|
Log-Analyse und Auswertung: Bundestrojaner FixlistWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.03.2014, 22:25 | #1 |
| Bundestrojaner Fixlist Guten Abend! Es ist soweit, nun hat der Bundestrojaner auch meinen Laptop erwischt. Habe bereits die Anleitung zum FRST-Scan befolgt und habe ein Logfile erstellen lassen. Ich würde mich freuen, wenn auch mir jemand eine Fixlist erstellen könnte. Vielen Dank im Vorraus! Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01 Ran by SYSTEM on MININT-NB2K4QK on 08-03-2014 21:19:11 Running from G:\ Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2888352 2013-04-25] (ELAN Microelectronics Corp.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-04-24] (IDT, Inc.) HKLM\...\Run: [DolbyTrayApp] - c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-08-20] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-08-20] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Users\iTunesHelper.exe [152392 2013-09-30] (Apple Inc.) HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2014-01-06] (Iminent) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [775872 2014-01-27] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\Anna\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo) HKU\Anne Marie\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-24] () HKU\Anne Marie\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\Anne Marie\...\Run: [twmnojdn] - regsvr32.exe "C:\ProgramData\twmnojdn.dat" HKU\Anne Marie\...\Run: [Browser Infrastructure Helper] - C:\Users\Anne Marie\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-04] (Smartbar) HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo) HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo) AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [245872 2013-02-24] (NVIDIA Corporation) AppInit_DLLs: c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4183368 2013-11-06] () AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [4067144 2013-10-29] () Startup: C:\Users\Anne Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ojjwe3.lnk ShortcutTarget: 0ojjwe3.lnk -> C:\ProgramData\3ewjjo0.cpp () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Services (Whitelisted) ================= S2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [189592 2013-11-06] () S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-03-22] (Broadcom Corporation.) S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959192 2013-04-02] (Broadcom Corporation.) S2 ETDService; C:\Program Files\Elantech\ETDService.exe [99184 2013-04-11] (ELAN Microelectronics Corp.) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-17] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-10] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-19] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.) S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software) S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-06] (Microsoft Corporation) S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2916672 2014-01-06] (Iminent) S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-29] (TuneUp Software) S2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-08-20] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation) S2 Winmgmt; C:\ProgramData\0ojjwe3.zvv [333040 2014-03-06] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-03-22] (Broadcom Corporation.) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2012-10-13] (Broadcom Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) S3 BTWPANFL; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-19] (Broadcom Corporation.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.) S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-19] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-19] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.) S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [242688 2013-04-24] (QUALCOMM Incorporated) S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [206080 2014-01-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S1 gltcraed; \??\C:\WINDOWS\system32\drivers\gltcraed.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498 C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DB C:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9C C:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130C C:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2 C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43 C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8 C:\Windows\System32\drivers\AcpiVpc.sys 3B42D95D20CD2AACDB0564471AE43ED7 C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80F C:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72 C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75 C:\Windows\system32\drivers\afd.sys 7C0E0EDF18D6CC565D7BFBB451709FA5 C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9 C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9 C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6 C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304 C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164 C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7 C:\Windows\system32\drivers\AmUStor.SYS 7D676814DE129391D423F3D97F590414 C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233 C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7 