013-06-20 13:10 - 00000000 ____D C:\ProgramData\Avira
2013-06-20 13:10 - 2013-06-20 13:10 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-20 13:10 - 2013-06-20 13:04 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-20 13:10 - 2013-06-20 13:04 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-20 13:10 - 2013-06-20 13:04 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-20 13:02 - 2013-06-20 13:02 - 02092792 ____A C:\Users\Cary\Desktop\avira_free_antivirus.exe
2013-06-19 21:01 - 2013-06-19 21:19 - 00000000 ____D C:\Users\Cary\Desktop\Bus
2013-06-17 19:46 - 2013-06-17 19:48 - 00000000 ____D C:\Users\Dummy\AppData\Roaming\Google
2013-06-17 19:46 - 2013-06-17 19:46 - 00000000 ____D C:\Users\Dummy\AppData\Local\Google
2013-06-17 19:39 - 2013-06-17 19:56 - 00000000 ____D C:\Users\Dummy\AppData\Roaming\Adobe
2013-06-17 19:35 - 2013-06-17 19:35 - 00000072 ____A C:\Users\Cary\Desktop\EUM - Kopie.bat
2013-06-15 20:09 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 20:09 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 20:09 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 20:09 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 20:09 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 20:08 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 20:08 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 20:08 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 20:08 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 20:08 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 20:08 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 20:08 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 17:05 - 2013-06-12 17:05 - 00564416 ____A (Microsoft Corporation) C:\Users\Cary\Desktop\setupproplusretail.x86.de-de_act_1_.exe
2013-06-12 17:04 - 2013-06-12 17:04 - 00000000 ____A C:\Users\Cary\Desktop\setupproplusretail.x86.de-de_act_1_.exe.4b6qubz.partial
2013-06-12 16:44 - 2013-06-12 16:44 - 01034464 ____A (Solid State Networks) C:\Users\Cary\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-12 16:39 - 2013-06-12 16:39 - 00000000 ____D C:\ProgramData\Mozilla
2013-06-12 16:39 - 2013-06-12 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-11 22:47 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 22:47 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 22:47 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 22:47 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-11 22:47 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-11 22:47 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-11 22:47 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-11 22:47 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 22:47 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 22:47 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 22:47 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-11 22:47 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-11 22:47 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-11 22:47 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 22:47 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-11 22:46 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 22:46 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 22:46 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 22:46 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 18:55 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 18:54 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 18:54 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 18:52 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 18:52 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 18:51 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-11 18:51 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 18:49 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 18:49 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 18:49 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 18:49 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 18:49 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 18:49 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 18:49 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 18:49 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 18:49 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 18:49 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 18:48 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-11 18:48 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-03 00:52 - 2013-06-03 00:52 - 00000132 ____A C:\Users\Cary\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
==================== One Month Modified Files and Folders =======
2013-07-03 19:45 - 2011-01-17 17:05 - 00393216 ____A C:\Windows\System32\Ikeext.etl
