Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mein USB-Stick zeigt nur noch Verknüpfungen an und ein unbekanntes Programm möchte Änderungen an meinem Computer vornehmen (https://www.trojaner-board.de/166119-usb-stick-zeigt-nur-noch-verknuepfungen-unbekanntes-programm-moechte-aenderungen-meinem-computer-vornehmen.html)

LenaR 14.04.2015 21:57
Mein USB-Stick zeigt nur noch Verknüpfungen an und ein unbekanntes Programm möchte Änderungen an meinem Computer vornehmen
 
Liebes Trojaner-Board-Team,

seit einiger Zeit zeigt mein USB-Stick nur noch Verknüpfungen an. Auf dem Stick selber kann ich die Datein noch ganz normal öffnen, aber sobald ich sie auf meinen Desktop beispielsweise übertrage nicht mehr. Anfangs habe ich mir nichts dabei gedacht, weil auch noch die Originaldatei auf dem Stick angezeigt wurde, aber mitlerweile sind nur noch die Verknüpfungen zu sehen. Im Copy-Shop heute konnten die Datein auf meinem Stick erstmals nicht geöffnet werden.
Bei meiner SD Karte genau das gleiche Problem.

Ich habe die Vermutung, dass das mit einem Programm zusammenhängt, dass ständig Änderungen an meinem Computer vornehmen will (beide Probleme sind zeitgleich aufgetreten). Jedoch wird Microsoft Windows als Herausgeber betitelt, was mich in meiner Vermutung verunsicher (Programmname: Microsoft @ Windows Based Script Host).

Ich habe leider sehr wenig Ahnung von alle dem und wäre euch wirklich dankbar, wenn ihr mir helfen würdet!

deeprybka 14.04.2015 22:07
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

LenaR 15.04.2015 13:42
Danke für die super schnelle Antwort!

Doch beim ersten Schritt ergibt sich leider schon das erste Problem. Ich habe FRST gedownloaded, aber kann es nicht öffnen bzw. es öffnet sich kurz und schließt sich direkt wieder von selbst. Das selbe Problem hatte ich auch schon, als ich ein neues Virenprogramm Downloaden wollte. Was soll ich tun?

deeprybka 15.04.2015 13:45
Probier mal im abgesicherten Modus.

Starten des Computers im abgesicherten Modus - Windows-Hilfe

LenaR 15.04.2015 14:20
Das hat geklappt, danke für den Tip! Hier die Logdatein:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 01
Ran by fujitsu (administrator) on FUJITSU-PC on 15-04-2015 15:08:27
Running from C:\Users\fujitsu\Desktop
Loaded Profiles: fujitsu (Available profiles: fujitsu)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] => "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {0d096d54-9f29-11e0-9a04-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {2ef62957-ac07-11e2-8ff1-e0ca94be5649} - E:\Startme.exe
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {9bb52cff-93a5-11e2-b690-e0ca94be5649} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {c6515bec-3c23-11e4-8c40-e0ca94be5649} - E:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> C:\Users\fujitsu\AppData\Roaming\jiewm\amdupdater64.exe (No File)
Startup: C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> C:\Users\fujitsu\AppData\Roaming\jiewm\tcpmonitor.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&ts=1424460394&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&ts=1424460394&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&ts=1424460394&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&ts=1424460394&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&ts=1424460394&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {A3D1E58E-2475-4517-8434-42060EEAF200} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&ts=1424460394&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&ts=1424460394&type=default&q={searchTerms}
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-02-19] (DVDVideoSoft Ltd.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-02-19] (DVDVideoSoft Ltd.)
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX

FireFox:
========
FF ProfilePath: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default
FF NewTab: www.google.de
FF SelectedSearchEngine: istartsurf
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2013-02-14] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\user.js [2015-02-22]
FF SearchPlugin: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\searchplugins\conduit-search.xml [2014-02-23]
FF SearchPlugin: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\searchplugins\youtube-videosuche.xml [2015-03-03]
FF Extension: Segurança do navegador Avira - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: No Name - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-27]
FF Extension: Adblock Plus - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-22]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-11]
CHR Extension: (Google Docs) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-11]
CHR Extension: (YouTube) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google Search) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-11]
CHR Extension: (Google Sheets) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Avira Browser Safety) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (Google Wallet) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-11]
CHR Extension: (Gmail) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
S2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-04] (Avira Operations GmbH & Co. KG)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 15:08 - 2015-04-15 15:09 - 00020527 _____ () C:\Users\fujitsu\Desktop\FRST.txt
2015-04-15 15:07 - 2015-04-15 15:08 - 00000000 ____D () C:\FRST
2015-04-15 14:35 - 2015-04-15 14:35 - 01136640 _____ (Farbar) C:\Users\fujitsu\Desktop\FRST.exe
2015-04-15 14:27 - 2015-04-15 14:27 - 02097152 _____ (Farbar) C:\Users\fujitsu\Desktop\FRST64.exe
2015-04-10 16:10 - 2015-04-10 16:16 - 169936496 _____ (AVG Technologies) C:\Users\fujitsu\Downloads\avg_free_x86_all_2015_ltst_222_5863.exe
2015-04-08 21:53 - 2015-04-08 21:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\fujitsu\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-08 15:34 - 2015-03-26 11:01 - 00000802 _____ () C:\Users\fujitsu\Desktop\HISTORIAS DEL KRONEN.m4v.lnk
2015-04-08 14:19 - 2015-04-08 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-26 19:50 - 2015-03-26 19:50 - 00000000 ____D () C:\Users\fujitsu\Tracing
2015-03-24 18:56 - 2015-03-24 18:56 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-24 18:56 - 2015-03-24 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-24 18:55 - 2015-03-24 18:56 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-24 18:55 - 2015-03-24 18:56 - 00000000 ____D () C:\Program Files\iTunes
2015-03-24 18:55 - 2015-03-24 18:55 - 00000000 ____D () C:\Program Files\iPod
2015-03-24 18:55 - 2015-03-24 18:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-16 00:20 - 2015-04-15 15:01 - 00000000 ___HD () C:\Users\fujitsu\AppData\Roaming\jiewm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 15:05 - 2009-07-14 06:45 - 00027104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 15:05 - 2009-07-14 06:45 - 00027104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 15:04 - 2011-06-25 14:48 - 01488018 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 15:02 - 2014-10-22 22:30 - 00000000 ___RD () C:\Users\fujitsu\Dropbox
2015-04-15 15:02 - 2014-10-20 21:58 - 00000000 ____D () C:\Users\fujitsu\AppData\Roaming\Dropbox
2015-04-15 15:01 - 2015-03-11 22:56 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 15:00 - 2015-03-11 22:56 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 15:00 - 2015-02-20 21:26 - 00001342 _____ () C:\Windows\Tasks\WSCY.job
2015-04-15 15:00 - 2015-02-20 21:25 - 00001346 _____ () C:\Windows\Tasks\RBNCQA.job
2015-04-15 15:00 - 2013-10-07 20:12 - 00058409 _____ () C:\Windows\setupact.log
2015-04-15 15:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 14:52 - 2015-01-07 18:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 14:38 - 2015-01-07 18:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 14:38 - 2013-03-23 13:42 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 14:38 - 2013-03-23 13:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 21:02 - 2015-03-11 22:57 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-12 22:51 - 2014-05-14 14:38 - 00000000 ____D () C:\Users\fujitsu\AppData\Roaming\Skype
2015-04-11 10:12 - 2015-03-10 10:58 - 00001025 _____ () C:\Users\fujitsu\Desktop\Dropbox.lnk
2015-04-09 21:10 - 2015-02-22 19:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 21:09 - 2015-02-22 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 21:09 - 2015-02-22 19:56 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 22:00 - 2015-02-22 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 21:47 - 2010-11-21 08:50 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2015-04-08 21:47 - 2010-11-21 08:50 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2015-04-08 21:47 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-08 21:38 - 2015-02-22 16:10 - 01203488 _____ () C:\Users\fujitsu\Downloads\TeamViewer - CHIP-Installer.exe
2015-04-07 20:39 - 2015-02-22 19:58 - 00000000 ____D () C:\Users\fujitsu\AppData\Roaming\Avira
2015-04-07 20:34 - 2013-11-12 13:05 - 00350912 _____ () C:\Windows\PFRO.log
2015-04-07 14:06 - 2015-02-22 19:56 - 00000000 ____D () C:\ProgramData\Avira
2015-03-26 19:50 - 2015-01-30 20:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 19:50 - 2014-05-14 14:38 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 19:50 - 2011-06-25 14:52 - 00000000 ____D () C:\Users\fujitsu
2015-03-24 18:55 - 2013-03-23 12:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-03-24 18:55 - 2013-03-23 12:09 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-24 18:51 - 2013-03-23 12:09 - 00000000 ____D () C:\ProgramData\Apple
2015-03-17 15:21 - 2013-10-23 22:25 - 00000000 ____D () C:\Users\fujitsu\Documents\Uni
2015-03-16 22:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\fujitsu\AppData\Roaming\RBNCQA
2014-03-26 19:45 - 2015-02-17 12:45 - 0000153 _____ () C:\Users\fujitsu\AppData\Roaming\WB.CFG
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\fujitsu\AppData\Roaming\WSCY
2014-02-22 12:45 - 2014-02-22 12:45 - 0003584 _____ () C:\Users\fujitsu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-14 15:20 - 2014-05-14 15:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\fujitsu\AppData\Local\Temp\A424ADB0-673E-6F3D-0843-6D4C81CBA564.dll
C:\Users\fujitsu\AppData\Local\Temp\avgnt.exe
C:\Users\fujitsu\AppData\Local\Temp\BackupSetup.exe
C:\Users\fujitsu\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpekw7g3.dll
C:\Users\fujitsu\AppData\Local\Temp\nsgB506.exe
C:\Users\fujitsu\AppData\Local\Temp\nsgB9E7.exe
C:\Users\fujitsu\AppData\Local\Temp\nsjAC21.exe
C:\Users\fujitsu\AppData\Local\Temp\nsq57B6.exe
C:\Users\fujitsu\AppData\Local\Temp\nsq5E6B.exe
C:\Users\fujitsu\AppData\Local\Temp\SkypeSetup.exe
C:\Users\fujitsu\AppData\Local\Temp\SPSetup.exe
C:\Users\fujitsu\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 22:00

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 01
Ran by fujitsu at 2015-04-15 15:09:38
Running from C:\Users\fujitsu\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Dropbox (HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Free YouTube Download version 3.2.23.219 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.23.219 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.55.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.55.219 - DVDVideoSoft Ltd.)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - Ihr Firmenname) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Go (HKLM-x32\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.104.02020 (HKLM-x32\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.104.02020 - Sony)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
RUBICon (HKLM-x32\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.10.201308300830 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.226 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.226 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wireless Selector (HKLM-x32\...\InstallShield_{51692C66-5505-41B8-92A7-548C69FB867C}) (Version:  - )
Wireless Selector (Version: 4.01.00.101 - FUJITSU LIMITED) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

23-02-2015 00:28:28 Windows Update
02-03-2015 17:12:14 Geplanter Prüfpunkt
13-03-2015 10:42:34 Windows Update
13-03-2015 16:30:32 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01C16AEC-2350-4D51-A149-D2DAF049239B} - System32\Tasks\{AF6931D8-024E-4DBB-9D58-D86DB45E060F} => pcalua.exe -a C:\Users\fujitsu\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=tugs
Task: {020D8813-F975-4C5D-B763-04035C0AA275} - System32\Tasks\WSCY => C:\Users\fujitsu\AppData\Roaming\WSCY.exe <==== ATTENTION
Task: {336D9168-F61E-4232-9AA4-F890C228B813} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {469BD73A-44A5-4EEF-B2A9-6D56D724B779} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {6BE217D2-944E-4BE3-BABC-BDB7D5CCB6FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {90340F64-6D66-43B2-A1D9-FA53DCBEAD70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-11] (Google Inc.)
Task: {ACCB8012-AFBB-4C93-9DD1-B41CCD82F301} - System32\Tasks\RBNCQA => C:\Users\fujitsu\AppData\Roaming\RBNCQA.exe <==== ATTENTION
Task: {B21E2094-B831-4187-B6A3-A4053516BF4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-11] (Google Inc.)
Task: {C67D26ED-799E-40D5-B552-785E4F1F1A09} - System32\Tasks\{E0B7FEE2-EB38-49C0-A5FF-4C04ADCA6B61} => pcalua.exe -a C:\Users\fujitsu\Downloads\64bit_Win7_Win8_Win81_R273.exe -d C:\Users\fujitsu\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RBNCQA.job => C:\Users\fujitsu\AppData\Roaming\RBNCQA.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSCY.job => C:\Users\fujitsu\AppData\Roaming\WSCY.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4260229613-1467637384-3163779687-500 - Administrator - Disabled)
fujitsu (S-1-5-21-4260229613-1467637384-3163779687-1000 - Administrator - Enabled) => C:\Users\fujitsu
Gast (S-1-5-21-4260229613-1467637384-3163779687-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4260229613-1467637384-3163779687-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2015 03:08:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 03:02:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 02:55:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 02:23:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 08:43:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2015 00:18:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4743