C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644 C:\Windows\system32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6A C:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9 C:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDD C:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334 C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606 C:\Windows\system32\drivers\bcbtums.sys 455EB0128FD08E07EACE0C6F754A3AAD C:\Windows\system32\DRIVERS\bcmwl63a.sys 5F00A5B5563DF63C69471A7774A32222 C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183 C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840E C:\Windows\System32\drivers\BthAvrcpTg.sys 6695200F455E251F0BCC9CE4D0978D59 C:\Windows\system32\DRIVERS\BthEnum.sys A8B20D852B07AE19A13B5D47EC4E4C3B C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4 C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1 C:\Windows\system32\DRIVERS\BthLEEnum.sys 42201C346F0B8C458E1E9CDE04D68A2C C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97 C:\Windows\system32\DRIVERS\bthpan.sys 091BB978E9504D0AD14586929431A957 C:\Windows\System32\Drivers\BTHport.sys 13795CAA34239D97A7211E7F9D96E012 C:\Windows\System32\Drivers\BTHUSB.sys 1F715957F5236D30B6020A19A4271F6A C:\WINDOWS\system32\drivers\btwampfl.sys 55D13AE8E3B73671448D863CBBE4927C C:\Windows\system32\drivers\btwaudio.sys 1DB17CBEF587A795E54CF1FAF80A3ED7 C:\Windows\System32\drivers\btwavdt.sys 35BAD5FEE5FD66205521B8A83A60B5AF C:\Windows\system32\DRIVERS\btwl2cap.sys C3C8974D99F976C927165363855690CD C:\WINDOWS\system32\drivers\btwpanfl.sys 1D1591BB5356D4160C15F754886EEE98 C:\Windows\System32\drivers\btwrchid.sys 8B48C53FA923297E1AE282552403C112 C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772 C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EE C:\Windows\System32\drivers\cfwids.sys C3EF5F5F169165C01DF8DB9F884D3F1C C:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2E C:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3 C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313 C:\Windows\System32\Drivers\cng.sys E708BFF0473EC6B271EA46B65B16CA56 C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92 C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22D C:\Windows\System32\drivers\dam.sys FAEF4C245BE832DB41B15DAAC336AFB7 C:\Windows\System32\Drivers\dfsc.sys 09D9EB9E7898F8E6561473A20CC808B9 C:\Windows\system32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409 C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0 C:\Windows\System32\drivers\disk.sys AE3786294CC246A5403783E1B86A0168 C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567A C:\Windows\system32\DRIVERS\Dot4.sys 27069CFFF29B7F04F4B1BB10154BE52B C:\Windows\System32\drivers\Dot4Prt.sys 0BD906A79F9CE3013F7D9D0AC45F9F9D C:\Windows\system32\DRIVERS\dot4usb.sys B7D595F2F464F7B628AD53F06547792C C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FF C:\Windows\System32\drivers\dxgkrnl.sys E6AF4DF1817953D73C519B17CF849756 C:\Windows\system32\DRIVERS\e1i63x64.sys 651FBD69A9713D623D456A240F96179C C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4 C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098 C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2 C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6B C:\Windows\system32\DRIVERS\ETD.sys B25672B419DB9F9E53A9F06393514C09 C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03 C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282 C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4 C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397 C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02 C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1D C:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467D C:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705 C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8 C:\Windows\System32\DRIVERS\fvevol.sys C1646A95EAC515F60CDB2A7A8A013C1E C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2 C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28D C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541 C:\Windows\System32\Drivers\msgpioclx.sys FC2B8B06BDBD3B6457F5A3DA9AD2410E C:\Windows\system32\drivers\HdAudio.sys 630555943E5A3FE21010CE91EC7FC84F C:\Windows\System32\drivers\HDAudBus.sys 7D87B5B6C7188D553E11B59DC7F0B111 C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082C C:\Windows\System32\drivers\hidbth.sys 085F150D002B7F0153D3C06DDF33A143 C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4 C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06 C:\Windows\System32\drivers\hidusb.sys 012C354B4AB48E9A7A657DF39E3A2073 C:\Windows\System32\drivers\HipShieldK.sys 29F981739E50305128022CBE10B3659C C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CF C:\Windows\System32\drivers\HTTP.sys F4A91D985EB9D1D2717D538F3424603C C:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94 C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27 C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352C C:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3 C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62 C:\Windows\system32\DRIVERS\igdkmd64.sys 0245CD3AE14CACF6E2503C42019431D7 C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320 C:\Windows\system32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24 C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0D C:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9 C:\Windows\System32\drivers\IPMIDrv.sys 6E98A046A12AA113F8898AA5D612BD6E C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02 C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77C C:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2 C:\Windows\System32\drivers\msiscsi.sys 69C8BF0BC2B0EA10F130F4D3104DC2EF C:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21 C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6 C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87 C:\Windows\System32\Drivers\ksecdd.sys DFA480F6DED551464F3A5B959F437800 C:\Windows\System32\Drivers\ksecpkg.sys 127FB0AAD232BAAD2C9BBACD374F4FC5 C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0 C:\Windows\system32\DRIVERS\L1C63x64.sys 50AECF8C21AB2A6428A6E1E10549D8E5 C:\Windows\System32\DRIVERS\LhdX64.sys BE166935083F9C38EDFDC21B9A7A679B C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DC C:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2 C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34F C:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5EC C:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99F C:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368 C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3C C:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0 C:\Windows\System32\drivers\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85 C:\Windows\System32\drivers\mfeapfk.sys 895040402C88062B6E1F722AF01A1667 C:\Windows\System32\drivers\mfeavfk.sys B796F6230CF956FC95C6766BF845B3F3 C:\Windows\System32\drivers\mfeelamk.sys 15D02973B14AC639DDBA18353B57F484 C:\Windows\System32\drivers\mfefirek.sys 017664D9DC24B62C368E568011BD2D0A C:\Windows\System32\drivers\mfehidk.sys 238CBB4E02CD1B20A12A683F7AB5AF05 C:\Windows\system32\DRIVERS\mfencbdc.sys 73A92690FF5CFFE5A741912311AA1A6C C:\Windows\system32\DRIVERS\mfencrk.sys CB987596EE0964958AFA677360B6174B C:\Windows\System32\drivers\mfewfpk.sys 1477459C6A9BDE33474B45A32B92D59B C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7B C:\Windows\System32\drivers\monitor.sys EA8EAD3F5B762F889CC7F3966625B48B C:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485E C:\Windows\System32\drivers\mouhid.sys C0ADEBED913295803B579ED288936CBB C:\Windows\System32\drivers\mountmgr.sys 89D263DBF08119CE16273991C120D6DD C:\Windows\System32\drivers\mpsdrv.sys 4CCBBD4944777CA100B9A6C2F149A46F C:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BC C:\Windows\System32\DRIVERS\mrxsmb.sys 93179D48066918323628CB016D8C94DC C:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3 C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C7DD2E5759FFCCD2C7341C1B90F2B26 C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13 C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2 C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03 C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40 C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05E C:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997C C:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CD C:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604 C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641 C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269 C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84 C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1E C:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1 C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001 C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0A C:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664 C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479 C:\Windows\System32\drivers\ndis.sys A10E176F3B2BF83EDE7B5C4658C93B66 C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284 C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440 C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7 C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67 C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8 C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8 C:\Windows\System32\Drivers\NDProxy.sys 3730942D7DB2F8BB5F84542B7FF6F650 C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770 C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4A C:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11 C:\Windows\system32\DRIVERS\NETwNs64.sys 57B9C04D673F236D41FAB03842C8640B C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4 C:\Windows\System32\Drivers\Npfs.sys 17E19A742FB30C002F8B43575451DBE1 C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947 C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0 C:\Windows\System32\Drivers\Ntfs.sys 76929F4A69E425911A63B407E26C2589 C:\Windows\System32\Drivers\Null.sys 4163ADE07DB51843AE31F65B94F5398D C:\Windows\system32\DRIVERS\nvlddmkm.sys D2295591573059CE4B7E4102A3A54B9F C:\Windows\System32\DRIVERS\nvpciflt.sys 195BEF5860E2C60883E9D77CCF620994 C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2 C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9 C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036 C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766 C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3 C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2 C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837 