GUV Trojaner mit Cam löschen

Nico-Dean · 25.11.2013, 16:50

Hallo,

ich habe auf meinem Laptop den GUV Trojaner mit der Webcam.
Ich habe bereits versucht mit Kaspersky Windowsunlocker das Problem zu beheben, was aber nicht ging, und nun habe ichEuch hier gefunden.

Ich habe bereits von Oldtimer das Programm als Admin Ausgeführt.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11/25/2013 4:04:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chri\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 71.50% Memory free
7.60 Gb Paging File | 6.53 Gb Available in Paging File | 85.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.76 Gb Total Space | 17.99 Gb Free Space | 3.88% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Chri | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/25 15:32:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chri\Desktop\otl.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/07 17:48:31 | 000,136,576 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 02:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Stopped] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Stopped] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/08 17:41:48 | 000,234,096 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/17 10:29:40 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/17 10:13:38 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/10/17 10:11:38 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/25 13:53:30 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/17 15:44:46 | 000,044,480 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/04/21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 08:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2012/02/06 19:38:24 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/06 19:38:24 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/25 13:53:10 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120218.008\EX64.SYS -- (NAVEX15)
DRV - [2011/12/25 13:53:10 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120218.008\ENG64.SYS -- (NAVENG)
DRV - [2011/12/16 00:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120217.003\IDSviA64.sys -- (IDSVia64)
DRV - [2011/12/01 03:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {431CA117-26DE-450D-BF3F-6AE20BD850F1}
IE:64bit: - HKLM\..\SearchScopes\{431CA117-26DE-450D-BF3F-6AE20BD850F1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope = {431CA117-26DE-450D-BF3F-6AE20BD850F1}
IE - HKLM\..\SearchScopes\{431CA117-26DE-450D-BF3F-6AE20BD850F1}: "URL" = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\..\SearchScopes,DefaultScope = {431CA117-26DE-450D-BF3F-6AE20BD850F1}
IE - HKCU\..\SearchScopes\{431CA117-26DE-450D-BF3F-6AE20BD850F1}: "URL" = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/02/10 13:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2013/11/25 15:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B45418F9-6406-4828-9D1A-35313FB1E2D6}: C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013/10/08 17:41:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{B45418F9-6406-4828-9D1A-35313FB1E2D6}: C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013/10/08 17:41:48 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Browser Guard) - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files (x86)\Browser Guard\browserguard.dll (Browser Guard)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (HomeTab) - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Chri\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech LTD.)
O3:64bit: - HKLM\..\Toolbar: (Free PDF Perfect) - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HomeTab) - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Chri\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech LTD.)
O3 - HKLM\..\Toolbar: (Free PDF Perfect) - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AIS_RegApp] C:\Program Files (x86)\Fujitsu\AIS Connect\regapp\RegApp.exe (Fujitsu)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" File not found
O4 - Startup: C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chri\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Chri\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Chri\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.111.111
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CBF9D87-E9C5-4906-8079-AAA618F55EB1}: DhcpNameServer = 194.48.139.254 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7CB79F9-A681-40D2-B3ED-0EB64174E623}: DhcpNameServer = 192.168.111.111
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/25 15:32:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chri\Desktop\otl.exe
[2013/11/22 09:41:10 | 000,060,516 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\3dod3wd.pss
[2013/11/22 09:41:07 | 000,208,896 | ---- | C] (Корпорация Майкрософт) -- C:\ProgramData\dw3dod3.dss
[2013/11/12 15:24:42 | 000,000,000 | ---D | C] -- C:\Users\Chri\Desktop\Bachelorarbeit
[2013/11/11 16:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/11/11 16:02:36 | 000,000,000 | ---D | C] -- C:\Users\Chri\AppData\Local\Cisco
[2013/11/11 16:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2013/11/11 16:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/11/10 21:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/11/05 13:07:45 | 000,000,000 | ---D | C] -- C:\Users\Chri\AppData\Local\Boss Media
[2013/11/05 13:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Boss Media
[2013/11/05 13:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\win2day Poker
[2013/11/05 13:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\win2day Poker
[2013/11/05 13:06:52 | 011,280,032 | ---- | C] (Boss Media AB) -- C:\Users\Chri\Desktop\poker_win2day.at.exe
[2013/11/04 14:56:14 | 000,000,000 | ---D | C] -- C:\Users\Chri\Desktop\GWA
[2013/10/29 17:41:26 | 000,000,000 | ---D | C] -- C:\Users\Chri\AppData\Local\{5F618EE9-61D8-402B-A052-F72D9B08A633}
[2013/10/28 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\Chri\AppData\Local\{4C4ECF22-9B23-4AB3-8224-4DA3BD0619B2}
[2013/10/28 13:52:02 | 000,000,000 | ---D | C] -- C:\Users\Chri\Desktop\Bewerbung
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/25 16:02:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/25 16:02:30 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/25 15:53:45 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/25 15:53:45 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/25 15:50:27 | 095,025,368 | ---- | M] () -- C:\ProgramData\3dod3wd.bxx
[2013/11/25 15:49:51 | 000,000,279 | ---- | M] () -- C:\ProgramData\3dod3wd.reg
[2013/11/25 15:45:50 | 000,000,000 | ---- | M] () -- C:\ProgramData\3dod3wd.fvv
[2013/11/25 15:32:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chri\Desktop\otl.exe
[2013/11/22 09:41:10 | 000,001,039 | ---- | M] () -- C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3dod3wd.lnk
[2013/11/22 09:41:07 | 000,208,896 | ---- | M] (Корпорация Майкрософт) -- C:\ProgramData\dw3dod3.dss
[2013/11/13 11:24:07 | 000,090,532 | ---- | M] () -- C:\Users\Chri\Desktop\erfnw_de_263764.pdf
[2013/11/11 16:01:48 | 004,108,288 | ---- | M] () -- C:\Users\Chri\Desktop\anyconnect_31_win.msi
[2013/11/11 15:59:02 | 002,239,972 | ---- | M] () -- C:\Users\Chri\Desktop\vpn_de.pdf
[2013/11/10 21:39:04 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/10 21:39:04 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/11/10 21:39:04 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/10 21:39:04 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/11/10 21:39:04 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/05 13:07:17 | 011,280,032 | ---- | M] (Boss Media AB) -- C:\Users\Chri\Desktop\poker_win2day.at.exe
[2013/11/04 14:06:33 | 001,319,060 | ---- | M] () -- C:\Users\Chri\Desktop\8219585307[1].pdf
[2013/11/02 11:23:13 | 000,093,458 | ---- | M] () -- C:\Users\Chri\Desktop\Dok1.pdf
[2013/10/30 16:03:16 | 000,096,181 | ---- | M] () -- C:\Users\Chri\Desktop\EStBesch.pdf
[2013/10/29 17:40:29 | 000,152,108 | ---- | M] () -- C:\Users\Chri\Desktop\adm_u3_ss13[1].pdf
[2013/10/29 17:07:52 | 005,719,010 | ---- | M] () -- C:\Users\Chri\Desktop\EBC 3 Lösungen.pdf
 