Error: (04/14/2015 00:18:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4743

Error: (04/14/2015 00:18:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2015 10:02:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 08:41:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/15/2015 03:06:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/15/2015 03:06:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/15/2015 03:06:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/15/2015 03:06:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/15/2015 03:06:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/15/2015 03:06:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/15/2015 03:06:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/15/2015 03:06:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/15/2015 03:06:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/15/2015 03:06:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 25%
Total physical RAM: 3892.55 MB
Available physical RAM: 2894.17 MB
Total Pagefile: 7783.3 MB
Available Pagefile: 6809.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:348.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 340B6EB1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka 15.04.2015 14:36
Bitte mal diesen Fix machen und dann versuchen im Normalmodus mit FRST zu scannen:

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
Startup: C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> C:\Users\fujitsu\AppData\Roaming\jiewm\tcpmonitor.exe (Microsoft Corporation)
 C:\Users\fujitsu\AppData\Roaming\jiewm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.istartsurf.com/web/?
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.istartsurf.com/web/?
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {A3D1E58E-2475-4517-8434-42060EEAF200} URL = hxxp://www.istartsurf.com/web/?
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?
Task: {01C16AEC-2350-4D51-A149-D2DAF049239B} - System32\Tasks\{AF6931D8-024E-4DBB-9D58-D86DB45E060F} =>
Task: {020D8813-F975-4C5D-B763-04035C0AA275} - System32\Tasks\WSCY => C:\Users\fujitsu\AppData\Roaming\WSCY.exe
Task: {336D9168-F61E-4232-9AA4-F890C228B813} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe
Task: {ACCB8012-AFBB-4C93-9DD1-B41CCD82F301} - System32\Tasks\RBNCQA => C:\Users\fujitsu\AppData\Roaming\RBNCQA.exe
Task: C:\Windows\Tasks\RBNCQA.job => C:\Users\fujitsu\AppData\Roaming\RBNCQA.exe
Task: C:\Windows\Tasks\WSCY.job => C:\Users\fujitsu\AppData\Roaming\WSCY.exe
C:\Users\fujitsu\AppData\Roaming\WSCY.exe
C:\Users\fujitsu\AppData\Roaming\RBNCQA.exe
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

LenaR 15.04.2015 17:32
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 01
Ran by fujitsu at 2015-04-15 18:25:19 Run:1
Running from C:\Users\fujitsu\Desktop\FRST
Loaded Profiles: fujitsu (Available profiles: fujitsu)
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
Startup: C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> C:\Users\fujitsu\AppData\Roaming\jiewm\tcpmonitor.exe (Microsoft Corporation)
 C:\Users\fujitsu\AppData\Roaming\jiewm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424460275&
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.istartsurf.com/web/?
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.istartsurf.com/web/?
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {A3D1E58E-2475-4517-8434-42060EEAF200} URL = hxxp://www.istartsurf.com/web/?
SearchScopes: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?
Task: {01C16AEC-2350-4D51-A149-D2DAF049239B} - System32\Tasks\{AF6931D8-024E-4DBB-9D58-D86DB45E060F} =>
Task: {020D8813-F975-4C5D-B763-04035C0AA275} - System32\Tasks\WSCY => C:\Users\fujitsu\AppData\Roaming\WSCY.exe
Task: {336D9168-F61E-4232-9AA4-F890C228B813} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe
Task: {ACCB8012-AFBB-4C93-9DD1-B41CCD82F301} - System32\Tasks\RBNCQA => C:\Users\fujitsu\AppData\Roaming\RBNCQA.exe
Task: C:\Windows\Tasks\RBNCQA.job => C:\Users\fujitsu\AppData\Roaming\RBNCQA.exe
Task: C:\Windows\Tasks\WSCY.job => C:\Users\fujitsu\AppData\Roaming\WSCY.exe
C:\Users\fujitsu\AppData\Roaming\WSCY.exe
C:\Users\fujitsu\AppData\Roaming\RBNCQA.exe
       
*****************

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk => Moved successfully.
C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk => Moved successfully.
C:\Users\fujitsu\AppData\Roaming\jiewm\tcpmonitor.exe not found.
C:\Users\fujitsu\AppData\Roaming\jiewm => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found.
"HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A3D1E58E-2475-4517-8434-42060EEAF200}" => Key deleted successfully.
HKCR\CLSID\{A3D1E58E-2475-4517-8434-42060EEAF200} => Key not found.
"HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01C16AEC-2350-4D51-A149-D2DAF049239B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01C16AEC-2350-4D51-A149-D2DAF049239B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AF6931D8-024E-4DBB-9D58-D86DB45E060F} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF6931D8-024E-4DBB-9D58-D86DB45E060F} => => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{020D8813-F975-4C5D-B763-04035C0AA275}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{020D8813-F975-4C5D-B763-04035C0AA275}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSCY => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSCY" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{336D9168-F61E-4232-9AA4-F890C228B813}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{336D9168-F61E-4232-9AA4-F890C228B813}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACCB8012-AFBB-4C93-9DD1-B41CCD82F301}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACCB8012-AFBB-4C93-9DD1-B41CCD82F301}" => Key deleted successfully.
C:\Windows\System32\Tasks\RBNCQA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RBNCQA" => Key deleted successfully.
C:\Windows\Tasks\RBNCQA.job => Moved successfully.
C:\Windows\Tasks\WSCY.job => Moved successfully.
"C:\Users\fujitsu\AppData\Roaming\WSCY.exe" => File/Directory not found.
"C:\Users\fujitsu\AppData\Roaming\RBNCQA.exe" => File/Directory not found.