2013-07-03 19:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-07-03 19:43 - 2012-09-03 16:16 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Dropbox
2013-07-03 19:43 - 2011-01-23 12:31 - 00000000 ____D C:\ProgramData\VMware
2013-07-03 19:43 - 2010-08-17 09:28 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 19:42 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 19:41 - 2009-07-14 05:51 - 00166611 ____A C:\Windows\setupact.log
2013-07-03 19:40 - 2011-01-14 13:32 - 01784470 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:00 - 2009-07-14 05:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 19:00 - 2009-07-14 05:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 18:52 - 2012-09-03 16:21 - 00000000 ___RD C:\Users\Cary\Dropbox
2013-07-03 17:52 - 2009-07-14 06:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 17:47 - 2010-08-17 09:28 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 16:31 - 2013-07-03 16:31 - 00000000 ____D C:\FRST
2013-07-03 16:30 - 2010-07-29 19:04 - 00093092 ____A C:\Windows\PFRO.log
2013-07-03 16:29 - 2013-07-03 13:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Orbit
2013-07-03 16:25 - 2013-04-30 14:12 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Lyhe
2013-07-03 16:22 - 2013-07-03 16:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-07-03 16:21 - 2013-07-03 16:21 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-03 16:21 - 2013-07-03 16:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-03 16:21 - 2013-07-03 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 16:20 - 2013-07-03 16:20 - 00231217 ____A C:\Users\Admin\Desktop\Bka Virus Detective V1.1.zip
2013-07-03 15:56 - 2013-07-03 15:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Intel
2013-07-03 15:53 - 2013-07-03 15:52 - 00018443 ____A C:\AdwCleaner[S1].txt
2013-07-03 15:52 - 2013-07-03 15:52 - 00018282 ____A C:\Users\Admin\Desktop\AdwCleaner[R1].txt
2013-07-03 15:52 - 2013-07-03 15:51 - 00018282 ____A C:\AdwCleaner[R1].txt
2013-07-03 15:50 - 2013-07-03 15:50 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-03 15:47 - 2013-07-03 15:47 - 00650027 ____A C:\Users\Admin\Desktop\adwcleaner.exe
2013-07-03 15:27 - 2010-08-17 19:01 - 00702466 ____A C:\Windows\System32\perfh007.dat
2013-07-03 15:27 - 2010-08-17 19:01 - 00150782 ____A C:\Windows\System32\perfc007.dat
2013-07-03 15:27 - 2009-07-14 06:13 - 01629470 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 13:39 - 2013-07-03 13:37 - 299798528 ____A C:\Users\Admin\Downloads\kav_rescue_10.iso
2013-07-03 13:38 - 2013-07-03 13:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Avira
2013-07-03 13:37 - 2013-07-03 13:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ProgSense
2013-07-03 13:35 - 2013-07-03 13:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Google
2013-07-03 13:35 - 2013-07-03 13:34 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-07-03 13:34 - 2013-07-03 13:34 - 00000000 ____D C:\Users\Admin\Documents\Bluetooth-Exchange-Ordner
2013-07-03 13:34 - 2013-07-03 13:34 - 00000000 ____D C:\Users\Admin\AppData\Local\Broadcom
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Autodesk
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-07-03 13:33 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-07-03 13:33 - 2012-09-16 23:07 - 00157312 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\Documents\ForceField Shared Files
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Sony Corporation
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\CheckPoint
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-07-03 13:32 - 2012-09-16 23:07 - 00000000 ____D C:\users\Admin
2013-07-03 13:30 - 2011-01-15 13:28 - 00000000 ____D C:\Users\Cary\Documents\Outlook-Dateien
2013-07-03 13:28 - 2013-07-03 13:28 - 00000165 ____A C:\ProgramData\gibeutuqksqgrkqadlt.reg
2013-07-03 13:28 - 2013-07-03 13:28 - 00000070 ____A C:\ProgramData\gibeutuqksqgrkqadlt.bat
2013-07-03 12:18 - 2012-08-14 11:53 - 00000000 ____D C:\Users\Cary\Desktop\Monatsberichte
2013-07-03 12:11 - 2011-01-17 16:24 - 00000000 ____D C:\Users\Cary\AppData\Local\Adobe
2013-07-02 22:14 - 2011-01-19 16:37 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Usenet.nl
2013-07-02 22:10 - 2011-01-19 16:38 - 00000000 ____D C:\usenext
2013-07-01 09:21 - 2013-06-20 13:11 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-27 18:59 - 2012-11-10 18:31 - 00000000 ____D C:\Users\Dummy\AppData\Roaming\Dropbox
2013-06-23 18:14 - 2012-12-17 20:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-23 18:14 - 2012-12-17 20:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-20 13:16 - 2013-06-20 13:16 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Avira
2013-06-20 13:10 - 2013-06-20 13:10 - 00001994 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-20 13:10 - 2013-06-20 13:10 - 00000000 ____D C:\ProgramData\Avira
