Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Search Protect in Taskleiste

Search Protect in Taskleiste


Log-Analyse und Auswertung: Search Protect in Taskleiste

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 02.04.2015, 20:55   #1
Phily11
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Hallo!
Ich habe Search Protect in der Taskleiste und bekomme es nicht entfernt. Leider habe ich es zu spät gesehen und mein Viren-Programm ist in der Zwischenzeit sicherlich schon ein paar Mal gelaufen. (Hab einen anderen Beitrag zum gleichen Thema hier gesehen, in dem vom Starten des Viren-Programms abgeraten wurde.)
Was muß ich machen? Soll ich dieses FRST runterladen?
Vielen Dank im Voraus!!

Alt 02.04.2015, 20:59   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 02.04.2015, 21:51   #3
Phily11
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Anhang 73484
__________________
Alt 02.04.2015, 21:52   #4
Phily11
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Anhang 73485

Alt 03.04.2015, 10:50   #5
schrauber
/// the machine
/// TB-Ausbilder
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.04.2015, 19:43   #6
Phily11
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Bossy (administrator) on BOSSY-PC on 02-04-2015 22:45:34
Running from C:\Users\Bossy\Desktop
Loaded Profiles: Bossy (Available profiles: Bossy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Dropbox, Inc.) C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe
(SearchProtect) C:\Program Files\XTab\CmdShell.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(XTab system) C:\Program Files\XTab\HPNotify.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [OneMoreGame] => C:\Users\Bossy\AppData\Roaming\OneMoreGame\OMG.exe
HKLM\...\Run: [Allin1Convert AppIntegrator 32-bit] => C:\PROGRA~1\ALLIN1~2\bar\1.bin\AppIntegrator.exe
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\MountPoints2: {49dfeffa-c26c-11e0-90ad-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\MountPoints2: {49dff076-c26c-11e0-90ad-001e101f82a0} - E:\AutoRun.exe
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\MountPoints2: {8f763941-37cb-11de-956c-806e6f6e6963} - E:\StartPortableApps.exe
AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kidprint.lnk
ShortcutTarget: kidprint.lnk -> C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1970263591-3964681878-2414383680-1000] => http=127.0.0.1:49237;https=127.0.0.1:49237
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hppp&ts=1427227898&from=wpc&uid=HitachiXHTS543232L9A300_081026FB2400LECN1YYAX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427227879&from=wpc&uid=HitachiXHTS543232L9A300_081026FB2400LECN1YYAX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&ts=1427227898&from=wpc&uid=HitachiXHTS543232L9A300_081026FB2400LECN1YYAX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427227879&from=wpc&uid=HitachiXHTS543232L9A300_081026FB2400LECN1YYAX&q={searchTerms}
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389391871&from=amt&uid=HitachiXHTS543232L9A300_081026FB2400LECN1YYAX&q={searchTerms}
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1208&m=aspire_6930g
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427227879&from=wpc&uid=HitachiXHTS543232L9A300_081026FB2400LECN1YYAX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427227879&from=wpc&uid=HitachiXHTS543232L9A300_081026FB2400LECN1YYAX&q={searchTerms}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1389391871&from=amt&uid=HitachiXHTS543232L9A300_081026FB2400LECN1YYAX

FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Neuer Ordner\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-30]
FF Extension: No Name - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-12-01]
FF Extension: Movie2kDownloader - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009-12-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-27]
FF HKLM\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files\AmiExt\flashEnhancer\ff
FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-01]
FF Extension: No Name - C:\Program Files\AmiExt\flashEnhancer\ff [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Bossy\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158816 2015-03-16] (XTab system)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsl0b186ac0; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DD512A5-777C-4BF7-9FF9-2B924B998271}\MpKsl0b186ac0.sys [39464 2015-04-02] (Microsoft Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [36864 2009-03-06] (Apple, Inc.) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402432 2006-01-19] (ZyDAS Technology Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 22:45 - 2015-04-02 22:48 - 00017272 _____ () C:\Users\Bossy\Desktop\FRST.txt
2015-04-01 23:40 - 2015-04-01 23:40 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ___RD () C:\Program Files\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Users\Bossy\AppData\Local\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-01 22:40 - 2015-04-01 23:05 - 00013192 _____ () C:\Windows\PFRO.log
2015-04-01 22:34 - 2015-04-02 22:45 - 00000000 ____D () C:\Users\Bossy\Desktop\Neuer Ordner
2015-04-01 22:34 - 2015-04-01 23:06 - 00027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 22:28 - 2015-04-02 22:46 - 00000000 ____D () C:\FRST
2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Downloads\FRST.exe
2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Desktop\FRST.exe
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setupact.log
2015-04-01 21:03 - 2015-04-01 21:03 - 00000000 ____D () C:\ProgramData\aad6ebbe0000037b
2015-04-01 20:24 - 2015-04-01 20:24 - 00027839 _____ () C:\ProgramData\nvModes.dat
2015-04-01 01:41 - 2015-04-01 01:41 - 00000000 ____D () C:\Program Files\CoupuSScaennier
2015-04-01 01:24 - 2015-04-01 01:24 - 00000000 ____D () C:\Users\Bossy\AppData\Local\IAC
2015-04-01 01:23 - 2015-04-01 01:23 - 00000000 ____D () C:\ProgramData\49d44cbb00006082
2015-04-01 01:22 - 2015-04-01 01:22 - 00000000 ____D () C:\Program Files\InternetSpeedTracker_9t
2015-04-01 00:00 - 2015-04-01 00:00 - 00001021 _____ () C:\Users\Bossy\Desktop\Revo Uninstaller.lnk
2015-04-01 00:00 - 2015-04-01 00:00 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-31 20:36 - 2015-04-02 21:04 - 00000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2015-03-24 22:21 - 2015-03-24 22:21 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\EZDownloader
2015-03-24 22:11 - 2015-03-24 22:11 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-24 22:11 - 2015-03-24 22:11 - 00000000 ____D () C:\Program Files\XTab
2015-03-24 22:08 - 2015-03-24 22:08 - 00000000 ____D () C:\ProgramData\8751982316230993407
2015-03-24 22:07 - 2015-03-24 22:07 - 00000000 ____D () C:\ProgramData\bjagncpdjfokiialfnhacmojkenlmame
2015-03-24 22:06 - 2015-03-24 22:26 - 00000000 ____D () C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}
2015-03-24 22:06 - 2015-03-24 22:06 - 00477696 _____ () C:\Users\Bossy\Downloads\kidprint.exe
2015-03-13 19:43 - 2015-03-13 19:43 - 00000986 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-03-13 19:43 - 2015-03-13 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-03-13 19:41 - 2015-03-13 19:41 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-03-13 19:13 - 2015-03-13 19:18 - 00000000 ____D () C:\Users\Bossy\AppData\Local\elfopatch
2015-03-13 19:09 - 2015-03-13 19:15 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k (1).exe
2015-03-13 19:00 - 2015-03-13 19:05 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k.exe
2015-03-13 16:33 - 2015-02-26 04:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 16:33 - 2015-02-26 04:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 16:33 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 16:33 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 19:27 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 19:26 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 19:25 - 2015-02-26 02:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 19:15 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 19:15 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 19:14 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 19:13 - 2015-03-06 06:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 19:12 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 19:11 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 23:16 - 2015-02-21 19:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 23:16 - 2015-02-21 19:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 23:16 - 2015-02-21 19:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 23:16 - 2015-02-21 19:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 23:16 - 2015-02-21 19:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 