Trojaner-Board - GVU TROJANER- WINDOWS 8- frst.text anbei

Hallo zusammen,
habe Probleme mit einem GVU-Trojaner unter Windows 8 (nach Sperrbildschirm geht nichts mehr).
Anbei der frst.text des Scans.

Vielen Dank im voraus!

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-07-2013

Ran by SYSTEM on 19-07-2013 17:35:10

Running from D:\

Windows 8 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)

HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223245 2012-07-27] ()

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()

HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [x]

HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-08-01] (Intel Corporation)

HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - "C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe" [1498624 2012-08-09] (Toshiba)

HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-08] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes [x]

HKLM-x32\...\Run: [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes [6884352 2012-08-22] (Pegatron Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1644680 2013-02-08] (Ask)

HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)

HKU\MariaTeresa\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARIAT~1\AppData\Local\Temp\tdidplsekibgssuhv.exe [61440 2013-07-18] (NVIDIA Corporation) <===== ATTENTION

HKU\MariaTeresa\...\Winlogon: [Shell] cmd.exe [404992 2012-07-25] (Microsoft Corporation) <==== ATTENTION 

HKU\MariaTeresa\...\Command Processor: "C:\Users\MARIAT~1\AppData\Local\Temp\tdidplsekibgssuhv.exe" <===== ATTENTION!

Startup: C:\Users\MariaTeresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 

==================== Services (Whitelisted) =================
 

S2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()

S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)

S2 ToggleDesktop; C:\Program Files (x86)\Skip Metro Suite\toggledesktopservice.exe [11264 2012-09-01] (hxxp://winaero.com)

S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)

S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
 

==================== Drivers (Whitelisted) ====================
 

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)

S2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)

S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation                           )

S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

Code:

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-07-19 17:35 - 2013-07-19 17:35 - 00000000 ____D C:\FRST

2013-07-18 04:10 - 2013-07-18 04:10 - 01084744 _____ C:\Users\MariaTeresa\AppData\Local\2433f433

2013-07-18 04:10 - 2013-07-18 04:10 - 01084724 _____ C:\ProgramData\2433f433

2013-07-18 04:10 - 2013-07-18 04:10 - 01084705 _____ C:\Users\MariaTeresa\AppData\Roaming\2433f433

2013-07-16 14:58 - 2013-06-01 03:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-07-16 14:58 - 2013-06-01 01:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2013-07-16 14:58 - 2013-06-01 01:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll

2013-07-16 14:58 - 2013-05-19 16:08 - 00386642 _____ C:\Windows\System32\ApnDatabase.xml

2013-07-16 14:57 - 2013-06-16 14:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2013-07-16 14:57 - 2013-06-01 03:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys

2013-07-16 14:57 - 2013-06-01 03:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys

2013-07-16 14:57 - 2013-06-01 03:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2013-07-16 14:57 - 2013-06-01 03:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS

2013-07-16 14:57 - 2013-06-01 03:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS

2013-07-16 14:57 - 2013-06-01 03:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-07-16 14:57 - 2013-06-01 03:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys

2013-07-16 14:57 - 2013-06-01 02:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

2013-07-16 14:57 - 2013-06-01 01:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-07-16 14:57 - 2013-06-01 01:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll

2013-07-16 14:57 - 2013-06-01 01:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2013-07-16 14:57 - 2013-06-01 01:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll

2013-07-16 14:57 - 2013-06-01 01:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll

2013-07-16 14:57 - 2013-06-01 01:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\vds.exe

2013-07-16 14:57 - 2013-06-01 01:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-07-16 14:57 - 2013-06-01 01:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-07-16 14:57 - 2013-06-01 01:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\vdsutil.dll

2013-07-16 14:57 - 2013-06-01 01:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\MbaeParserTask.exe

2013-07-16 14:57 - 2013-06-01 01:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll

2013-07-16 14:57 - 2013-06-01 01:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\System32\samlib.dll

2013-07-16 14:57 - 2013-06-01 01:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll

2013-07-16 14:57 - 2013-06-01 01:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll

2013-07-16 14:57 - 2013-06-01 01:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\System32\mscms.dll

2013-07-16 14:57 - 2013-06-01 01:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll

2013-07-16 14:57 - 2013-06-01 01:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\DeviceSetupManager.dll

2013-07-16 14:57 - 2013-05-31 19:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys

2013-07-16 14:57 - 2013-05-24 14:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi

2013-07-16 14:57 - 2013-05-24 14:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe

2013-07-16 14:57 - 2013-05-24 14:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi

2013-07-16 14:57 - 2013-05-24 14:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe

2013-07-13 17:09 - 2013-07-13 17:09 - 00307904 _____ C:\Windows\System32\FNTCACHE.DAT

2013-07-13 13:32 - 2013-07-15 07:25 - 00024366 _____ C:\Users\MariaTeresa\Desktop\Literaturauszüge für MA.odt

2013-07-10 16:00 - 2013-04-11 14:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-07-10 16:00 - 2013-04-11 14:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-07-10 15:59 - 2013-06-01 01:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2013-07-10 15:59 - 2013-06-01 01:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll

2013-07-10 15:59 - 2013-05-30 15:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-07-10 15:57 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-10 15:57 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-10 15:57 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-10 15:57 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-10 15:57 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-10 15:57 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-10 15:57 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-10 15:57 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-10 15:57 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-07-10 15:57 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-07-10 15:57 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-07-10 15:57 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-07-10 15:57 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-07-10 15:57 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-07-10 15:57 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-07-10 15:57 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-07-10 15:57 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-07-10 15:57 - 2013-05-03 22:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL

2013-07-10 15:57 - 2013-05-03 20:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-10 05:45 - 2013-07-10 05:45 - 00049669 _____ C:\Users\MariaTeresa\Desktop\Gentrifizierungs Masterarbeit.odt

2013-07-07 03:06 - 2013-07-07 03:14 - 00050678 _____ C:\Users\MariaTeresa\Desktop\Teil 2 für Steffen.odt

2013-07-03 12:24 - 2013-05-15 14:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\tssdisai.dll

2013-07-02 07:49 - 2013-07-02 07:56 - 00039559 _____ C:\Users\MariaTeresa\Desktop\Masterarbeit_fuer_Steffen.odt

2013-06-21 07:48 - 2013-06-21 08:00 - 00000000 ____D C:\Users\MariaTeresa\Desktop\Linden-Nord

2013-06-20 10:18 - 2013-06-20 10:18 - 00000000 ____D C:\Users\MariaTeresa\Desktop\MP Navigator EX

2013-06-20 07:39 - 2013-06-20 07:40 - 00000000 ____D C:\Users\MariaTeresa\Desktop\London
 

==================== One Month Modified Files and Folders =======
 

2013-07-19 17:35 - 2013-07-19 17:35 - 00000000 ____D C:\FRST

2013-07-19 07:28 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru

2013-07-18 17:21 - 2012-07-26 00:12 - 00000000 __RHD C:\Users\Public\Libraries

2013-07-18 17:21 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\System32\Sysprep

2013-07-18 17:21 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\System32\oobe

2013-07-18 07:33 - 2012-08-01 08:38 - 00753134 _____ C:\Windows\System32\perfh007.dat

2013-07-18 07:33 - 2012-08-01 08:38 - 00155826 _____ C:\Windows\System32\perfc007.dat

2013-07-18 07:33 - 2012-07-25 23:28 - 01745416 _____ C:\Windows\System32\PerfStringBackup.INI

2013-07-18 07:29 - 2012-07-25 23:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-07-18 04:10 - 2013-07-18 04:10 - 01084744 _____ C:\Users\MariaTeresa\AppData\Local\2433f433

2013-07-18 04:10 - 2013-07-18 04:10 - 01084724 _____ C:\ProgramData\2433f433

2013-07-18 04:10 - 2013-07-18 04:10 - 01084705 _____ C:\Users\MariaTeresa\AppData\Roaming\2433f433

2013-07-18 03:45 - 2013-02-16 08:03 - 01162196 _____ C:\Windows\WindowsUpdate.log

2013-07-17 12:31 - 2013-02-27 04:07 - 00097185 _____ C:\Users\MariaTeresa\Desktop\Start_Masterarbeit.odt

2013-07-17 11:06 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\BBI

2013-07-15 07:25 - 2013-07-13 13:32 - 00024366 _____ C:\Users\MariaTeresa\Desktop\Literaturauszüge für MA.odt

2013-07-15 03:21 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-07-14 10:32 - 2013-06-12 09:57 - 00045238 _____ C:\Users\MariaTeresa\Desktop\Masterarbeit_02_2013.odt

2013-07-14 07:26 - 2013-02-27 05:00 - 00022381 _____ C:\Users\MariaTeresa\Desktop\Literaturverzeichnis_Masterarbeit.odt

2013-07-13 17:09 - 2013-07-13 17:09 - 00307904 _____ C:\Windows\System32\FNTCACHE.DAT