========== Files Created - No Company Name ==========
 
[2013/11/22 10:27:00 | 000,000,279 | ---- | C] () -- C:\ProgramData\3dod3wd.reg
[2013/11/22 09:41:24 | 000,001,033 | ---- | C] () -- C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup3dod3wd.lnk
[2013/11/22 09:41:10 | 000,001,039 | ---- | C] () -- C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3dod3wd.lnk
[2013/11/22 09:41:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\3dod3wd.fvv
[2013/11/22 09:41:08 | 095,025,368 | ---- | C] () -- C:\ProgramData\3dod3wd.bxx
[2013/11/13 11:24:05 | 000,090,532 | ---- | C] () -- C:\Users\Chri\Desktop\erfnw_de_263764.pdf
[2013/11/11 16:01:41 | 004,108,288 | ---- | C] () -- C:\Users\Chri\Desktop\anyconnect_31_win.msi
[2013/11/11 15:58:59 | 002,239,972 | ---- | C] () -- C:\Users\Chri\Desktop\vpn_de.pdf
[2013/11/04 14:07:17 | 001,319,060 | ---- | C] () -- C:\Users\Chri\Desktop\8219585307[1].pdf
[2013/11/02 11:23:12 | 000,093,458 | ---- | C] () -- C:\Users\Chri\Desktop\Dok1.pdf
[2013/10/30 16:03:14 | 000,096,181 | ---- | C] () -- C:\Users\Chri\Desktop\EStBesch.pdf
[2013/10/29 17:42:20 | 000,152,108 | ---- | C] () -- C:\Users\Chri\Desktop\adm_u3_ss13[1].pdf
[2013/10/29 17:07:46 | 005,719,010 | ---- | C] () -- C:\Users\Chri\Desktop\EBC 3 Lösungen.pdf
[2013/10/08 17:35:23 | 000,032,328 | ---- | C] () -- C:\Windows\Launcher.exe
[2013/01/30 17:14:13 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/01/15 19:18:01 | 000,003,584 | ---- | C] () -- C:\Users\Chri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/11/25 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\Chri\AppData\Roaming\Dropbox
[2012/08/15 16:12:20 | 000,000,000 | ---D | M] -- C:\Users\Chri\AppData\Roaming\DVDVideoSoft
[2012/08/15 16:12:09 | 000,000,000 | ---D | M] -- C:\Users\Chri\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/24 21:25:52 | 000,000,000 | ---D | M] -- C:\Users\Chri\AppData\Roaming\Fujitsu
[2013/11/25 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Chri\AppData\Roaming\HomeTab
[2012/10/26 20:20:31 | 000,000,000 | ---D | M] -- C:\Users\Chri\AppData\Roaming\PacificPoker
[2013/10/08 17:35:23 | 000,000,000 | ---D | M] -- C:\Users\Chri\AppData\Roaming\SimplyTech
[2013/10/08 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\Chri\AppData\Roaming\Spotify
[2012/01/16 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Chri\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

ich hoffe das war so in Ordnung, und würde mich über Eure Hilfe freuen.

Vielen Dank vorab

Mit freundlichen Grüßen

Nico-Dean

cosinus · 25.11.2013, 21:09

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Nico-Dean · 26.11.2013, 08:35

Hallo,

vielen Dank für die rasche Antwort, wobei der PC meinem Arbeitskollegen gehört, und ich deshalb erst jetzt wieder Antworten kann.

Der Laptop hat Windows 7 64 Bit Betriebssystem, und ist über Norton Virenschutz "gesichert".

Letzten Freitag habe ich den PC bekommen mit der Erklärung, dass der GUV Trojaner oben sei, und dass er dieses mal sogar die Cam anzeigt.

Ich habe mir deshalb von Kaspersky das Tool Windowsunlocker auf CD gebrannt, und mit dieser CD den Rechner gestartet, ich bin über die Grafische Oberfläche eingestiegen, und beim öffnen hat diese Oberfläche bereits gemeldet, dass Mailware am PC ist, darauf ist ein Virenscann von Kaspersky durchgelaufen und hat kurz geschrieben, dass es eine Trojaner gefunden und gelöscht hat.

Als der Durchlauf fertig war, bin ich unter Terminal auf windowsunlocker gegangen und habe den Punkt 1 welcher für die Säuberung zuständig ist durchgeführt.
Dieser Vorgang war in ein paar Sekunden fertig, und es stand, dass es ebenfalls einen anderen Trojaner gefunden hatte unter Spotify.helper, und das dieser auch beseitigt wurde.

Diese Protokolle habe ich leider nicht, und ich dachte auch ich hätte eigentlich den Trojaner beseitigt, jedoch am Montag zeigte sich, dass er immer noch da ist.

Mein nächster Schritt war nun, dass ich im abgesicherten Modus auf der Festplatte alle EXE-Dateien gesucht habe, nach Datum geordnet habe und nach mir seltsam erscheinende Dateien, in den Eigenschaften unter Details ohne sinnvollen Einträgen suchte, was aber nichts brachte.

Danach hatte ich unter Benutzer in den Appdata nach solchen Daten gesucht und vorab den ganzen Ordner TEMP geleert, einmal noch mit Kaspersky nur die Boot-Daten gescannt, und danach Gott sei Dank Euch im Netz gefunden.