23:16 - 2015-02-21 19:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 23:16 - 2015-02-21 19:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 23:16 - 2015-02-21 19:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 23:16 - 2015-02-21 19:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 23:16 - 2015-02-21 19:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 23:16 - 2015-02-21 19:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 23:16 - 2015-02-21 19:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 23:16 - 2015-02-21 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 22:28 - 2008-12-20 14:31 - 01555351 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 22:14 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 22:14 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 21:26 - 2008-11-27 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-02 21:17 - 2008-12-20 14:44 - 00000000 ____D () C:\Program Files\Google
2015-04-02 02:40 - 2010-11-11 23:46 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Skype
2015-04-02 00:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-01 23:40 - 2009-03-22 23:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-01 23:32 - 2008-01-21 09:16 - 01542332 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 23:10 - 2011-07-11 21:10 - 00000000 ___RD () C:\Users\Bossy\Dropbox
2015-04-01 23:10 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Dropbox
2015-04-01 23:06 - 2008-11-27 21:26 - 00000147 _____ () C:\Windows\system32\agent.log
2015-04-01 23:06 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 23:05 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-01 23:04 - 2009-01-29 23:25 - 00001797 _____ () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-01 22:43 - 2009-01-30 18:27 - 00204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:23 - 2009-01-29 23:22 - 00000000 ____D () C:\Users\Bossy
2015-04-01 20:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-01 20:13 - 2013-08-16 23:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-01 20:13 - 2009-09-05 19:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-04-01 20:13 - 2006-11-02 12:22 - 52428800 _____ () C:\Windows\system32\config\software_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\components_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 31981568 _____ () C:\Windows\system32\config\system_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-01 18:19 - 2009-05-03 16:32 - 00000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2015-04-01 01:42 - 2014-10-04 15:49 - 00000000 ____D () C:\ProgramData\7975498bef72e5ff
2015-04-01 01:27 - 2008-12-20 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-01 01:12 - 2008-11-27 21:50 - 00000000 ____D () C:\Program Files\Cyberlink
2015-04-01 01:12 - 2008-11-27 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-01 01:10 - 2008-11-27 20:46 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-04-01 01:10 - 2008-11-27 20:45 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-04-01 01:06 - 2008-11-27 20:49 - 00000000 ____D () C:\Program Files\Winbond Electronics Corporation
2015-04-01 01:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system
2015-03-31 23:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-24 22:24 - 2006-11-02 14:47 - 00347504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-24 22:21 - 2009-03-17 16:51 - 00086480 _____ () C:\Users\Bossy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-24 22:10 - 2014-10-03 13:18 - 00000000 ____D () C:\ProgramData\Performance Optimizer
2015-03-22 22:57 - 2011-10-26 21:52 - 00000000 ____D () C:\Users\Bossy\Documents\Schriftverkehr Eltern
2015-03-18 23:14 - 2009-03-17 17:25 - 00000000 ____D () C:\Users\Bossy\Documents\Finanzamt
2015-03-13 19:58 - 2014-11-15 03:09 - 00000000 ____D () C:\Users\Bossy\AppData\Local\.elfohilfe
2015-03-13 19:41 - 2012-02-10 18:06 - 00000000 ____D () C:\ProgramData\elsterformular
2015-03-12 21:02 - 2012-06-10 13:19 - 00003733 _____ () C:\Windows\wininit.ini
2015-03-12 21:01 - 2011-07-11 21:10 - 00000923 _____ () C:\Users\Bossy\Desktop\Dropbox.lnk
2015-03-12 21:01 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 19:25 - 2013-08-16 17:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 19:16 - 2006-11-02 12:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-03 15:16 - 2011-11-14 22:16 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-03-31 20:36 - 2015-04-02 21:04 - 0000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2009-05-03 16:32 - 2015-04-01 18:19 - 0000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2009-01-30 18:27 - 2015-04-01 22:43 - 0204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-02 20:35 - 2014-01-02 20:37 - 0146741 _____ () C:\Users\Bossy\AppData\Local\edsinstaller.txt-20140102.log
2015-03-31 23:51 - 2015-04-01 00:06 - 0004728 _____ () C:\Users\Bossy\AppData\Local\Temp-log.txt
2008-12-20 14:53 - 2008-12-20 14:58 - 0006048 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-04-01 22:34 - 2015-04-01 23:06 - 0027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 20:24 - 2015-04-01 20:24 - 0027839 _____ () C:\ProgramData\nvModes.dat
2013-12-31 01:25 - 2013-12-31 01:26 - 0000090 _____ () C:\ProgramData\PS.log