==== End of Fixlog 18:25:19 ====

deeprybka 15.04.2015 19:04
Gut, wie schaut's aus mit nem FRST-Scan im Normalmodus? :)

LenaR 15.04.2015 19:16
Hat geklappt! Hier die Datei:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 01
Ran by fujitsu (administrator) on FUJITSU-PC on 15-04-2015 20:11:46
Running from C:\Users\fujitsu\Desktop
Loaded Profiles: fujitsu (Available profiles: fujitsu)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] => "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {0d096d54-9f29-11e0-9a04-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {2ef62957-ac07-11e2-8ff1-e0ca94be5649} - E:\Startme.exe
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {9bb52cff-93a5-11e2-b690-e0ca94be5649} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {c6515bec-3c23-11e4-8c40-e0ca94be5649} - E:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-02-19] (DVDVideoSoft Ltd.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-02-19] (DVDVideoSoft Ltd.)
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1424460275&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX

FireFox:
========
FF ProfilePath: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default
FF NewTab: www.google.de
FF SelectedSearchEngine: istartsurf
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2013-02-14] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\user.js [2015-02-22]
FF SearchPlugin: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\searchplugins\conduit-search.xml [2014-02-23]
FF SearchPlugin: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\searchplugins\youtube-videosuche.xml [2015-03-03]
FF Extension: Segurança do navegador Avira - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: No Name - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-27]
FF Extension: Adblock Plus - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-22]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-11]
CHR Extension: (Google Docs) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-11]
CHR Extension: (YouTube) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google Search) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-11]
CHR Extension: (Google Sheets) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Avira Browser Safety) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (Google Wallet) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-11]
CHR Extension: (Gmail) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-04] (Avira Operations GmbH & Co. KG)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 18:23 - 2015-04-15 18:23 - 00004270 _____ () C:\Users\fujitsu\Downloads\Einfügen.txt
2015-04-15 15:09 - 2015-04-15 15:09 - 00020266 _____ () C:\Users\fujitsu\Desktop\Addition.txt
2015-04-15 15:08 - 2015-04-15 20:11 - 00018256 _____ () C:\Users\fujitsu\Desktop\FRST.txt
2015-04-15 15:07 - 2015-04-15 20:11 - 00000000 ____D () C:\FRST
2015-04-15 14:35 - 2015-04-15 14:35 - 01136640 _____ (Farbar) C:\Users\fujitsu\Desktop\FRST.exe
2015-04-15 14:27 - 2015-04-15 14:27 - 02097152 _____ (Farbar) C:\Users\fujitsu\Desktop\FRST64.exe
2015-04-10 16:10 - 2015-04-10 16:16 - 169936496 _____ (AVG Technologies) C:\Users\fujitsu\Downloads\avg_free_x86_all_2015_ltst_222_5863.exe
2015-04-08 21:53 - 2015-04-08 21:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\fujitsu\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-08 14:19 - 2015-04-08 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-26 19:50 - 2015-03-26 19:50 - 00000000 ____D () C:\Users\fujitsu\Tracing
2015-03-24 18:56 - 2015-03-24 18:56 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-24 18:56 - 2015-03-24 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-24 18:55 - 2015-03-24 18:56 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-24 18:55 - 2015-03-24 18:56 - 00000000 ____D () C:\Program Files\iTunes
2015-03-24 18:55 - 2015-03-24 18:55 - 00000000 ____D () C:\Program Files\iPod
2015-03-24 18:55 - 2015-03-24 18:55 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 20:01 - 2015-03-11 22:56 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 19:38 - 2015-01-07 18:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 19:01 - 2014-05-14 14:38 - 00000000 ____D () C:\Users\fujitsu\AppData\Roaming\Skype
2015-04-15 18:38 - 2009-07-14 06:45 - 00027104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 18:38 - 2009-07-14 06:45 - 00027104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 18:34 - 2011-06-25 14:48 - 01506726 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 18:30 - 2014-10-22 22:30 - 00000000 ___RD () C:\Users\fujitsu\Dropbox
2015-04-15 18:30 - 2014-10-20 21:58 - 00000000 ____D () C:\Users\fujitsu\AppData\Roaming\Dropbox
2015-04-15 18:29 - 2015-03-11 22:56 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 18:29 - 2013-10-07 20:12 - 00058633 _____ () C:\Windows\setupact.log
2015-04-15 18:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 14:38 - 2015-01-07 18:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 14:38 - 2013-03-23 13:42 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 14:38 - 2013-03-23 13:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 21:02 - 2015-03-11 22:57 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-11 10:12 - 2015-03-10 10:58 - 00001025 _____ () C:\Users\fujitsu\Desktop\Dropbox.lnk
2015-04-09 21:10 - 2015-02-22 19:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 21:09 - 2015-02-22 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 21:09 - 2015-02-22 19:56 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 22:00 - 2015-02-22 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 21:47 - 2010-11-21 08:50 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2015-04-08 21:47 - 2010-11-21 08:50 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2015-04-08 21:47 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-08 21:38 - 2015-02-22 16:10 - 01203488 _____ () C:\Users\fujitsu\Downloads\TeamViewer - CHIP-Installer.exe
2015-04-07 20:39 - 2015-02-22 19:58 - 00000000 ____D () C:\Users\fujitsu\AppData\Roaming\Avira
2015-04-07 20:34 - 2013-11-12 13:05 - 00350912 _____ () C:\Windows\PFRO.log
2015-04-07 14:06 - 2015-02-22 19:56 - 00000000 ____D () C:\ProgramData\Avira
2015-03-26 19:50 - 2015-01-30 20:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 19:50 - 2014-05-14 14:38 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 19:50 - 2011-06-25 14:52 - 00000000 ____D () C:\Users\fujitsu
2015-03-24 18:55 - 2013-03-23 12:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-03-24 18:55 - 2013-03-23 12:09 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-24 18:51 - 2013-03-23 12:09 - 00000000 ____D () C:\ProgramData\Apple
2015-03-17 15:21 - 2013-10-23 22:25 - 00000000 ____D () C:\Users\fujitsu\Documents\Uni
2015-03-16 22:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\fujitsu\AppData\Roaming\RBNCQA
2014-03-26 19:45 - 2015-02-17 12:45 - 0000153 _____ () C:\Users\fujitsu\AppData\Roaming\WB.CFG
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\fujitsu\AppData\Roaming\WSCY
2014-02-22 12:45 - 2014-02-22 12:45 - 0003584 _____ () C:\Users\fujitsu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-14 15:20 - 2014-05-14 15:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\fujitsu\AppData\Local\Temp\A424ADB0-673E-6F3D-0843-6D4C81CBA564.dll
C:\Users\fujitsu\AppData\Local\Temp\avgnt.exe
C:\Users\fujitsu\AppData\Local\Temp\BackupSetup.exe
C:\Users\fujitsu\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7mg69v.dll
C:\Users\fujitsu\AppData\Local\Temp\nsgB506.exe
C:\Users\fujitsu\AppData\Local\Temp\nsgB9E7.exe
C:\Users\fujitsu\AppData\Local\Temp\nsjAC21.exe
C:\Users\fujitsu\AppData\Local\Temp\nsq57B6.exe
C:\Users\fujitsu\AppData\Local\Temp\nsq5E6B.exe
C:\Users\fujitsu\AppData\Local\Temp\SkypeSetup.exe
C:\Users\fujitsu\AppData\Local\Temp\SPSetup.exe
C:\Users\fujitsu\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 22:00

==================== End Of Log ============================
--- --- ---

deeprybka 15.04.2015 19:46
Prima.