Nun die Dateien nochmals:

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2013 01
Ran by Chri at 2013-11-26 07:44:36
Running from C:\Users\Chri\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
888poker (x32)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader 9.5.2 - Deutsch (x32 Version: 9.5.2)
AIS Connect (x32 Version: 1.1.1.6)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Browser Guard (x32)
Canon MP550 series MP Drivers
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.01065)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.01065)
CyberLink YouCam (x32 Version: 3.0.1908.7636)
D3DX10 (x32 Version: 15.4.2368.0902)
DeskUpdate 4.11 (x32 Version: 4.11.0074)
Dropbox (HKCU Version: 2.0.22)
Druckerdeinstallation für EPSON BX535WD Series
eBay (x32 Version: 1.0.1)
EPSON Scan (x32)
Free Pdf Perfect Prereq (x32 Version: 1.0.0.0)
Free YouTube Download 3 version 3.0.11.727 (x32)
Freemium Free PDF Perfect (x32 Version: 1.0)
Fujitsu Display Manager (Version: 7.01.00.210)
Fujitsu Display Manager (x32 Version: )
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000)
Fujitsu MobilityCenter Extension Utility (x32 Version: )
Fujitsu System Extension Utility (Version: 3.1.1.0)
Fujitsu System Extension Utility (x32)
Full Tilt Poker (x32 Version: 4.59.1.WIN.FullTilt.COM)
HomeTab 5.1 (x32 Version: 5.1)
iCloud (Version: 2.1.1.3)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2025)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
iTunes (Version: 11.0.2.26)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LifeBook Application Panel (Version: 8.1.0.0)
LifeBook Application Panel (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
miCoach Manager (x32 Version: 5.3.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Norton Internet Security (x32 Version: 18.7.2.3)
Plugfree NETWORK (Version: 5.3.0.1)
Plugfree NETWORK (Version: 5.3.001)
PokerStars (x32)
PokerStars.eu (x32)
PokerStars.net (x32)
Power Saving Utility (Version: 31.01.11.013)
Power Saving Utility (x32)
QuickTime (x32 Version: 7.73.80.64)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30087)
Skype™ 6.3 (x32 Version: 6.3.105)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Spotify (HKCU Version: 0.8.4.107.g4fa0003f)
Synaptics Pointing Device Driver (Version: 14.0.10.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
win2day Poker (x32 Version: )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

17-11-2013 13:34:19 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {16A76DC4-9118-4F81-99C7-12DD7236AE6C} - System32\Tasks\Fujitsu\DeskUpdateRetry => C:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2010-10-13] (Fujitsu Technology Solutions)
Task: {274CB0E7-5456-4FC8-95C2-37225AED9F14} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symerr.exe [2012-06-08] (Symantec Corporation)
Task: {2915565D-0A99-4192-A4BC-532FB367E0DE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {3F2BECA3-E641-4D5A-A0FA-413FD1358269} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symerr.exe [2012-06-08] (Symantec Corporation)
Task: {50675303-5E31-47E7-BEE6-0433961079C0} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\TBUpdater.dll [2013-11-19] (Simply Tech Ltd.)
Task: {564B0BE5-F038-4D1D-9FCB-A6D9537F3E98} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\ProtectedSearch.exe [2013-11-19] (Simplygen)
Task: {5A30EB61-307C-4B4D-9BCD-C2634CB4493A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BC7A60B3-91B9-4D52-A647-99C27A882102} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {C7C0E74F-A76A-4F2C-A251-CA5E6E5F428F} - System32\Tasks\Fujitsu\DeskUpdate => C:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2010-10-13] (Fujitsu Technology Solutions)

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2013 07:36:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2013 04:04:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2013 03:46:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2013 02:56:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2013 02:32:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2013 09:33:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2013 01:31:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2013 00:57:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2013 10:28:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2013 09:56:44 AM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16736 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1200

Startzeit: 01cee760b364a8df

Endzeit: 7

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:


System errors:
=============
Error: (11/26/2013 07:43:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/26/2013 07:43:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/26/2013 07:43:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/26/2013 07:42:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/26/2013 07:42:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/26/2013 07:42:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/26/2013 07:42:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/26/2013 07:42:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/26/2013 07:42:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/26/2013 07:38:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 3892.55 MB
Available physical RAM: 3207.21 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 7096.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:17.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0832DE2D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=464 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by Chri (administrator) on PC on 26-11-2013 07:43:40
Running from C:\Users\Chri\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE [241280 2013-05-07] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE [241280 2013-05-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [AIS_RegApp] - C:\Program Files (x86)\Fujitsu\AIS Connect\regapp\RegApp.exe [1200640 2010-02-03] (Fujitsu)
HKLM-x32\...\Run: [DeskUpdateNotifier] - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [97560 2010-10-13] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
Startup: C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3dod3wd.lnk
ShortcutTarget: 3dod3wd.lnk -> C:\ProgramData\dw3dod3.dss (Корпорация Майкрософт)
Startup: C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Chri\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {431CA117-26DE-450D-BF3F-6AE20BD850F1} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {431CA117-26DE-450D-BF3F-6AE20BD850F1} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
SearchScopes: HKCU - DefaultScope {431CA117-26DE-450D-BF3F-6AE20BD850F1} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
SearchScopes: HKCU - {431CA117-26DE-450D-BF3F-6AE20BD850F1} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files (x86)\Browser Guard\browserguard.dll (Browser Guard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Chri\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech LTD.)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Chri\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech LTD.)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.111.111