Files to move or delete:
====================
C:\Users\Bossy\Dropbox 1.1.35.exe
C:\Users\Bossy\SoftonicDownloader_fuer_windows-live-messenger.exe
C:\Users\Bossy\wlsetup-web.exe


Some content of TEMP:
====================
C:\Users\Bossy\AppData\Local\Temp\DDC0.exe
C:\Users\Bossy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmyonzc.dll
C:\Users\Bossy\AppData\Local\Temp\rt-update.exe
C:\Users\Bossy\AppData\Local\Temp\rtCzcNKrsj.exe
C:\Users\Bossy\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Bossy\AppData\Local\Temp\sysad.exe
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite11480.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite11573.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite12556.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite14079.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite15437.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite17759.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite17785.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite19807.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite19940.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite1e8098b0-759c-45bd-bba9-33ce9038164b.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite22392.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite22749.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite23565.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite25246.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite25350.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite25615.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite26029.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite29473.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite29893.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite31309.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite31657.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite32169.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite32283.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite33544.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite33808.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite34647.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite37264.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite39357.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite40516.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite40599.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite45418.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite45617.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite46472.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite46943.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite47871.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite49320.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite51175.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite51515.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite51942.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite53774.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite54342.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite55271.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite55689.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite55793.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite57248.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite57647.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite57738.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite59677.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite60011.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite60211.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite61690.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite63151.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite66743.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite67071.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite67674.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite69480.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite71859.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite72243.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite75312.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite77824.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite81609.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite81825.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite81911.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite82915.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite86770.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite86909.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite87258.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite89262.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite90153.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite90559.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite91350.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite91764.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite94388.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite95450.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite95769.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite96324.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite96976.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite97479.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite97712.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite99365.dll
C:\Users\Bossy\AppData\Local\Temp\System.Data.SQLite99568.dll
C:\Users\Bossy\AppData\Local\Temp\tmd_34014086.exe
C:\Users\Bossy\AppData\Local\Temp\UpdateOMG.exe
C:\Users\Bossy\AppData\Local\Temp\{09CBA141-0ED6-4F85-ABE1-4D3F241B300F}-36.0.1985.143_36.0.1985.125_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-01 23:14

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Bossy at 2015-04-02 22:49:06
Running from C:\Users\Bossy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0701 - Acer Incorporated)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
Free Studio version 6.4.0.1122 (HKLM\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.34.1015 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.34.1015 - DVDVideoSoft Ltd.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.52 - Conexant Systems)
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote 2003 (HKLM\...\{90A10407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (HKLM\...\{903B0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.7 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\Bossy\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Bossy\AppData\Local\Temp\3288\temp\kidprint.exe ()
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

01-04-2015 18:09:13 Wiederherstellungsvorgang
01-04-2015 20:07:07 Wiederherstellungsvorgang
01-04-2015 20:47:05 Revo Uninstaller's restore point - CoupuSScaennier
01-04-2015 21:03:01 Revo Uninstaller's restore point - MaxProvider
01-04-2015 22:29:35 Revo Uninstaller's restore point - Allin1Convert Internet Explorer Toolbar
01-04-2015 22:35:39 Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 22:36:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 23:23:32 Windows Update
02-04-2015 21:15:23 Revo Uninstaller's restore point - Google Chrome