Kannst Du bitte das machen:

Schritt 1

http://deeprybka.trojaner-board.de/b...d/uploadch.PNG
Upload:
  • Link zum Upload-Channel.
  • Deaktiviere Dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Klicke auf der Seite des Upload-Channels auf http://deeprybka.trojaner-board.de/b...upload%203.PNG
  • Kopiere folgende Zeile(n) in das Dateiname-Feld und anschließend jeweils auf Öffnen.
    Code:
    C:\FRST\Quarantine.zip

Bitte um Rückmeldung ob es geklappt hat! ;)
Danke für Deine Hilfe!

LenaR 15.04.2015 20:38
Habs gemacht, aber bin mir nicht sicher ob ich es richtig gemacht habe. Müsste die Datei und mein Kommentar dazu dann hier angezeigt werden?

deeprybka 15.04.2015 20:46
Warte ich schau mal... :D

deeprybka 15.04.2015 21:01
Hast Du alles prima gemacht! Danke :daumenhoc

Wir machen dann mal so weiter:

Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

http://deeprybka.trojaner-board.de/m...mbamlogo4a.pnghttp://deeprybka.trojaner-board.de/m...mbamlogo4b.png
  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 3

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

LenaR 17.04.2015 13:15
Zu Schritt 1:
Code:
# AdwCleaner v4.201 - Bericht erstellt 17/04/2015 um 13:04:20
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : fujitsu - FUJITSU-PC
# Gestarted von : C:\Users\fujitsu\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\fujitsu\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\fujitsu\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\fujitsu\AppData\Roaming\OpenCandy
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\patsearch.bin
Datei Gelöscht : C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\searchplugins\conduit-search.xml
Datei Gelöscht : C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\mysearchdial.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\ContextTrue
Schlüssel Gelöscht : HKCU\Software\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\SearchProtectWS
Schlüssel Gelöscht : HKCU\Software\Squeaky
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\CheckMeUp
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.1 (x86 de)

[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1424460367&from=tugs&uid=HGSTXHTS545050A7E380_TE854349HBPBDRHBPBDRX&q={searchTerms}");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "14ba878df21cbd8c6f6f65794ef89f7b");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.AL", 2);
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.aflt", "dvd_14_13_ff");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyD0Czy0A0DzzyCyEyB0C0BzyyBtBzyyDtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzyyDzy0AtCtAyEtGyCyBtDy[...]
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.cr", "696241754");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dfltSrch", false);
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dpk_blck", "true");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "11B7BE861FC3666E75FF3D016A5F0945");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.hmpg", false);
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_13_ff&cd=2XzuyEtN2Y1L1QzuyD0Czy0A0DzzyCyEyB0C0BzyyBtBzyyDtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEt[...]
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.id", "5C9AD8647CB97295");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.instlDay", "16155");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.instlRef", "140305_a");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPCE45983D-5BAF-451B-8750-A14A557FEB3B&SSPV=");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.018:45:6");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dvd_14_13_ff&cd=2XzuyEtN2Y1L1QzuyD0Czy0A0DzzyCyEyB0C0BzyyBtBzyyDtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCy[...]
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.sg", "none");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dvd_14_13_ff&cd=2XzuyEtN2Y1L1QzuyD0Czy0A0DzzyCyEyB0C0BzyyBtBzyyDtN0D0Tzu0SzztCyCtN1L2XzutBtFtCzztFtBtFtDtN1L1Czut[...]
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.018:45:6");
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[62eq5cg8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v42.0.2311.90


*************************

AdwCleaner[R0].txt - [9336 Bytes] - [17/04/2015 13:02:14]
AdwCleaner[S0].txt - [9028 Bytes] - [17/04/2015 13:04:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9087  Bytes] ##########
Zu Schritt 2 (hierzu hat er automatisch zwei Logs erstellt):
Code:
<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2015/04/17 13:20:40 +0200</date>

<logfile>mbam-log-2015-04-17 (13-20-37).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.01.4.1018</version>

<malware-database>v2015.04.17.02</malware-database>

<rootkit-database>v2015.03.31.01</rootkit-database>

<license>trial</license>

<file-protection>enabled</file-protection>

<web-protection>enabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>fujitsu</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>347211</objects>

<time>2154</time>

<processes>0</processes>

<modules>0</modules>

<keys>3</keys>

<values>0</values>

<datas>0</datas>

<folders>1</folders>

<files>23</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>3c6a501dfe8cd660f073f254a959926e</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>3c6a501dfe8cd660f073f254a959926e</hash>

</key>


-<key>

<path>HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\SOFTWARE\OpenBrwsrAppr3.2-nv-ie</path>

<vendor>PUP.Optional.BrowserApps.A</vendor>

<action>success</action>

<hash>2c7abbb2d5b55adc7a395a6e857eef11</hash>

</key>


-<folder>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134</path>

<vendor>PUP.Optional.GlobalUpdate.A</vendor>

<action>success</action>

<hash>fea8383535557bbbc8dbaaf61ee5817f</hash>

</folder>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\SPSetup.exe</path>

<vendor>PUP.Optional.Conduit.A</vendor>

<action>success</action>

<hash>b5f1006dfe8c69cd42ad3a14dc25e61a</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\nsgB506.exe</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>aef839342f5b6bcb48b35603e81948b8</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\nsgB9E7.exe</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>acfa0b62ec9e0a2c00fb3f1a27da46ba</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\nsjAC21.exe</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>fea875f85e2ca69038c389d0b051718f</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\nsq57B6.exe</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>36707df0533796a03ebde0799b6610f0</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\nsq5E6B.exe</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>7531a5c885054aec52a9cc8db24f857b</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\d22063f9-c897-46fb-93c1-2bad46768315\cloud_backup_setup.exe</path>

<vendor>PUP.Optional.MyPCBackup.SID.A</vendor>

<action>success</action>

<hash>f5b13e2fdcaec57167ca241a8e78857b</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\df894bab-a568-4763-9a7c-46381543437f\lly_istartsurf.exe</path>

<vendor>PUP.Optional.IStartsurf.A</vendor>

<action>success</action>

<hash>ecbaacc10d7d280ed8e742fa33d3966a</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\nsqDAC9\SpSetup.exe</path>