==================== Services (Whitelisted) =================

S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
S2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED)
S2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-08] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2011-12-01] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-06] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-06] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120217.003\IDSvia64.sys [488568 2011-12-16] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120218.008\ENG64.SYS [117880 2011-12-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120218.008\EX64.SYS [2048632 2011-12-25] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-25] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 07:43 - 2013-11-26 07:43 - 00012755 _____ C:\Users\Chri\Desktop\FRST.txt
2013-11-26 07:43 - 2013-11-26 07:43 - 00000000 ____D C:\FRST
2013-11-26 07:38 - 2013-11-26 07:42 - 01958474 _____ (Farbar) C:\Users\Chri\Desktop\FRST64.exe
2013-11-25 16:15 - 2013-11-25 16:15 - 00077536 _____ C:\Users\Chri\Documents\OTL.Txt
2013-11-25 15:45 - 2013-11-25 15:45 - 00109296 _____ C:\Users\Chri\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 15:42 - 2013-11-25 16:15 - 00080348 _____ C:\Users\Chri\Desktop\Extras.Txt
2013-11-25 15:41 - 2013-11-25 16:14 - 00077536 _____ C:\Users\Chri\Desktop\OTL.Txt
2013-11-25 15:32 - 2013-11-25 15:32 - 00602112 _____ (OldTimer Tools) C:\Users\Chri\Downloads\otl.exe
2013-11-25 15:32 - 2013-11-25 15:32 - 00602112 _____ (OldTimer Tools) C:\Users\Chri\Desktop\otl.exe
2013-11-22 10:27 - 2013-11-25 15:49 - 00000279 _____ C:\ProgramData\3dod3wd.reg
2013-11-22 09:41 - 2013-11-25 15:50 - 95025368 ____T C:\ProgramData\3dod3wd.bxx
2013-11-22 09:41 - 2013-11-25 15:45 - 00000000 _____ C:\ProgramData\3dod3wd.fvv
2013-11-22 09:41 - 2013-11-22 09:41 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\dw3dod3.dss
2013-11-22 09:41 - 2013-11-22 09:41 - 00060516 ____T (Microsoft Corporation) C:\ProgramData\3dod3wd.pss
2013-11-22 09:41 - 2013-11-22 09:41 - 00001033 _____ C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup3dod3wd.lnk
2013-11-18 21:59 - 2013-11-18 22:18 - 00131806 _____ C:\Users\Chri\Downloads\Berechnungen zum paper_VW+Daimler_aktualisiert_EVA.xlsx
2013-11-17 14:37 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 14:37 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 14:37 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-17 14:37 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-17 14:37 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-17 14:37 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-17 14:37 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 14:37 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-17 14:37 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-17 14:37 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 13:06 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 13:06 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 13:06 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 13:06 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 13:06 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 13:06 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:06 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 13:06 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 13:06 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 13:06 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 13:06 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 13:06 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 13:06 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 13:06 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 13:06 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 13:06 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 13:06 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 13:06 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 13:06 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 13:06 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 13:06 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 13:06 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 13:06 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 13:06 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 13:06 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 13:06 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 13:06 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 13:06 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 13:06 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 13:06 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 15:24 - 2013-11-20 16:15 - 00000000 ____D C:\Users\Chri\Desktop\Bachelorarbeit
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\Users\Chri\AppData\Local\Cisco
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\ProgramData\Cisco
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-11 16:01 - 2013-11-11 16:01 - 04108288 _____ C:\Users\Chri\Desktop\anyconnect_31_win.msi
2013-11-10 21:42 - 2013-11-18 21:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\Users\Chri\AppData\Local\Boss Media
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\ProgramData\Boss Media
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\Program Files (x86)\win2day Poker
2013-11-05 13:06 - 2013-11-05 13:07 - 11280032 _____ (Boss Media AB) C:\Users\Chri\Desktop\poker_win2day.at.exe
2013-11-04 14:56 - 2013-11-16 20:36 - 00000000 ____D C:\Users\Chri\Desktop\GWA
2013-10-30 16:20 - 2013-10-30 16:20 - 00276936 _____ C:\Windows\Minidump\103013-35802-01.dmp
2013-10-29 17:41 - 2013-10-29 17:41 - 00000000 ____D C:\Users\Chri\AppData\Local\{5F618EE9-61D8-402B-A052-F72D9B08A633}
2013-10-28 17:52 - 2013-10-28 17:52 - 00000000 ____D C:\Users\Chri\AppData\Local\{4C4ECF22-9B23-4AB3-8224-4DA3BD0619B2}
2013-10-28 13:52 - 2013-11-05 11:48 - 00000000 ____D C:\Users\Chri\Desktop\Bewerbung