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CFAE5A8-5E69-48C3-896D-01FE08F920FB} - System32\Tasks\RunTool => C:\Users\Bossy\AppData\Local\1e8098b0-759c-45bd-bba9-33ce9038164b\sysad.exe [2015-02-25] ()
Task: {15A77AE5-3385-481D-9274-3EF9246D733C} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION
Task: {336343BC-5BD6-4898-BEDB-6AE1343F53E3} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {3B03607A-1E5B-4987-B496-3CE38BE335A7} - System32\Tasks\{4F8ABF1E-C3A6-4815-B289-2488494D7739} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.152.259/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {418261C4-9CC2-4378-8EA3-1E1304265AAA} - System32\Tasks\Microsoft\Windows\RestartManager\{3E700159-D7B9-4c03-A8D4-B3DC07D3EE5F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {56685EE7-0FB5-4F5C-995A-70617EA6A936} - System32\Tasks\ASP => C:\Program Files\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {8A3A4E34-E155-41D7-A475-1E1CFDA13268} - System32\Tasks\RocketTab Update Task => C:\Program Files\Search Extensions\uninstall.exe <==== ATTENTION
Task: {A1C3A25A-E251-4913-BD95-9F35C748CB4E} - System32\Tasks\bench-sys => C:\Program Files\Bench\Updater\updater.exe [2014-01-10] () <==== ATTENTION
Task: {D2EA51BC-D0A0-4E2E-9E19-11F750E7DEC0} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {DEF805B0-C876-46B8-829B-1544155F3C79} - System32\Tasks\RegistryDr_Popup => C:\Program Files\Registry Dr\Splash.exe <==== ATTENTION
Task: {E4BDBA86-B7F1-4C3A-B2C7-4207F794F4D2} - System32\Tasks\bench-Updater removing
Task: {EA4A2A10-7261-4800-A6DC-C077AD69C038} - System32\Tasks\{B21CF838-32DF-4D72-BCDB-9455AFD8AF86} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123.259/de/abandoninstall?source=lightinstaller&amp;page=tsBing

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-Updater removing.job => /verysilent SYSTEM This will uninstall Updater <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2009-03-17 16:45 - 2001-10-28 17:42 - 00116224 ____N () C:\Windows\System32\pdfcmnnt.dll
2008-10-16 17:57 - 2008-10-16 17:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-11-27 20:54 - 2008-08-19 15:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-11-27 20:54 - 2008-11-27 20:54 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-11-27 21:56 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-11-27 21:56 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2009-03-23 19:50 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00750080 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-04-01 23:09 - 2015-04-01 23:09 - 00043008 _____ () c:\users\bossy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmyonzc.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00047616 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00865280 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 00:07 - 2015-03-05 00:07 - 00200704 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-24 22:07 - 2015-03-24 22:07 - 00477696 _____ () C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe
2009-08-05 11:45 - 2009-08-05 11:45 - 00106312 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:58DD92AC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\wolken_12.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Schnellstart.lnk => C:\Windows\pss\Microsoft Office OneNote 2003 Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bossy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: eAudio => "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1970263591-3964681878-2414383680-500 - Administrator - Disabled)
Bossy (S-1-5-21-1970263591-3964681878-2414383680-1000 - Administrator - Enabled) => C:\Users\Bossy
Gast (S-1-5-21-1970263591-3964681878-2414383680-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2015 09:15:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {4b9ebe96-dc4a-4fcb-9e81-d9341c10d041}

Error: (04/01/2015 11:06:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 10:41:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 10:35:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {dc1544a9-bfef-42bb-88eb-55fb58b73c1e}

Error: (04/01/2015 10:29:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {dc1544a9-bfef-42bb-88eb-55fb58b73c1e}

Error: (04/01/2015 09:03:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {dc1544a9-bfef-42bb-88eb-55fb58b73c1e}

Error: (04/01/2015 08:47:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {dc1544a9-bfef-42bb-88eb-55fb58b73c1e}

Error: (04/01/2015 08:22:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/01/2015 08:22:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/01/2015 08:22:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\BOSSY\APPDATA\ROAMING\MICROSOFT\WINDOWS\PRIVACIE\LOW> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-04-18 13:18:08.789
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_win8_x86\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-18 13:18:08.481
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_win8_x86\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-18 13:18:08.144
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_win8_x86\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-18 13:18:07.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_win8_x86\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-18 13:18:07.441
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_win8_x86\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-18 13:18:07.087
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_win8_x86\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-18 13:18:06.727
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_win8_x86\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-18 13:18:06.399
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_win8_x86\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-18 13:18:05.684
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_wlh_x86\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-18 13:18:05.359
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_wlh_x86\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 57%
Total physical RAM: 3066.12 MB
Available physical RAM: 1292.38 MB
Total Pagefile: 6332.63 MB
Available Pagefile: 4292.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.48 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:70.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:49.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 50A5B170)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