<vendor>PUP.Optional.Conduit.A</vendor>

<action>success</action>

<hash>1e88e687a8e2de587a757ed0d1302ed2</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134\GoogleCrashHandler.exe</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>5155d29b3d4d1f17b9aaf15542c020e0</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134\GoogleUpdate.exe</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>3c6a501dfe8cd660f073f254a959926e</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134\GoogleUpdateBroker.exe</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>525491dc1a702d09e97a69ddb54d9b65</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134\GoogleUpdateOnDemand.exe</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>7b2b3f2edcae60d6bea5262019e93fc1</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134\goopdate.dll</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>cbdb0e5f147676c0b6ad1a2c62a09b65</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134\goopdateres_en.dll</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>396d610c3357cf678bd868de7290a65a</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134\npGoogleUpdate4.dll</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>c5e1cba267238ea80b584cfafe0451af</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134\psmachine.dll</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>6244c2ab701a261099cae0667c86f10f</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134\psuser.dll</path>

<vendor>PUP.Optional.ModGoog</vendor>

<action>success</action>

<hash>33737af32367092dbaa973d3bd4507f9</hash>

</file>


-<file>

<path>C:\Windows\Temp\nsmDC8D.exe</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>970f2548abdf5cdab4476cedd0319967</hash>

</file>


-<file>

<path>C:\Windows\Temp\nsr6403.exe</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>485ec1ac9ceeb581cd2e9abf3fc2f010</hash>

</file>


-<file>

<path>C:\Windows\Temp\nsx58CE.exe</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>8b1b75f8830740f6af4c5108e120ff01</hash>

</file>


-<file>

<path>C:\Windows\Temp\nsx6423.exe</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>7630c8a5b0dae84e11ea89d00ef3f010</hash>

</file>


-<file>

<path>C:\Users\fujitsu\AppData\Local\Temp\comh.370134\GoogleUpdateHelper.msi</path>

<vendor>PUP.Optional.GlobalUpdate.A</vendor>

<action>success</action>

<hash>fea8383535557bbbc8dbaaf61ee5817f</hash>

</file>

</items>

</mbam-log>
Code:
<?xml version="1.0" encoding="UTF-8"?>

-<logs>

<record subtype="Malware Protection" result="Starting" last_modified_tag="4a571a78-3d83-41e1-a1c8-e11cc195b555" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:18:04.391004+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Started" last_modified_tag="9c5bd5d0-d350-4589-86ac-577942805e83" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:18:04.406604+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="d44d7181-d018-4fda-b124-6b4db1067fc8" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:18:04.453404+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Started" last_modified_tag="31616027-59c9-4ea7-87d5-fa7cf445324b" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:18:05.077405+02:00" LoggingEventType="2" severity="debug"/>

<record last_modified_tag="85c5456b-ca24-411a-b793-9fe30c0fa378" systemname="FUJITSU-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-17T13:18:10.679815+02:00" LoggingEventType="1" severity="debug" toVersion="2015.3.31.1" name="Rootkit Database" fromVersion="2015.2.25.1"/>

<record last_modified_tag="0d0110f4-8671-4195-90ce-3c95a2f694a1" systemname="FUJITSU-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-17T13:18:10.726615+02:00" LoggingEventType="1" severity="debug" toVersion="2015.4.6.2" name="Remediation Database" fromVersion="2015.3.9.1"/>

<record last_modified_tag="07895d53-e3fe-49fd-aa55-c1c1b599c9d7" systemname="FUJITSU-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-17T13:18:52.456688+02:00" LoggingEventType="1" severity="debug" toVersion="2015.4.17.2" name="Malware Database" fromVersion="2015.3.9.5"/>

<record subtype="Refresh" result="Starting" last_modified_tag="9c2a7ab5-dba8-4029-9ce9-f5237670d1f4" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:18:52.519088+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="53be80ee-3285-46f1-851e-38543f04b7c7" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:18:52.534688+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="694ef751-070c-4b81-b9f8-15d4468c942f" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:18:52.659489+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Refresh" result="Success" last_modified_tag="6d3fa386-fce1-48c2-a2ce-792ac3096c30" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:19:02.206705+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="8ec61a1e-654a-4144-a141-03f5d2b995dd" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:19:02.331506+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Started" last_modified_tag="6272f788-b560-4ccd-ad19-58acdc349c16" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:19:02.596706+02:00" LoggingEventType="2" severity="debug"/>

<record last_modified_tag="820892fe-3cc3-417a-9742-9bf38f0f2cda" systemname="FUJITSU-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2015-04-17T13:20:20.661243+02:00" LoggingEventType="6" severity="debug" scanresult="canceled" nonmalwaredetections="0" malwaredetections="0" duration="82" starttime="2015-04-17T13:18:58+02:00" scantype="threat"/>

<record last_modified_tag="21ba0e97-e066-42b6-a031-dc610aeb51c4" systemname="FUJITSU-PC" username="SYSTEM" type="Update" source="Scheduler" datetime="2015-04-17T13:52:27.459338+02:00" LoggingEventType="1" severity="debug" toVersion="2015.4.17.3" name="Malware Database" fromVersion="2015.4.17.2"/>

<record subtype="Refresh" result="Starting" last_modified_tag="7a7262b5-9804-4827-b1eb-f5f85c95fd8f" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:52:27.715352+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="49845fba-74b4-46a7-a267-8d8bda4614d5" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:52:27.812358+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="39ff6959-af09-4749-a176-275d6e502385" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:52:27.969367+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Refresh" result="Success" last_modified_tag="d55decb3-c9cd-4210-9e5c-0dba5a1e44e4" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:53:38.613408+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="548c2c40-5f04-44fe-aa4d-a97da94f89ca" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:53:38.637409+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Started" last_modified_tag="4d3f0b9f-75a3-4b89-9133-f60f5decb29a" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T13:53:39.008430+02:00" LoggingEventType="2" severity="debug"/>

<record last_modified_tag="048c143f-4abe-4cd6-8a03-dcc2a0af9b4c" systemname="FUJITSU-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2015-04-17T13:58:43.397013+02:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="27" malwaredetections="0" duration="2154" starttime="2015-04-17T13:20:40+02:00" scantype="threat"/>

<record subtype="Malware Protection" result="Starting" last_modified_tag="7103e4bc-79c1-4685-9dd8-3097c91c0c38" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T14:01:00.141865+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malware Protection" result="Started" last_modified_tag="74074a73-64c7-492d-84b8-c29afda97666" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T14:01:00.157465+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="3edda08c-938f-4499-a4fe-a2e0e599203d" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T14:01:00.173065+02:00" LoggingEventType="2" severity="debug"/>