C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269 C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27 C:\Windows\System32\drivers\pdc.sys 0698DEDEAD6A00AD0D468C687D830FBF C:\Windows\System32\drivers\peauth.sys 61FE70659CD43E07F94DA4DC31DEC493 C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADD C:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6D C:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DF C:\Windows\system32\DRIVERS\qcusbser.sys 65D32E9BBCC9FFD36F2BF38C595D283F C:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078E C:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5F C:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CA C:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAE C:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042 C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4 C:\Windows\System32\DRIVERS\rdbss.sys CA03D642ACE58E1BA54E4B383F91CD69 C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68 C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3 C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DA C:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151 C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4 C:\Windows\system32\DRIVERS\rfcomm.sys CCBFCABDFE2BC22F0645CEAADDB36004 C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBF C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965A C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92 C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9E C:\Windows\System32\drivers\sdbus.sys F58B030A0664385C707B8C1C63682041 C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130C C:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5AD C:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6 C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAAB C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1 C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2 C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0D C:\Windows\System32\drivers\spaceport.sys 9110193D93960E38B8692E4519C75D72 C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202 C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 C:\Windows\System32\DRIVERS\srv2.sys 56218A571ECF8D55E0CDFF8DF2546CF1 C:\Windows\System32\DRIVERS\srvnet.sys 14FC338B80CFF7E04215133B568D15C4 C:\Windows\system32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455 C:\Windows\system32\DRIVERS\ssudobex.sys 117DF2CC1758A097CC30305C4B8908C6 C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7 C:\Windows\system32\DRIVERS\stwrt64.sys 6841C97882D372C4ACEA62D419ECCCA1 C:\Windows\System32\drivers\storahci.sys B240874B2CA0CD02E8CD11E140B14C57 C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2 C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59 C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9 C:\Windows\System32\drivers\tcpip.sys DD4249F03598043DED6FA540EB14898A C:\Windows\system32\DRIVERS\tcpip.sys DD4249F03598043DED6FA540EB14898A C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989 C:\Windows\system32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7 C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4 C:\Windows\system32\drivers\tpm.sys E94F7A7B48C7638D1F3F8089344C97B7 C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3 C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513 C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys 45427C4B8CAC6B241478F149B935CD80 C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740 C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1A C:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026 C:\Windows\System32\drivers\ucx01000.sys 061BA3EE0D2BE17944990544008CF190 C:\Windows\System32\DRIVERS\udfs.sys 25C50F4EDF70D0A831E0566BD181CCF2 C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7A C:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860 C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09 C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\drivers\usbccgp.sys C976C4306F9AE133D6BBD47FDFC3BF92 C:\Windows\System32\drivers\usbcir.sys 427B6DB8C05A5A977E8C3525370A2595 C:\Windows\System32\drivers\usbehci.sys B24FDEB1B18496F1B463782235AA3AF1 C:\Windows\System32\drivers\usbhub.sys F8C2A832DF9403F5EA8080CBDBDA95FB C:\Windows\System32\drivers\UsbHub3.sys E5F7328B1D29BCE791862CD3C0DD382A C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422AB C:\Windows\System32\drivers\usbprint.sys 9FDBA6982582A6F2354144980F641E7B C:\Windows\system32\DRIVERS\usbscan.sys AD91D1BBE5D3CF4501887DC1C09384FD C:\Windows\System32\drivers\USBSTOR.SYS BFC7FE4AAEB61317A921871B4085EF4B C:\Windows\System32\drivers\usbuhci.sys 1ABF657259DB57F7E5558E4DF1357C0C C:\Windows\System32\Drivers\usbvideo.sys 9EF7C01D3ACCBC243B5CB1A95865B2FF C:\Windows\System32\drivers\USBXHCI.SYS 8DC398D7B8E02C929A2096E74A170970 C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8 C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BE C:\Windows\System32\drivers\vhdmp.sys 500BE6B2E49883720D0AE8BB859ED7A3 C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1D C:\Windows\System32\Drivers\vm331avs.sys D1ABC88F0A9A0A06658AF978B763C9EF C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0 C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91 C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18 C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824 