==================== End Of Log ============================
--- --- ---

Alt 05.04.2015, 11:17   #7
schrauber
/// the machine
/// TB-Ausbilder
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.04.2015, 22:17   #8
Phily11
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Code:
ATTFilter
ComboFix 15-04-01.01 - Bossy 05.04.2015  22:30:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1339 [GMT 2:00]
ausgeführt von:: c:\users\Bossy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LIL955D.tmp
C:\LIL957C.tmp
C:\LIL95BB.tmp
C:\LIL9609.tmp
C:\LIL9618.tmp
C:\LIL9676.tmp
C:\LIL96A5.tmp
C:\LIL96D3.tmp
c:\programdata\2308189059
c:\programdata\8751982316230993407
c:\programdata\8751982316230993407\cd5b15e575e1c3d0c1b75396c5ceef9b.ini
c:\programdata\Roaming
c:\users\Bossy\AppData\Local\lollipop
c:\users\Bossy\AppData\Roaming\.#
c:\users\Bossy\SoftonicDownloader_fuer_windows-live-messenger.exe
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-05 bis 2015-04-05  ))))))))))))))))))))))))))))))
.
.
2015-04-05 20:39 . 2015-04-05 20:40	--------	d-----w-	c:\users\Bossy\AppData\Local\temp
2015-04-05 20:39 . 2015-04-05 20:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-05 20:32 . 2015-03-14 10:06	9119072	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B945EBA0-CC77-4060-AAB2-FFE25DC1B5BE}\mpengine.dll
2015-04-01 21:40 . 2015-04-01 21:40	--------	d-----w-	c:\users\Bossy\AppData\Local\Skype
2015-04-01 21:40 . 2015-04-01 21:40	--------	d-----w-	c:\program files\Common Files\Skype
2015-04-01 21:40 . 2015-04-01 21:40	--------	d-----r-	c:\program files\Skype
2015-04-01 20:28 . 2015-04-02 20:49	--------	d-----w-	C:\FRST
2015-04-01 20:24 . 2015-03-14 10:06	9119072	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-01 19:03 . 2015-04-01 19:03	--------	d-----w-	c:\programdata\aad6ebbe0000037b
2015-03-31 23:41 . 2015-03-31 23:41	--------	d-----w-	c:\program files\CoupuSScaennier
2015-03-31 23:24 . 2015-03-31 23:24	--------	d-----w-	c:\users\Bossy\AppData\Local\IAC
2015-03-31 23:23 . 2015-03-31 23:23	--------	d-----w-	c:\programdata\49d44cbb00006082
2015-03-31 23:22 . 2015-03-31 23:22	--------	d---a-w-	c:\program files\InternetSpeedTracker_9t
2015-03-31 22:00 . 2015-03-31 22:00	--------	d-----w-	c:\program files\VS Revo Group
2015-03-31 19:03 . 2015-03-27 20:40	908832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3786DDBF-FB7E-4744-9576-7EB5446FE631}\gapaengine.dll
2015-03-31 18:36 . 2015-04-02 19:04	20	----a-w-	c:\users\Bossy\AppData\Roaming\appdataFr3.bin
2015-03-24 20:21 . 2015-03-24 20:21	--------	d-----w-	c:\users\Bossy\AppData\Roaming\EZDownloader
2015-03-24 20:11 . 2015-03-24 20:11	--------	d-----w-	c:\programdata\IHProtectUpDate
2015-03-24 20:11 . 2015-03-24 20:11	--------	d-----w-	c:\program files\XTab
2015-03-24 20:07 . 2015-03-24 20:07	--------	d-----w-	c:\programdata\bjagncpdjfokiialfnhacmojkenlmame
2015-03-24 20:06 . 2015-03-24 20:26	--------	d-----w-	c:\programdata\{e5340274-51d6-6b05-e534-4027451d09d1}
2015-03-13 17:41 . 2015-03-13 17:41	--------	d-----w-	c:\program files\ElsterFormular
2015-03-13 17:13 . 2015-03-13 17:18	--------	d-----w-	c:\users\Bossy\AppData\Local\elfopatch
2015-03-13 14:33 . 2015-02-26 02:01	3604408	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-03-13 14:33 . 2015-01-09 02:04	49152	----a-w-	c:\windows\system32\csrsrv.dll
2015-03-13 14:33 . 2015-01-09 00:18	64000	----a-w-	c:\windows\system32\smss.exe
2015-03-13 14:33 . 2015-02-26 02:01	3552184	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-03-12 17:27 . 2015-01-29 01:35	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2015-03-12 17:26 . 2015-01-29 01:35	975360	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-03-12 17:25 . 2015-02-26 00:18	2064384	----a-w-	c:\windows\system32\win32k.sys