<record subtype="Malicious Website Protection" result="Started" last_modified_tag="08aa33cf-386d-4b19-9736-47fc0765eaef" systemname="FUJITSU-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-17T14:01:59.031968+02:00" LoggingEventType="2" severity="debug"/>

</logs>
Zu Schritt 3:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by fujitsu at 2015-04-17 14:13:42
Running from C:\Users\fujitsu\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Dropbox (HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Free YouTube Download version 3.2.23.219 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.23.219 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.55.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.55.219 - DVDVideoSoft Ltd.)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - Ihr Firmenname) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Go (HKLM-x32\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.104.02020 (HKLM-x32\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.104.02020 - Sony)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
RUBICon (HKLM-x32\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.10.201308300830 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.226 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.226 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wireless Selector (HKLM-x32\...\InstallShield_{51692C66-5505-41B8-92A7-548C69FB867C}) (Version:  - )
Wireless Selector (Version: 4.01.00.101 - FUJITSU LIMITED) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4260229613-1467637384-3163779687-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-03-2015 17:12:14 Geplanter Prüfpunkt
13-03-2015 10:42:34 Windows Update
13-03-2015 16:30:32 Windows Update
15-04-2015 23:09:53 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {469BD73A-44A5-4EEF-B2A9-6D56D724B779} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {6BE217D2-944E-4BE3-BABC-BDB7D5CCB6FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {90340F64-6D66-43B2-A1D9-FA53DCBEAD70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-11] (Google Inc.)
Task: {B21E2094-B831-4187-B6A3-A4053516BF4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-11] (Google Inc.)
Task: {C67D26ED-799E-40D5-B552-785E4F1F1A09} - System32\Tasks\{E0B7FEE2-EB38-49C0-A5FF-4C04ADCA6B61} => pcalua.exe -a C:\Users\fujitsu\Downloads\64bit_Win7_Win8_Win81_R273.exe -d C:\Users\fujitsu\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-21 18:31 - 2009-07-21 18:31 - 00062312 _____ () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
2015-03-16 10:56 - 2015-03-16 10:56 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll
2015-04-17 14:02 - 2015-04-17 14:02 - 00043008 _____ () c:\users\fujitsu\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuka2fu.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 87.216.1.65 - 87.216.1.66

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4260229613-1467637384-3163779687-500 - Administrator - Disabled)
fujitsu (S-1-5-21-4260229613-1467637384-3163779687-1000 - Administrator - Enabled) => C:\Users\fujitsu
Gast (S-1-5-21-4260229613-1467637384-3163779687-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4260229613-1467637384-3163779687-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2015 02:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 01:08:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 00:51:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2015 06:01:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5350

Error: (04/16/2015 06:01:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5350

Error: (04/16/2015 06:01:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/16/2015 06:01:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4321

Error: (04/16/2015 06:01:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4321

Error: (04/16/2015 06:01:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/16/2015 06:01:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3307


System errors:
=============
Error: (04/17/2015 01:04:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (04/17/2015 01:04:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/17/2015 01:04:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (04/17/2015 01:04:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v2.0.50727_X64" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/17/2015 01:04:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/17/2015 01:04:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/17/2015 01:04:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/17/2015 01:04:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/17/2015 01:04:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/17/2015 01:04:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 41%
Total physical RAM: 3892.55 MB
Available physical RAM: 2261.39 MB
Total Pagefile: 7783.3 MB
Available Pagefile: 5607.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:349.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 340B6EB1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by fujitsu (administrator) on FUJITSU-PC on 17-04-2015 14:12:02
Running from C:\Users\fujitsu\Desktop
Loaded Profiles: fujitsu (Available profiles: fujitsu)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(Dropbox, Inc.) C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] => "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {0d096d54-9f29-11e0-9a04-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {2ef62957-ac07-11e2-8ff1-e0ca94be5649} - E:\Startme.exe
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {9bb52cff-93a5-11e2-b690-e0ca94be5649} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\MountPoints2: {c6515bec-3c23-11e4-8c40-e0ca94be5649} - E:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fujitsu\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66