==================== One Month Modified Files and Folders =======

2013-11-26 07:43 - 2013-11-26 07:43 - 00012755 _____ C:\Users\Chri\Desktop\FRST.txt
2013-11-26 07:43 - 2013-11-26 07:43 - 00000000 ____D C:\FRST
2013-11-26 07:42 - 2013-11-26 07:38 - 01958474 _____ (Farbar) C:\Users\Chri\Desktop\FRST64.exe
2013-11-25 16:15 - 2013-11-25 16:15 - 00077536 _____ C:\Users\Chri\Documents\OTL.Txt
2013-11-25 16:15 - 2013-11-25 15:42 - 00080348 _____ C:\Users\Chri\Desktop\Extras.Txt
2013-11-25 16:14 - 2013-11-25 15:41 - 00077536 _____ C:\Users\Chri\Desktop\OTL.Txt
2013-11-25 16:08 - 2011-12-25 05:59 - 01580875 _____ C:\Windows\WindowsUpdate.log
2013-11-25 16:08 - 2009-07-14 05:51 - 00105688 _____ C:\Windows\setupact.log
2013-11-25 15:53 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 15:53 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 15:50 - 2013-11-22 09:41 - 95025368 ____T C:\ProgramData\3dod3wd.bxx
2013-11-25 15:49 - 2013-11-22 10:27 - 00000279 _____ C:\ProgramData\3dod3wd.reg
2013-11-25 15:48 - 2013-10-08 17:35 - 00000000 ____D C:\Users\Chri\AppData\Roaming\HomeTab
2013-11-25 15:48 - 2013-10-08 17:35 - 00000000 ____D C:\Program Files (x86)\HomeTab
2013-11-25 15:48 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-25 15:46 - 2013-01-07 19:02 - 00000000 ___RD C:\Users\Chri\Dropbox
2013-11-25 15:46 - 2013-01-07 18:59 - 00000000 ____D C:\Users\Chri\AppData\Roaming\Dropbox
2013-11-25 15:45 - 2013-11-25 15:45 - 00109296 _____ C:\Users\Chri\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 15:45 - 2013-11-22 09:41 - 00000000 _____ C:\ProgramData\3dod3wd.fvv
2013-11-25 15:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-25 15:32 - 2013-11-25 15:32 - 00602112 _____ (OldTimer Tools) C:\Users\Chri\Downloads\otl.exe
2013-11-25 15:32 - 2013-11-25 15:32 - 00602112 _____ (OldTimer Tools) C:\Users\Chri\Desktop\otl.exe
2013-11-22 09:41 - 2013-11-22 09:41 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\dw3dod3.dss
2013-11-22 09:41 - 2013-11-22 09:41 - 00060516 ____T (Microsoft Corporation) C:\ProgramData\3dod3wd.pss
2013-11-22 09:41 - 2013-11-22 09:41 - 00001033 _____ C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup3dod3wd.lnk
2013-11-22 09:41 - 2011-12-24 21:25 - 00000000 ___RD C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-21 10:25 - 2013-01-09 23:02 - 00000000 ____D C:\Users\Chri\AppData\Local\PokerStars
2013-11-20 16:15 - 2013-11-12 15:24 - 00000000 ____D C:\Users\Chri\Desktop\Bachelorarbeit
2013-11-18 23:22 - 2012-01-09 16:55 - 00000000 ____D C:\Users\Chri\Desktop\Magdalena
2013-11-18 22:18 - 2013-11-18 21:59 - 00131806 _____ C:\Users\Chri\Downloads\Berechnungen zum paper_VW+Daimler_aktualisiert_EVA.xlsx
2013-11-18 21:55 - 2013-11-10 21:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-18 14:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-17 14:37 - 2011-12-24 22:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-16 20:36 - 2013-11-04 14:56 - 00000000 ____D C:\Users\Chri\Desktop\GWA
2013-11-13 22:49 - 2012-03-02 21:14 - 00000000 ____D C:\Users\Chri\AppData\Roaming\Apple Computer
2013-11-13 22:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\Users\Chri\AppData\Local\Cisco
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\ProgramData\Cisco
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-11 16:01 - 2013-11-11 16:01 - 04108288 _____ C:\Users\Chri\Desktop\anyconnect_31_win.msi
2013-11-10 21:39 - 2011-02-11 15:47 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-11-10 21:39 - 2011-02-11 15:47 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-11-10 21:39 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 13:01 - 2012-08-15 17:30 - 00000000 ____D C:\Users\Chri\AppData\Local\CrashDumps
2013-11-06 14:28 - 2013-02-10 19:44 - 00000000 ____D C:\Users\Chri\Desktop\Pokern
2013-11-05 16:13 - 2013-01-09 23:13 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\Users\Chri\AppData\Local\Boss Media
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\ProgramData\Boss Media
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\Program Files (x86)\win2day Poker
2013-11-05 13:07 - 2013-11-05 13:06 - 11280032 _____ (Boss Media AB) C:\Users\Chri\Desktop\poker_win2day.at.exe
2013-11-05 11:48 - 2013-10-28 13:52 - 00000000 ____D C:\Users\Chri\Desktop\Bewerbung
2013-10-30 16:20 - 2013-10-30 16:20 - 00276936 _____ C:\Windows\Minidump\103013-35802-01.dmp
2013-10-30 16:20 - 2013-02-11 10:45 - 00000000 ____D C:\Windows\Minidump
2013-10-29 17:41 - 2013-10-29 17:41 - 00000000 ____D C:\Users\Chri\AppData\Local\{5F618EE9-61D8-402B-A052-F72D9B08A633}
2013-10-28 17:52 - 2013-10-28 17:52 - 00000000 ____D C:\Users\Chri\AppData\Local\{4C4ECF22-9B23-4AB3-8224-4DA3BD0619B2}
2013-10-28 13:56 - 2013-10-01 12:31 - 00000000 ____D C:\Users\Chri\Desktop\micoach
2013-10-28 13:56 - 2013-09-03 10:31 - 00000000 ____D C:\Users\Chri\Desktop\Left Boy
2013-10-28 13:55 - 2012-09-13 08:45 - 00000000 ____D C:\Users\Chri\Desktop\Uni

Files to move or delete:
====================
C:\ProgramData\3dod3wd.bxx
C:\ProgramData\3dod3wd.fvv
C:\ProgramData\3dod3wd.pss
C:\ProgramData\3dod3wd.reg
C:\ProgramData\dw3dod3.dss


Some content of TEMP:
====================
C:\Users\Chri\AppData\Local\Temp\tbu1A24.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 14:53

==================== End Of Log ============================

--- --- ---

Andere Log-Dateien habe ich nicht, oder glaube ich, dass ich sie nicht habe, wie man sicher merkt bin ich leider nur ein Laie

Liebe Grüße

Nico-Dean

cosinus · 26.11.2013, 10:55

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3dod3wd.lnk
ShortcutTarget: 3dod3wd.lnk -> C:\ProgramData\dw3dod3.dss (Корпорация Майкрософт)
C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3dod3wd.lnk
C:\ProgramData\3dod3wd.bxx
C:\ProgramData\3dod3wd.fvv
C:\ProgramData\3dod3wd.pss
C:\ProgramData\3dod3wd.reg
C:\ProgramData\dw3dod3.dss
C:\Users\Chri\AppData\Local\Temp\tbu1A24.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Nico-Dean · 26.11.2013, 11:47

Hallo,

ich habe es am Desktop gespeichert

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by Chri (administrator) on PC on 26-11-2013 11:33:44
Running from C:\Users\Chri\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE [241280 2013-05-07] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE [241280 2013-05-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [AIS_RegApp] - C:\Program Files (x86)\Fujitsu\AIS Connect\regapp\RegApp.exe [1200640 2010-02-03] (Fujitsu)
HKLM-x32\...\Run: [DeskUpdateNotifier] - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [97560 2010-10-13] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
Startup: C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3dod3wd.lnk
ShortcutTarget: 3dod3wd.lnk -> C:\ProgramData\dw3dod3.dss (Корпорация Майкрософт)
Startup: C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Chri\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {431CA117-26DE-450D-BF3F-6AE20BD850F1} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {431CA117-26DE-450D-BF3F-6AE20BD850F1} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
SearchScopes: HKCU - DefaultScope {431CA117-26DE-450D-BF3F-6AE20BD850F1} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
SearchScopes: HKCU - {431CA117-26DE-450D-BF3F-6AE20BD850F1} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Browser Guard - {02a0d829-4393-46fc-a37e-126263035883} - C:\Program Files (x86)\Browser Guard\browserguard.dll (Browser Guard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Chri\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech LTD.)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Chri\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech LTD.)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.111.111