2013-07-12 03:30 - 2013-02-18 23:49 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-07-10 16:18 - 2012-07-25 23:52 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-10 05:45 - 2013-07-10 05:45 - 00049669 _____ C:\Users\MariaTeresa\Desktop\Gentrifizierungs Masterarbeit.odt

2013-07-07 06:29 - 2013-02-27 05:00 - 00016565 _____ C:\Users\MariaTeresa\Desktop\Deckblatt_Inhaltsverzeichnis_Masterarbeit.odt

2013-07-07 03:14 - 2013-07-07 03:06 - 00050678 _____ C:\Users\MariaTeresa\Desktop\Teil 2 für Steffen.odt

2013-07-06 06:11 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache

2013-07-05 18:00 - 2012-07-25 21:37 - 00000000 ____D C:\Windows\servicing

2013-07-04 11:44 - 2013-02-16 08:17 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3497224504-2634674855-4271593655-1001

2013-07-04 05:50 - 2013-03-22 09:08 - 00000000 ____D C:\ProgramData\CanonIJPLM

2013-07-02 09:54 - 2013-05-19 11:39 - 00000000 ____D C:\Users\MariaTeresa\Desktop\Material für Masterarbeit

2013-07-02 07:56 - 2013-07-02 07:49 - 00039559 _____ C:\Users\MariaTeresa\Desktop\Masterarbeit_fuer_Steffen.odt

2013-07-01 13:38 - 2012-07-25 23:21 - 00027300 _____ C:\Windows\setupact.log

2013-06-30 12:25 - 2013-05-21 06:55 - 00024569 _____ C:\Users\MariaTeresa\Desktop\Wohnungstabelle.ods

2013-06-27 14:04 - 2013-05-18 12:35 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-06-27 14:04 - 2013-05-18 12:35 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-06-25 14:16 - 2013-05-19 11:44 - 00000000 ____D C:\Users\MariaTeresa\Desktop\Uni-allgemein

2013-06-25 11:12 - 2013-02-16 10:22 - 00242176 ___SH C:\Users\MariaTeresa\Desktop\Thumbs.db

2013-06-25 11:11 - 2013-05-19 11:45 - 00000000 ____D C:\Users\MariaTeresa\Desktop\Broschüre

2013-06-21 08:00 - 2013-06-21 07:48 - 00000000 ____D C:\Users\MariaTeresa\Desktop\Linden-Nord

2013-06-20 10:18 - 2013-06-20 10:18 - 00000000 ____D C:\Users\MariaTeresa\Desktop\MP Navigator EX

2013-06-20 07:41 - 2013-05-19 11:35 - 00000000 ____D C:\Users\MariaTeresa\Desktop\öko-test

2013-06-20 07:40 - 2013-06-20 07:39 - 00000000 ____D C:\Users\MariaTeresa\Desktop\London
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe

[2013-07-16 14:57] - [2013-06-01 03:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D
 

C:\Windows\SysWOW64\explorer.exe

[2013-07-16 14:57] - [2013-06-01 02:24] - 2106176 ____A (Microsoft Corporation) EAFE46B0292D2BD2467835E2ACF717CC
 

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2013-07-16 14:57] - [2013-06-01 03:26] - 0327936 ____A (Microsoft Corporation) 78A5BBA3819FFFC62FFEC3E2220D102D
 
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2013-07-10 16:02:07

Restore point made on: 2013-07-14 03:10:52
 

==================== Memory info =========================== 
 

Percentage of memory in use: 11%

Total physical RAM: 7779.26 MB

Available physical RAM: 6913.13 MB

Total Pagefile: 7779.26 MB

Available Pagefile: 6929.45 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: (TI30993600A) (Fixed) (Total:585.84 GB) (Free:537.93 GB) NTFS (Disk=0 Partition=4)

Drive d: (INTENSO) (Removable) (Total:7.52 GB) (Free:7.51 GB) FAT32 (Disk=1 Partition=1)

Drive e: (System) (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS (Disk=0 Partition=1)

Drive h: (Recovery) (Fixed) (Total:9.51 GB) (Free:0.64 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 596 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type

========================================================

Disk: 1 (Size: 8 GB) (Disk ID: 6F20736B)

Partition 1: (Not Active) - (Size=544 GB) - (Type=72)

Partition 2: (Not Active) - (Size=923 GB) - (Type=65)

Partition 3: (Not Active) - (Size=923 GB) - (Type=79)

Partition 4: (Not Active) - (Size=27 MB) - (Type=0D)
 
 

LastRegBack: 2013-07-12 02:48
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---