FireFox:
========
FF ProfilePath: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default
FF NewTab: www.google.de
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2013-02-14] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\searchplugins\youtube-videosuche.xml [2015-03-03]
FF Extension: Segurança do navegador Avira - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: No Name - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-27]
FF Extension: Adblock Plus - C:\Users\fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\62eq5cg8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-22]
FF HKU\S-1-5-21-4260229613-1467637384-3163779687-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-11]
CHR Extension: (Google Docs) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-11]
CHR Extension: (YouTube) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google Search) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-11]
CHR Extension: (Google Sheets) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Avira Browser Safety) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-11]
CHR Extension: (Bookmark Manager) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (Google Wallet) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-11]
CHR Extension: (Gmail) - C:\Users\fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-04] (Avira Operations GmbH & Co. KG)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 14:11 - 2015-04-17 14:11 - 00000000 ____D () C:\Users\fujitsu\Desktop\FRST-OlderVersion
2015-04-17 13:18 - 2015-04-17 14:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-17 13:17 - 2015-04-17 13:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-17 13:17 - 2015-04-17 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-17 13:17 - 2015-04-17 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-17 13:17 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-17 13:17 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-17 13:17 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-17 13:13 - 2015-04-17 13:15 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\fujitsu\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-17 13:12 - 2015-04-17 13:12 - 00009179 _____ () C:\Users\fujitsu\Desktop\AdwCleaner[S0].txt
2015-04-17 13:02 - 2015-04-17 13:04 - 00000000 ____D () C:\AdwCleaner
2015-04-17 12:57 - 2015-04-17 12:58 - 02217984 _____ () C:\Users\fujitsu\Desktop\AdwCleaner_4.201.exe
2015-04-15 18:23 - 2015-04-15 18:23 - 00004270 _____ () C:\Users\fujitsu\Downloads\Einfügen.txt
2015-04-15 15:09 - 2015-04-15 15:09 - 00020266 _____ () C:\Users\fujitsu\Desktop\Addition.txt
2015-04-15 15:08 - 2015-04-17 14:13 - 00018107 _____ () C:\Users\fujitsu\Desktop\FRST.txt
2015-04-15 15:07 - 2015-04-17 14:12 - 00000000 ____D () C:\FRST
2015-04-15 14:45 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 14:45 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 14:45 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 14:45 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 14:45 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 14:45 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 14:45 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 14:45 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 14:45 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 14:45 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 14:45 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 14:45 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 14:45 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 14:45 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 14:45 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 14:45 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 14:45 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 14:45 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 14:45 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 14:45 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 14:45 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 14:45 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 14:45 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 14:45 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 14:44 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 14:44 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 14:44 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 14:44 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 14:44 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 14:44 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 14:44 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 14:44 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 14:44 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 14:44 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 14:44 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 14:44 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 14:44 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 14:44 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 14:44 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 14:44 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 14:44 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 14:44 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 14:44 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 14:44 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 14:44 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 14:44 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 14:44 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 14:44 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 14:44 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 14:44 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 14:44 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 14:44 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 14:44 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 14:44 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 14:44 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 14:44 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 14:44 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 14:44 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 14:44 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 14:44 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 14:44 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 14:44 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 14:44 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 14:44 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 14:44 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 14:44 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 14:44 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 14:44 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 14:44 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 14:44 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 14:44 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 14:44 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 14:44 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 14:44 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 14:44 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 14:44 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 14:44 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 14:44 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 14:44 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 14:44 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 14:44 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 14:44 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 14:44 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 14:44 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 14:44 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 14:44 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 14:44 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 14:44 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 14:44 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 14:44 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 14:44 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 14:44 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 14:44 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 14:44 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 14:44 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 14:44 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 14:44 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 14:44 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 14:44 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 14:44 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 14:44 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 14:44 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 14:44 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 14:44 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 14:44 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 14:44 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 14:44 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 14:44 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 14:44 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 14:44 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 14:44 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 14:44 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 14:44 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 14:44 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 14:44 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 14:44 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 14:44 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 14:44 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 14:44 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 14:39 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 14:39 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 14:39 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 14:27 - 2015-04-17 14:11 - 02097664 _____ (Farbar) C:\Users\fujitsu\Desktop\FRST64.exe
2015-04-10 16:10 - 2015-04-10 16:16 - 169936496 _____ (AVG Technologies) C:\Users\fujitsu\Downloads\avg_free_x86_all_2015_ltst_222_5863.exe
2015-04-08 14:19 - 2015-04-08 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-26 19:50 - 2015-03-26 19:50 - 00000000 ____D () C:\Users\fujitsu\Tracing
2015-03-24 18:56 - 2015-03-24 18:56 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-24 18:56 - 2015-03-24 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-24 18:55 - 2015-03-24 18:56 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-24 18:55 - 2015-03-24 18:56 - 00000000 ____D () C:\Program Files\iTunes
2015-03-24 18:55 - 2015-03-24 18:55 - 00000000 ____D () C:\Program Files\iPod
2015-03-24 18:55 - 2015-03-24 18:55 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 14:10 - 2009-07-14 06:45 - 00027104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 14:10 - 2009-07-14 06:45 - 00027104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 14:08 - 2011-06-25 14:48 - 01940682 _____ () C:\Windows\WindowsUpdate.log
2015-04-17 14:03 - 2014-10-22 22:30 - 00000000 ___RD () C:\Users\fujitsu\Dropbox
2015-04-17 14:03 - 2014-10-20 21:58 - 00000000 ____D () C:\Users\fujitsu\AppData\Roaming\Dropbox
2015-04-17 14:01 - 2015-03-11 22:56 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-17 14:00 - 2015-03-11 22:56 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-17 14:00 - 2013-11-12 13:05 - 00357316 _____ () C:\Windows\PFRO.log
2015-04-17 14:00 - 2013-10-07 20:12 - 00058913 _____ () C:\Windows\setupact.log
2015-04-17 14:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-17 13:37 - 2015-01-07 18:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-16 11:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 23:24 - 2011-06-25 15:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 23:22 - 2014-11-01 12:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 23:15 - 2014-11-01 12:57 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 19:01 - 2014-05-14 14:38 - 00000000 ____D () C:\Users\fujitsu\AppData\Roaming\Skype
2015-04-15 14:38 - 2015-01-07 18:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 14:38 - 2013-03-23 13:42 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 14:38 - 2013-03-23 13:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 21:02 - 2015-03-11 22:57 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-11 10:12 - 2015-03-10 10:58 - 00001025 _____ () C:\Users\fujitsu\Desktop\Dropbox.lnk
2015-04-09 21:10 - 2015-02-22 19:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 21:09 - 2015-02-22 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 21:09 - 2015-02-22 19:56 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 22:00 - 2015-02-22 19:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 21:47 - 2010-11-21 08:50 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2015-04-08 21:47 - 2010-11-21 08:50 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2015-04-08 21:47 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-08 21:38 - 2015-02-22 16:10 - 01203488 _____ () C:\Users\fujitsu\Downloads\TeamViewer - CHIP-Installer.exe
2015-04-07 20:39 - 2015-02-22 19:58 - 00000000 ____D () C:\Users\fujitsu\AppData\Roaming\Avira
2015-04-07 14:06 - 2015-02-22 19:56 - 00000000 ____D () C:\ProgramData\Avira
2015-03-26 19:50 - 2015-01-30 20:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 19:50 - 2014-05-14 14:38 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 19:50 - 2011-06-25 14:52 - 00000000 ____D () C:\Users\fujitsu
2015-03-24 18:55 - 2013-03-23 12:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-03-24 18:55 - 2013-03-23 12:09 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-24 18:51 - 2013-03-23 12:09 - 00000000 ____D () C:\ProgramData\Apple

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\fujitsu\AppData\Roaming\RBNCQA
2014-03-26 19:45 - 2015-02-17 12:45 - 0000153 _____ () C:\Users\fujitsu\AppData\Roaming\WB.CFG
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\fujitsu\AppData\Roaming\WSCY
2014-02-22 12:45 - 2014-02-22 12:45 - 0003584 _____ () C:\Users\fujitsu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-14 15:20 - 2014-05-14 15:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\fujitsu\AppData\Local\Temp\A424ADB0-673E-6F3D-0843-6D4C81CBA564.dll
C:\Users\fujitsu\AppData\Local\Temp\avgnt.exe
C:\Users\fujitsu\AppData\Local\Temp\BackupSetup.exe
C:\Users\fujitsu\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuka2fu.dll
C:\Users\fujitsu\AppData\Local\Temp\Quarantine.exe
C:\Users\fujitsu\AppData\Local\Temp\SkypeSetup.exe
C:\Users\fujitsu\AppData\Local\Temp\sqlite3.dll
C:\Users\fujitsu\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 22:00

==================== End Of Log ============================
--- --- ---


Großes Dankeschön für die Hilfe!

deeprybka 17.04.2015 13:20
Bitte das richtige Log von Malwarebytes posten. Siehe Anleitung


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:59 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27