==================== Services (Whitelisted) =================

S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
S2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED)
S2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-08] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2011-12-01] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-06] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-06] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120217.003\IDSvia64.sys [488568 2011-12-16] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120218.008\ENG64.SYS [117880 2011-12-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120218.008\EX64.SYS [2048632 2011-12-25] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-25] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 11:32 - 2013-11-26 11:32 - 00000465 _____ C:\Users\Chri\Desktop\Fixlist.txt
2013-11-26 07:44 - 2013-11-26 07:44 - 00018212 _____ C:\Users\Chri\Desktop\Addition.txt
2013-11-26 07:43 - 2013-11-26 11:33 - 00000000 _____ C:\Users\Chri\Desktop\FRST.txt
2013-11-26 07:43 - 2013-11-26 07:43 - 00000000 ____D C:\FRST
2013-11-26 07:38 - 2013-11-26 07:42 - 01958474 _____ (Farbar) C:\Users\Chri\Desktop\FRST64.exe
2013-11-25 16:15 - 2013-11-25 16:15 - 00077536 _____ C:\Users\Chri\Documents\OTL.Txt
2013-11-25 15:45 - 2013-11-25 15:45 - 00109296 _____ C:\Users\Chri\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 15:42 - 2013-11-25 16:15 - 00080348 _____ C:\Users\Chri\Desktop\Extras.Txt
2013-11-25 15:41 - 2013-11-25 16:14 - 00077536 _____ C:\Users\Chri\Desktop\OTL.Txt
2013-11-25 15:32 - 2013-11-25 15:32 - 00602112 _____ (OldTimer Tools) C:\Users\Chri\Downloads\otl.exe
2013-11-25 15:32 - 2013-11-25 15:32 - 00602112 _____ (OldTimer Tools) C:\Users\Chri\Desktop\otl.exe
2013-11-22 10:27 - 2013-11-25 15:49 - 00000279 _____ C:\ProgramData\3dod3wd.reg
2013-11-22 09:41 - 2013-11-25 15:50 - 95025368 ____T C:\ProgramData\3dod3wd.bxx
2013-11-22 09:41 - 2013-11-25 15:45 - 00000000 _____ C:\ProgramData\3dod3wd.fvv
2013-11-22 09:41 - 2013-11-22 09:41 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\dw3dod3.dss
2013-11-22 09:41 - 2013-11-22 09:41 - 00060516 ____T (Microsoft Corporation) C:\ProgramData\3dod3wd.pss
2013-11-22 09:41 - 2013-11-22 09:41 - 00001033 _____ C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup3dod3wd.lnk
2013-11-18 21:59 - 2013-11-18 22:18 - 00131806 _____ C:\Users\Chri\Downloads\Berechnungen zum paper_VW+Daimler_aktualisiert_EVA.xlsx
2013-11-17 14:37 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 14:37 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 14:37 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-17 14:37 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 14:37 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-17 14:37 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-17 14:37 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-17 14:37 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-17 14:37 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 14:37 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-17 14:37 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-17 14:37 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 13:06 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 13:06 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 13:06 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 13:06 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 13:06 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 13:06 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:06 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 13:06 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 13:06 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 13:06 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 13:06 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 13:06 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 13:06 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 13:06 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 13:06 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 13:06 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 13:06 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 13:06 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 13:06 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 13:06 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 13:06 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 13:06 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 13:06 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 13:06 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 13:06 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 13:06 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 13:06 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 13:06 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 13:06 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 13:06 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 15:24 - 2013-11-20 16:15 - 00000000 ____D C:\Users\Chri\Desktop\Bachelorarbeit
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\Users\Chri\AppData\Local\Cisco
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\ProgramData\Cisco
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-11 16:01 - 2013-11-11 16:01 - 04108288 _____ C:\Users\Chri\Desktop\anyconnect_31_win.msi
2013-11-10 21:42 - 2013-11-18 21:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\Users\Chri\AppData\Local\Boss Media
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\ProgramData\Boss Media
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\Program Files (x86)\win2day Poker
2013-11-05 13:06 - 2013-11-05 13:07 - 11280032 _____ (Boss Media AB) C:\Users\Chri\Desktop\poker_win2day.at.exe
2013-11-04 14:56 - 2013-11-16 20:36 - 00000000 ____D C:\Users\Chri\Desktop\GWA
2013-10-30 16:20 - 2013-10-30 16:20 - 00276936 _____ C:\Windows\Minidump\103013-35802-01.dmp
2013-10-29 17:41 - 2013-10-29 17:41 - 00000000 ____D C:\Users\Chri\AppData\Local\{5F618EE9-61D8-402B-A052-F72D9B08A633}
2013-10-28 17:52 - 2013-10-28 17:52 - 00000000 ____D C:\Users\Chri\AppData\Local\{4C4ECF22-9B23-4AB3-8224-4DA3BD0619B2}
2013-10-28 13:52 - 2013-11-05 11:48 - 00000000 ____D C:\Users\Chri\Desktop\Bewerbung