2013-06-20 13:10 - 2013-06-20 13:10 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-20 13:04 - 2013-06-20 13:10 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-20 13:04 - 2013-06-20 13:10 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-20 13:04 - 2013-06-20 13:10 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-20 13:02 - 2013-06-20 13:02 - 02092792 ____A C:\Users\Cary\Desktop\avira_free_antivirus.exe
2013-06-19 22:09 - 2012-11-10 18:30 - 00000000 ____D C:\users\Dummy
2013-06-19 21:19 - 2013-06-19 21:01 - 00000000 ____D C:\Users\Cary\Desktop\Bus
2013-06-17 19:57 - 2012-11-10 18:30 - 00000000 ____D C:\Users\Dummy\AppData\Local\Adobe
2013-06-17 19:56 - 2013-06-17 19:39 - 00000000 ____D C:\Users\Dummy\AppData\Roaming\Adobe
2013-06-17 19:48 - 2013-06-17 19:46 - 00000000 ____D C:\Users\Dummy\AppData\Roaming\Google
2013-06-17 19:46 - 2013-06-17 19:46 - 00000000 ____D C:\Users\Dummy\AppData\Local\Google
2013-06-17 19:42 - 2012-11-10 18:38 - 00001016 ____A C:\Users\Dummy\Desktop\Dropbox.lnk
2013-06-17 19:35 - 2013-06-17 19:35 - 00000072 ____A C:\Users\Cary\Desktop\EUM - Kopie.bat
2013-06-16 14:03 - 2013-03-01 22:46 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Orbit
2013-06-14 18:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 17:05 - 2013-06-12 17:05 - 00564416 ____A (Microsoft Corporation) C:\Users\Cary\Desktop\setupproplusretail.x86.de-de_act_1_.exe
2013-06-12 17:04 - 2013-06-12 17:04 - 00000000 ____A C:\Users\Cary\Desktop\setupproplusretail.x86.de-de_act_1_.exe.4b6qubz.partial
2013-06-12 16:44 - 2013-06-12 16:44 - 01034464 ____A (Solid State Networks) C:\Users\Cary\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-12 16:39 - 2013-06-12 16:39 - 00000000 ____D C:\ProgramData\Mozilla
2013-06-12 16:39 - 2013-06-12 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-12 16:39 - 2012-06-26 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-11 22:48 - 2011-03-17 23:53 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-09 19:04 - 2011-05-15 12:54 - 00000000 ____D C:\Users\Cary\Desktop\FH
2013-06-09 14:37 - 2013-04-01 13:16 - 00000000 ____D C:\Users\Cary\Desktop\Schupfn
2013-06-08 15:08 - 2013-06-15 20:09 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-15 20:08 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-15 20:08 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-15 20:08 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-15 20:08 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-15 20:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-15 20:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-15 20:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-15 20:08 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-15 20:08 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-15 20:08 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-15 20:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 19:31 - 2012-09-03 16:21 - 00001013 ____A C:\Users\Cary\Desktop\Dropbox.lnk
2013-06-05 20:43 - 2011-10-11 14:41 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Nitro PDF
2013-06-03 00:52 - 2013-06-03 00:52 - 00000132 ____A C:\Users\Cary\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-06-03 00:52 - 2011-05-14 19:03 - 00000000 ____D C:\Users\Cary\Documents\Adobe
2013-06-03 00:52 - 2011-01-14 13:42 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Adobe
Files to move or delete:
====================
C:\ProgramData\gibeutuqksqgrkqadlt.bat
C:\ProgramData\gibeutuqksqgrkqadlt.reg
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=Y:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {a0fa39eb-aa29-11df-841e-5442496601ec}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a0fa39eb-aa29-11df-841e-5442496601ec}
nx OptIn
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{a0fa39ee-aa29-11df-841e-5442496601ec}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{a0fa39ee-aa29-11df-841e-5442496601ec}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {a0fa39eb-aa29-11df-841e-5442496601ec}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {a0fa39ee-aa29-11df-841e-5442496601ec}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8172.93 MB
Available physical RAM: 7306.91 MB
Total Pagefile: 8171.08 MB
Available Pagefile: 7312.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:451.94 GB) (Free:2.74 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:13.72 GB) (Free:0.37 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:0.49 GB) (Free:0.47 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5C92AE1E)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 498 MB) (Disk ID: 000FB349)
Partition 1: (Active) - (Size=498 MB) - (Type=0E)
LastRegBack: 2013-06-24 09:40
==================== End Of Log ============================ |