C:\Windows\System32\drivers\volsnap.sys 78A5BBA3819FFFC62FFEC3E2220D102D C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700D C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353 C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCC C:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611 C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318F C:\Windows\system32\DRIVERS\vwifimp.sys 73FA1A41A97A5C34ADC03B3577FF1A86 C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9 C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051 C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051 C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CB C:\Windows\system32\drivers\WdBoot.sys FD47DF026B32969B8A68721A0243E8EE C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\system32\drivers\WdFilter.sys 5F425D842DD6ADE9F95A51A0616AFAD7 C:\Windows\System32\DRIVERS\wfplwfs.sys 44BB9C31E6242C4BD1CE7C2B440C2533 C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60 C:\Windows\system32\DRIVERS\WinUsb.sys BB20956C424531003F7FA6CD36F11D5D C:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084 C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3 C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6 C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81 C:\Windows\system32\DRIVERS\wsvd.sys 72B4E9DF6456C43C42A1419B09486045 C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-08 21:18 - 2014-03-08 21:18 - 00000000 ____D () C:\FRST 2014-03-07 11:23 - 2014-03-07 11:23 - 00000000 ____D () C:\Users\Anne Marie\AppData\Local\LPT 2014-03-06 11:35 - 2014-03-06 11:35 - 00333040 ____T (Microsoft Corporation) C:\ProgramData\0ojjwe3.zvv 2014-03-05 06:50 - 2014-03-06 12:08 - 00000000 ____D () C:\Users\Anne Marie\Documents\Annas Geschichtsreferat 2014-03-05 06:50 - 2014-03-05 06:50 - 00000000 ____D () C:\Users\Anne Marie\Documents\Benutzerdefinierte Office-Vorlagen 2014-03-04 12:56 - 2014-03-04 12:56 - 00295840 _____ (Microsoft Corporation) C:\ProgramData\twmnojdn.dat 2014-03-04 05:18 - 2014-03-04 05:18 - 00000000 ___RD () C:\Users\Anne Marie\SkyDrive 2014-03-04 05:18 - 2014-03-04 05:18 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive 2014-03-04 05:18 - 2014-03-04 05:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive 2014-03-04 05:12 - 2014-03-04 05:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-03-03 13:30 - 2014-03-03 13:30 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2014-03-02 07:43 - 2014-03-02 07:43 - 00000000 ____D () C:\Users\Anne Marie\Desktop\OpenOffice 4.0.0 (en-US) Installation Files 2014-02-27 19:37 - 2014-03-08 12:02 - 95027928 ____T () C:\ProgramData\0ojjwe3.fee 2014-02-27 19:37 - 2014-02-27 19:37 - 00150016 _____ () C:\ProgramData\3ewjjo0.cpp 2014-02-26 14:42 - 2014-02-26 14:42 - 00016384 ___SH () C:\Users\Anne Marie\Documents\Thumbs.db 2014-02-25 11:29 - 2014-02-25 11:29 - 00536814 _____ () C:\Users\Anne Marie\Documents\Overview Sunglasses for Order 20140217.oxps 2014-02-20 12:38 - 2014-02-28 11:21 - 00000000 ____D () C:\Users\Anne Marie\.tfo4 2014-02-20 12:38 - 2014-02-20 12:38 - 00000000 ____D () C:\Users\Anne Marie\4.0 2014-02-20 12:37 - 2014-02-20 12:37 - 00000000 ____D () C:\ProgramData\Sun 2014-02-20 12:37 - 2014-02-20 12:36 - 00472808 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll 2014-02-20 12:37 - 2014-02-20 12:36 - 00157472 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2014-02-20 12:37 - 2014-02-20 12:36 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2014-02-20 12:37 - 2014-02-20 12:36 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2014-02-20 12:36 - 2014-02-20 12:36 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-20 07:00 - 2014-02-20 07:00 - 00000108 ____H () C:\Users\Anne Marie\Downloads\.~lock.Lebenslauf FOS.docx# 2014-02-17 00:19 - 2014-02-17 00:21 - 00000000 ____D () C:\287bac917809406e59 2014-02-13 12:18 - 2014-02-13 12:18 - 00000000 ____D () C:\ProgramData\saveItkeep 2014-02-12 15:24 - 2013-12-04 15:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll 2014-02-12 15:24 - 2013-12-04 15:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 08:43 - 2013-10-31 21:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2014-02-12 08:42 - 2014-02-01 01:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-02-12 08:42 - 2014-02-01 01:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-02-12 08:42 - 2014-02-01 01:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-02-12 08:42 - 2014-02-01 01:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2014-02-12 08:42 - 2014-02-01 01:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-02-12 08:42 - 2014-02-01 01:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-02-12 08:42 - 2014-01-31 23:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-12 08:42 - 2014-01-31 23:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-12 08:42 - 2014-01-31 23:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-12 08:42 - 2014-01-31 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-12 08:42 - 2014-01-31 23:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-02-12 08:42 - 2014-01-31 23:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-12 08:42 - 2014-01-31 21:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-02-12 08:42 - 2013-12-08 16:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-12 08:42 - 2013-12-08 15:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-02-12 08:42 - 2013-12-04 15:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2014-02-12 08:42 - 2013-12-04 15:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 08:42 - 2013-11-26 16:19 - 00385614 _____ () C:\Windows\System32\ApnDatabase.xml 2014-02-12 08:42 - 2013-11-25 15:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2014-02-12 08:39 - 2014-01-12 15:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2014-02-12 08:39 - 2014-01-12 15:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 08:39 - 2013-11-19 16:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2014-02-12 08:39 - 2013-11-19 15:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll ==================== One Month Modified Files and Folders ======= 2014-03-08 21:18 - 2014-03-08 21:18 - 00000000 ____D () C:\FRST 2014-03-08 12:03 - 2013-08-20 14:29 - 00010752 _____ () C:\Windows\System32\VfService.trf 2014-03-08 12:02 - 2014-02-27 19:37 - 95027928 ____T () C:\ProgramData\0ojjwe3.fee 2014-03-08 12:01 - 2013-12-08 02:29 - 00001378 _____ () C:\Windows\Tasks\LyricsViewer-2-updater.job 2014-03-08 12:00 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-08 12:00 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\System32\config\ELAM 2014-03-07 12:03 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\System32\config\BBI 2014-03-07 12:02 - 2013-11-16 09:21 - 00000000 ____D () C:\Users\Anne Marie\AppData\Roaming\Skype 2014-03-07 12:02 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\sru 2014-03-07 11:40 - 2013-08-20 14:29 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-03-07 11:23 - 2014-03-07 11:23 - 00000000 ____D () C:\Users\Anne Marie\AppData\Local\LPT 2014-03-07 11:22 - 2013-11-06 10:40 - 00000000 ____D () C:\Users\Anne Marie\AppData\Local\Smartbar 2014-03-07 10:39 - 2013-10-16 02:49 - 00000000 ____D () C:\Windows\System32\MRT 2014-03-06 16:22 - 2013-08-20 13:48 - 02005643 _____ () C:\Windows\WindowsUpdate.log 2014-03-06 12:28 - 2013-10-12 11:12 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2503290178-3845495897-2461146176-1002 2014-03-06 12:08 - 2014-03-05 06:50 - 00000000 ____D () C:\Users\Anne Marie\Documents\Annas Geschichtsreferat 2014-03-06 11:35 - 2014-03-06 11:35 - 00333040 ____T (Microsoft Corporation) C:\ProgramData\0ojjwe3.zvv 2014-03-06 07:21 - 2013-12-16 04:32 - 00449112 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-03-06 07:19 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\NDF 2014-03-06 04:44 - 2013-10-24 03:26 - 00000000 ____D () C:\Users\Anne Marie\Documents\Youcam 2014-03-05 06:54 - 2013-11-02 12:03 - 00000000 ____D () C:\Users\Anne Marie\Documents\Daniels Scheiss Geschichten über mich 2014-03-05 06:50 - 2014-03-05 06:50 - 00000000 ____D () C:\Users\Anne Marie\Documents\Benutzerdefinierte Office-Vorlagen 2014-03-05 05:30 - 2013-08-20 23:29 - 00753134 _____ () C:\Windows\System32\perfh007.dat 2014-03-05 05:30 - 2013-08-20 23:29 - 00155826 _____ () C:\Windows\System32\perfc007.dat 2014-03-05 05:30 - 2012-07-25 23:28 - 01745416 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-03-04 12:56 - 2014-03-04 12:56 - 00295840 _____ (Microsoft Corporation) C:\ProgramData\twmnojdn.dat 2014-03-04 05:18 - 2014-03-04 05:18 - 00000000 ___RD () C:\Users\Anne Marie\SkyDrive 2014-03-04 05:18 - 2014-03-04 05:18 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive 2014-03-04 05:18 - 2014-03-04 05:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive 2014-03-04 05:18 - 2013-10-12 11:06 - 00000000 ____D () C:\users\Anne Marie 2014-03-04 05:12 - 2014-03-04 05:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-03-04 05:12 - 2013-10-12 11:06 - 00000000 ____D () C:\Users\Anne Marie\AppData\Local\VirtualStore 2014-03-03 13:30 - 2014-03-03 13:30 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2014-03-03 13:30 - 2012-07-25 23:21 - 00037415 _____ () C:\Windows\setupact.log 2014-03-03 09:01 - 2014-01-20 06:19 - 00000000 ____D () C:\Program Files (x86)\Mobogenie 2014-03-02 07:43 - 2014-03-02 07:43 - 00000000 ____D () C:\Users\Anne Marie\Desktop\OpenOffice 4.0.0 (en-US) Installation Files 2014-02-28 11:21 - 2014-02-20 12:38 - 00000000 ____D () C:\Users\Anne Marie\.tfo4 2014-02-28 11:13 - 2013-10-25 09:58 - 00038912 ___SH () C:\Users\Anne Marie\Desktop\Thumbs.db 2014-02-27 19:37 - 2014-02-27 19:37 - 00150016 _____ () C:\ProgramData\3ewjjo0.cpp 2014-02-26 14:42 - 2014-02-26 14:42 - 00016384 ___SH () C:\Users\Anne Marie\Documents\Thumbs.db 2014-02-26 11:54 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-02-26 11:43 - 2014-01-20 06:18 - 00000000 ____D () C:\Program Files (x86)\Iminent 2014-02-25 11:29 - 2014-02-25 11:29 - 00536814 _____ () C:\Users\Anne Marie\Documents\Overview Sunglasses for Order 20140217.oxps 2014-02-20 12:38 - 2014-02-20 12:38 - 00000000 ____D () C:\Users\Anne Marie\4.0 2014-02-20 12:37 - 2014-02-20 12:37 - 00000000 ____D () C:\ProgramData\Sun 2014-02-20 12:36 - 2014-02-20 12:37 - 00472808 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll 2014-02-20 12:36 - 2014-02-20 12:37 - 00157472 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2014-02-20 12:36 - 2014-02-20 12:37 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2014-02-20 12:36 - 2014-02-20 12:37 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2014-02-20 12:36 - 2014-02-20 12:36 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-20 07:00 - 2014-02-20 07:00 - 00000108 ____H () C:\Users\Anne Marie\Downloads\.