==================== One Month Modified Files and Folders =======

2013-11-26 11:33 - 2013-11-26 07:43 - 00000000 _____ C:\Users\Chri\Desktop\FRST.txt
2013-11-26 11:32 - 2013-11-26 11:32 - 00000465 _____ C:\Users\Chri\Desktop\Fixlist.txt
2013-11-26 07:44 - 2013-11-26 07:44 - 00018212 _____ C:\Users\Chri\Desktop\Addition.txt
2013-11-26 07:43 - 2013-11-26 07:43 - 00000000 ____D C:\FRST
2013-11-26 07:42 - 2013-11-26 07:38 - 01958474 _____ (Farbar) C:\Users\Chri\Desktop\FRST64.exe
2013-11-25 16:15 - 2013-11-25 16:15 - 00077536 _____ C:\Users\Chri\Documents\OTL.Txt
2013-11-25 16:15 - 2013-11-25 15:42 - 00080348 _____ C:\Users\Chri\Desktop\Extras.Txt
2013-11-25 16:14 - 2013-11-25 15:41 - 00077536 _____ C:\Users\Chri\Desktop\OTL.Txt
2013-11-25 16:08 - 2011-12-25 05:59 - 01580875 _____ C:\Windows\WindowsUpdate.log
2013-11-25 16:08 - 2009-07-14 05:51 - 00105688 _____ C:\Windows\setupact.log
2013-11-25 15:53 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 15:53 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 15:50 - 2013-11-22 09:41 - 95025368 ____T C:\ProgramData\3dod3wd.bxx
2013-11-25 15:49 - 2013-11-22 10:27 - 00000279 _____ C:\ProgramData\3dod3wd.reg
2013-11-25 15:48 - 2013-10-08 17:35 - 00000000 ____D C:\Users\Chri\AppData\Roaming\HomeTab
2013-11-25 15:48 - 2013-10-08 17:35 - 00000000 ____D C:\Program Files (x86)\HomeTab
2013-11-25 15:48 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-25 15:46 - 2013-01-07 19:02 - 00000000 ___RD C:\Users\Chri\Dropbox
2013-11-25 15:46 - 2013-01-07 18:59 - 00000000 ____D C:\Users\Chri\AppData\Roaming\Dropbox
2013-11-25 15:45 - 2013-11-25 15:45 - 00109296 _____ C:\Users\Chri\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 15:45 - 2013-11-22 09:41 - 00000000 _____ C:\ProgramData\3dod3wd.fvv
2013-11-25 15:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-25 15:32 - 2013-11-25 15:32 - 00602112 _____ (OldTimer Tools) C:\Users\Chri\Downloads\otl.exe
2013-11-25 15:32 - 2013-11-25 15:32 - 00602112 _____ (OldTimer Tools) C:\Users\Chri\Desktop\otl.exe
2013-11-22 09:41 - 2013-11-22 09:41 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\dw3dod3.dss
2013-11-22 09:41 - 2013-11-22 09:41 - 00060516 ____T (Microsoft Corporation) C:\ProgramData\3dod3wd.pss
2013-11-22 09:41 - 2013-11-22 09:41 - 00001033 _____ C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup3dod3wd.lnk
2013-11-22 09:41 - 2011-12-24 21:25 - 00000000 ___RD C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-21 10:25 - 2013-01-09 23:02 - 00000000 ____D C:\Users\Chri\AppData\Local\PokerStars
2013-11-20 16:15 - 2013-11-12 15:24 - 00000000 ____D C:\Users\Chri\Desktop\Bachelorarbeit
2013-11-18 23:22 - 2012-01-09 16:55 - 00000000 ____D C:\Users\Chri\Desktop\Magdalena
2013-11-18 22:18 - 2013-11-18 21:59 - 00131806 _____ C:\Users\Chri\Downloads\Berechnungen zum paper_VW+Daimler_aktualisiert_EVA.xlsx
2013-11-18 21:55 - 2013-11-10 21:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-18 14:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-17 14:37 - 2011-12-24 22:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-16 20:36 - 2013-11-04 14:56 - 00000000 ____D C:\Users\Chri\Desktop\GWA
2013-11-13 22:49 - 2012-03-02 21:14 - 00000000 ____D C:\Users\Chri\AppData\Roaming\Apple Computer
2013-11-13 22:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\Users\Chri\AppData\Local\Cisco
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\ProgramData\Cisco
2013-11-11 16:02 - 2013-11-11 16:02 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-11 16:01 - 2013-11-11 16:01 - 04108288 _____ C:\Users\Chri\Desktop\anyconnect_31_win.msi
2013-11-10 21:39 - 2011-02-11 15:47 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-11-10 21:39 - 2011-02-11 15:47 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-11-10 21:39 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 13:01 - 2012-08-15 17:30 - 00000000 ____D C:\Users\Chri\AppData\Local\CrashDumps
2013-11-06 14:28 - 2013-02-10 19:44 - 00000000 ____D C:\Users\Chri\Desktop\Pokern
2013-11-05 16:13 - 2013-01-09 23:13 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\Users\Chri\AppData\Local\Boss Media
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\ProgramData\Boss Media
2013-11-05 13:07 - 2013-11-05 13:07 - 00000000 ____D C:\Program Files (x86)\win2day Poker
2013-11-05 13:07 - 2013-11-05 13:06 - 11280032 _____ (Boss Media AB) C:\Users\Chri\Desktop\poker_win2day.at.exe
2013-11-05 11:48 - 2013-10-28 13:52 - 00000000 ____D C:\Users\Chri\Desktop\Bewerbung
2013-10-30 16:20 - 2013-10-30 16:20 - 00276936 _____ C:\Windows\Minidump\103013-35802-01.dmp
2013-10-30 16:20 - 2013-02-11 10:45 - 00000000 ____D C:\Windows\Minidump
2013-10-29 17:41 - 2013-10-29 17:41 - 00000000 ____D C:\Users\Chri\AppData\Local\{5F618EE9-61D8-402B-A052-F72D9B08A633}
2013-10-28 17:52 - 2013-10-28 17:52 - 00000000 ____D C:\Users\Chri\AppData\Local\{4C4ECF22-9B23-4AB3-8224-4DA3BD0619B2}
2013-10-28 13:56 - 2013-10-01 12:31 - 00000000 ____D C:\Users\Chri\Desktop\micoach
2013-10-28 13:56 - 2013-09-03 10:31 - 00000000 ____D C:\Users\Chri\Desktop\Left Boy
2013-10-28 13:55 - 2012-09-13 08:45 - 00000000 ____D C:\Users\Chri\Desktop\Uni

Files to move or delete:
====================
C:\ProgramData\3dod3wd.bxx
C:\ProgramData\3dod3wd.fvv
C:\ProgramData\3dod3wd.pss
C:\ProgramData\3dod3wd.reg
C:\ProgramData\dw3dod3.dss


Some content of TEMP:
====================
C:\Users\Chri\AppData\Local\Temp\tbu1A24.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 14:53

==================== End Of Log ============================

--- --- ---

Liebe Grüße

Nico-Dean

cosinus · 26.11.2013, 12:44

Du solltest das Fixlog posten, nicht noch ein FRST Log

Nico-Dean · 27.11.2013, 10:58

Hallo,

hab nur eine kurze Frage,
worum handelt es sich bei dieser Datei, gehört die zur ATI Karte?

Code:

ATTFilter

ShortcutTarget: 3dod3wd.lnk -> C:\ProgramData\dw3dod3.dss (Корпорация Майкрософт)

Liebe Grüße

Nico-Dean

Hallo,

ich habe nun die oben angeführte Datei umbenannt und kann ohne das die GUV Seite kommt arbeiten, nur bekomme ich noch Fehlermeldungen.

Auf jeden Fall vielen Dank Cosinus, dass du mich bereits so weit gebracht hast!!

Liebe Grüße
Nico-Dean

cosinus · 27.11.2013, 13:30

Zitat:

worum handelt es sich bei dieser Datei, gehört die zur ATI Karte?

Keinen Schimmer wie du da einen Zusammenhang mit ATI herstellst. Das ist Malware!

Zitat:

ich habe nun die oben angeführte Datei umbenannt und kann ohne das die GUV Seite kommt arbeiten, nur bekomme ich noch Fehlermeldungen.

Warum setzt du nicht meine Anweisungen um, du hast doch um Hilfe gebeten. Ich warte immer noch auf den FRST Fix und das Log dazu.

Nico-Dean · 27.11.2013, 13:51

Hallo Cosinus,

Sorry, das habe ich total übersehen, deshalb habe ich ja ein wenig probiert.

Ich habe nun die Datei wieder so benannt wie sie zuvor lautete, da ich sie ja unbenannt hatte, und nochmals den Test durchgeführt im abgesicherten Modus.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-11-2013 01
Ran by Chri at 2013-11-27 13:40:10 Run:1
Running from C:\Users\Chri\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3dod3wd.lnk
ShortcutTarget: 3dod3wd.lnk -> C:\ProgramData\dw3dod3.dss (?????????? ??????????)
C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3dod3wd.lnk
C:\ProgramData\3dod3wd.bxx
C:\ProgramData\3dod3wd.fvv
C:\ProgramData\3dod3wd.pss
C:\ProgramData\3dod3wd.reg
C:\ProgramData\dw3dod3.dss
C:\Users\Chri\AppData\Local\Temp\tbu1A24.exe
         
*****************

C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3dod3wd.lnk => Moved successfully.
C:\ProgramData\dw3dod3.dss => Moved successfully.
"C:\Users\Chri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3dod3wd.lnk" => File/Directory not found.
C:\ProgramData\3dod3wd.bxx => Moved successfully.
C:\ProgramData\3dod3wd.fvv => Moved successfully.
C:\ProgramData\3dod3wd.pss => Moved successfully.
C:\ProgramData\3dod3wd.reg => Moved successfully.
"C:\ProgramData\dw3dod3.dss" => File/Directory not found.
C:\Users\Chri\AppData\Local\Temp\tbu1A24.exe => Moved successfully.

==== End of Fixlog ====

Auf die Idee mit ATI bin ich deshalb gekommen, weil die anderen ähnlichen Dateien unter Eigenschaft/Details was von ATI stehen hatten.

Nochmals Entschuldigung, ich hatte deine Antwort total übersehen.

Liebe Grüße
Nico Dean

cosinus · 27.11.2013, 14:21

Ok, ich dachte du hast meine Anweisungen absichtlich ignoriert

Startet Windows wieder normal?

Nico-Dean · 27.11.2013, 14:36

Hallo Cosinus,

ja er startet wieder ganz normal, vielen lieben Dank!!

Liebe Grüße

Nico-Dean

cosinus · 27.11.2013, 14:36

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Nico-Dean · 27.11.2013, 15:30

Hallo Cosinus,

der erste Durchlauf ist fertig, und hier die LOG-Datei

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Chri :: PC [administrator]

27.11.2013 14:40:45
mbar-log-2013-11-27 (14-40-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 263115
Time elapsed: 23 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 8
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=) Good: (hxxp://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=) Good: (hxxp://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=) Good: (hxxp://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=) Good: (hxxp://www.google.com/) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.9&ts=1381183200000.000008&tguid=66920-6787-1381250094123-E70EEE9B3E1B6CD98624432C5493BE8B&st=chrome&q=) Good: (hxxp://www.google.com/) -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\$Recycle.Bin\S-1-5-21-2370752971-1302968336-1553795270-1000\$RM309K3.dss (Trojan.Ransom.ED) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-21-2370752971-1302968336-1553795270-1000\$RD7W4YD.dll (Trojan.Ransom.ED) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-21-2370752971-1302968336-1553795270-1000\$RE4VEN5.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Chri\AppData\Local\Temp\dw3dod3.dss (Trojan.Ransom.ED) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

liebe Grüße
Nico-Dean

cosinus · 27.11.2013, 15:43

Ok, 2. Lauf bitte

Nico-Dean · 27.11.2013, 15:55

zweiter Durchlauf ist nun auch fertig und der PC ist SAUBER :-)

26.11.2013, 12:44	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GUV Trojaner mit Cam löschen Du solltest das Fixlog posten, nicht noch ein FRST Log __________________ --> GUV Trojaner mit Cam löschen

27.11.2013, 14:21	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GUV Trojaner mit Cam löschen Ok, ich dachte du hast meine Anweisungen absichtlich ignoriert Startet Windows wieder normal? __________________ Logfiles bitte immer in CODE-Tags posten

27.11.2013, 15:43	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GUV Trojaner mit Cam löschen Ok, 2. Lauf bitte __________________ Logfiles bitte immer in CODE-Tags posten

GUV Trojaner mit Cam löschen

Plagegeister aller Art und deren Bekämpfung: GUV Trojaner mit Cam löschen