~lock.Lebenslauf FOS.docx# 2014-02-20 06:34 - 2013-03-25 13:02 - 00039440 _____ () C:\Windows\PFRO.log 2014-02-18 06:40 - 2014-01-20 06:20 - 00000000 ____D () C:\Users\Anne Marie\AppData\Roaming\newnext.me 2014-02-17 14:03 - 2013-11-16 05:28 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-17 14:03 - 2013-11-16 05:28 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-17 00:21 - 2014-02-17 00:19 - 00000000 ____D () C:\287bac917809406e59 2014-02-17 00:19 - 2013-10-16 02:49 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-02-14 11:33 - 2013-12-08 02:29 - 00000000 ____D () C:\Program Files (x86)\LyricsViewer-2 2014-02-13 12:18 - 2014-02-13 12:18 - 00000000 ____D () C:\ProgramData\saveItkeep 2014-02-13 12:18 - 2013-12-24 08:45 - 00000000 ____D () C:\ProgramData\d23d46f7835f0e1e Files to move or delete: ==================== C:\ProgramData\0ojjwe3.fee C:\ProgramData\0ojjwe3.zvv C:\ProgramData\twmnojdn.dat C:\Users\iTunes.Resources\iPodTZData.dat C:\Users\iTunes.Resources\iTunes.dll C:\Users\iTunes.Resources\iTunesRegistry.dll C:\Users\iTunesHelper.Resources\iTunesHelper.dll C:\Users\Mozilla Plugins\npitunes.dll Some content of TEMP: ==================== C:\Users\Anne Marie\AppData\Local\Temp\1yqh-aav.dll C:\Users\Anne Marie\AppData\Local\Temp\FileSystemView.dll C:\Users\Anne Marie\AppData\Local\Temp\la5lhkt8.dll C:\Users\Anne Marie\AppData\Local\Temp\SHSetup.exe C:\Users\Anne Marie\AppData\Local\Temp\~+JF2218483804938248466.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-02-20 12:36:47 Restore point made on: 2014-02-28 09:46:36 ==================== BCD ================================ Start-Manager fr Firmware -------------------------- Bezeichner {fwbootmgr} displayorder {bootmgr} {620fb0d8-09bc-11e3-9619-806e6f6e6963} {5c557dc5-0a32-11e3-9704-806e6f6e6963} {5c557dc3-0a32-11e3-9704-806e6f6e6963} {5c557dc4-0a32-11e3-9704-806e6f6e6963} timeout 0 Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale de-DE inherit {globalsettings} integrityservices Enable default {default} resumeobject {7d0cbfb6-0a33-11e3-9704-eb7a93176429} displayorder {default} toolsdisplayorder {memdiag} timeout 0 Firmwareanwendung (101fffff) ---------------------------- Bezeichner {5c557dc3-0a32-11e3-9704-806e6f6e6963} description EFI USB Device Firmwareanwendung (101fffff) ---------------------------- Bezeichner {5c557dc4-0a32-11e3-9704-806e6f6e6963} description EFI DVD/CDROM Firmwareanwendung (101fffff) ---------------------------- Bezeichner {5c557dc5-0a32-11e3-9704-806e6f6e6963} description EFI Network Firmwareanwendung (101fffff) ---------------------------- Bezeichner {5c557dc6-0a32-11e3-9704-806e6f6e6963} description EFI Network 0 for IPv4 (54-BE-F7-1D-FB-B1) Firmwareanwendung (101fffff) ---------------------------- Bezeichner {5c557dc7-0a32-11e3-9704-806e6f6e6963} description EFI Network 0 for IPv6 (54-BE-F7-1D-FB-B1) Firmwareanwendung (101fffff) ---------------------------- Bezeichner {620fb0d8-09bc-11e3-9619-806e6f6e6963} device partition=\Device\HarddiskVolume3 path \EFI\Microsoft\Boot\LrsBootMgr.efi description Lenovo Recovery System Windows-Startladeprogramm ------------------------- Bezeichner {default} device partition=C: path \WINDOWS\system32\winload.efi description Windows 8 locale de-DE inherit {bootloadersettings} recoverysequence {current} integrityservices Enable recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {7d0cbfb6-0a33-11e3-9704-eb7a93176429} nx OptIn bootmenupolicy Standard Windows-Startladeprogramm ------------------------- Bezeichner {current} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{7d0cbfb9-0a33-11e3-9704-eb7a93176429} path \windows\system32\winload.efi description Windows Recovery Environment locale de-de inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{7d0cbfb9-0a33-11e3-9704-eb7a93176429} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {7d0cbfb6-0a33-11e3-9704-eb7a93176429} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale de-DE inherit {resumeloadersettings} recoverysequence {current} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems No Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {7d0cbfb9-0a33-11e3-9704-eb7a93176429} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi Optionen zum RAM-Datentr„gersetup --------------------------------- Bezeichner {ramdiskoptions} description Ramdisk options ramdisksdidevice boot ramdisksdipath \boot\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8071.27 MB Available physical RAM: 7154.3 MB Total Pagefile: 8071.27 MB Available Pagefile: 7174.05 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:425.92 GB) (Free:384.19 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.08 GB) NTFS Drive g: (USB WORK) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 5C7C064E) Partition: GPT Partition Type. ======================================================== Disk: 2 (Size: 4 GB) (Disk ID: 649F3E27) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2014-02-26 04:57 ==================== End Of Log ============================ |
08.03.2014, 23:20 | #2 |
/// Malwareteam | Bundestrojaner Fixlist Hallo JackWest,
__________________mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise: Regeln zum Ablauf der Bereinigung
Hinweise Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.
Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 Winmgmt; C:\ProgramData\0ojjwe3.zvv [333040 2014-03-06] (Microsoft Corporation) HKU\Anne Marie\...\Run: [twmnojdn] - regsvr32.exe "C:\ProgramData\twmnojdn.dat" C:\ProgramData\twmnojdn.dat Startup: C:\Users\Anne Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ojjwe3.lnk ShortcutTarget: 0ojjwe3.lnk -> C:\ProgramData\3ewjjo0.cpp () 2014-02-27 19:37 - 2014-03-08 12:02 - 95027928 ____T () C:\ProgramData\0ojjwe3.fee 2014-03-06 11:35 - 2014-03-06 11:35 - 00333040 ____T (Microsoft Corporation) C:\ProgramData\0ojjwe3.zvv Folder: C:\287bac917809406e59
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Kannst du den Computer nach diesem Fix wieder normal starten? Poste folgende Logfiles in deiner nächsten Antwort:
__________________ |
08.03.2014, 23:33 | #3 |
| Bundestrojaner Fixlist Vielen Dank soweit!
__________________Rechner lässt sich jetzt wieder bedienen. Hier die Fixlog-Datei: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2014 01 Ran by SYSTEM at 2014-03-08 23:27:44 Run:1 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** S2 Winmgmt; C:\ProgramData\0ojjwe3.zvv [333040 2014-03-06] (Microsoft Corporation) HKU\Anne Marie\...\Run: [twmnojdn] - regsvr32.exe "C:\ProgramData\twmnojdn.dat" C:\ProgramData\twmnojdn.dat Startup: C:\Users\Anne Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ojjwe3.lnk ShortcutTarget: 0ojjwe3.lnk -> C:\ProgramData\3ewjjo0.cpp () 2014-02-27 19:37 - 2014-03-08 12:02 - 95027928 ____T () C:\ProgramData\0ojjwe3.fee 2014-03-06 11:35 - 2014-03-06 11:35 - 00333040 ____T (Microsoft Corporation) C:\ProgramData\0ojjwe3.zvv Folder: C:\287bac917809406e59 ***************** Winmgmt => Service restored successfully. HKU\Anne Marie\Software\Microsoft\Windows\CurrentVersion\Run\\twmnojdn => Value deleted successfully. C:\ProgramData\twmnojdn.dat => Moved successfully. C:\Users\Anne Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ojjwe3.lnk => Moved successfully. C:\ProgramData\3ewjjo0.cpp => Moved successfully. C:\ProgramData\0ojjwe3.fee => Moved successfully. C:\ProgramData\0ojjwe3.zvv => Moved successfully. ========================= Folder: C:\287bac917809406e59 ======================== 2014-02-17 00:19 - 2014-02-17 00:19 - 88567024 _____ (Microsoft Corporation) C:\287bac917809406e59\MRT.exe ====== End of Folder: ====== ==== End of Fixlog ==== |
08.03.2014, 23:40 | #4 |
/// Malwareteam | Bundestrojaner Fixlist Alles klar . Dann so weiter: Verschiebe bitte die FRST.exe Datei von deinem USB-Stick auf deinen Desktop und führe folgenden Schritt aus. Schritt 1 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
13.03.2014, 15:40 | #5 |
/// Malwareteam | Bundestrojaner Fixlist Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion ermöglichen.
__________________ Gruß, Jonas |
16.03.2014, 14:36 | #6 |
/// Malwareteam | Bundestrojaner Fixlist Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. Falls du weitermachen willst, schicke mir bitte eine private Nachricht. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte folgendes lesen: http://www.trojaner-board.de/69886-a...-beachten.html und einen eigenen Thread erstellen.
__________________ --> Bundestrojaner Fixlist |
Themen zu Bundestrojaner Fixlist |
adobe, association, browser, bundestrojaner bundespolizei, defender, desktop, detected, download, explorer, explorer.exe, fixlist.txt, gvu - trojaner, home, i8042prt.sys, installation, logfile, messenger, microsoft, mozilla, nvidia, nvpciflt.sys, registry, service.exe, services.exe, smartbar, software, svchost.exe, system, temp, usb, usbvideo.sys, winlogon.exe |