2015-03-12 17:15 . 2015-02-20 02:03	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-03-12 17:15 . 2015-02-20 00:28	296960	----a-w-	c:\windows\system32\atmfd.dll
2015-03-12 17:14 . 2015-01-21 02:02	807936	----a-w-	c:\windows\system32\msctf.dll
2015-03-12 17:13 . 2015-03-06 04:01	279040	----a-w-	c:\windows\system32\schannel.dll
2015-03-12 17:12 . 2014-10-13 01:12	2264064	----a-w-	c:\windows\system32\msi.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-31 23:10 . 2008-11-27 18:45	319456	----a-w-	c:\windows\DIFxAPI.dll
2015-03-27 20:40 . 2014-04-23 17:01	908832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-03 13:16 . 2011-11-14 20:16	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-17 15:04 . 2015-02-17 15:04	1202848	----a-w-	c:\windows\system32\FM20.DLL
2015-01-15 04:13 . 2015-02-13 13:31	440760	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2010-07-30 18:45 . 2009-12-05 14:13	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
.
c:\users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-5 42560368]
kidprint.lnk - c:\programdata\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe --startup=1 [2015-3-24 477696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ~1??????(
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Schnellstart.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Bossy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38	34672	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 20:36	28672	----a-w-	c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-20 09:45	182808	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-06-04 12:03	817672	----a-w-	c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50	155648	------w-	c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-07-18 16:23	13543968	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-07-18 16:23	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-07-18 15:04	167936	------w-	c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-09-23 04:53	6144	----a-w-	c:\program files\Acer\WR_PopUp\ProductReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-18 c:\windows\Tasks\bench-sys.job
- c:\program files\Bench\Updater\updater.exe [2014-01-09 23:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=1427227898&from=wpc&uid=HitachiXHTS543232L9A300_081026FB2400LECN1YYAX
mStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=1427227898&from=wpc&uid=HitachiXHTS543232L9A300_081026FB2400LECN1YYAX
uInternet Settings,ProxyOverride = <-loopback>;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:49237;https=127.0.0.1:49237
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-OneMoreGame - c:\users\Bossy\AppData\Roaming\OneMoreGame\OMG.exe
HKLM-Run-Allin1Convert AppIntegrator 32-bit - c:\progra~1\ALLIN1~2\bar\1.bin\AppIntegrator.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-ArcadeDeluxeAgent - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
MSConfigStartUp-CLMLServer - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
MSConfigStartUp-eAudio - c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
MSConfigStartUp-eDataSecurity Loader - c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSConfigStartUp-ePower_DMC - c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe
MSConfigStartUp-Skytel - Skytel.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-04-05 22:40
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.***¹*$%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%÷*T%]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%÷*T%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2015-04-05  22:43:49
ComboFix-quarantined-files.txt  2015-04-05 20:43
.
Vor Suchlauf: 16 Verzeichnis(se), 75.602.833.408 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 75.769.196.544 Bytes frei
.
- - End Of File - - 87F8418A9388950CEE08AE5209DD0EC6
BB9D3A6A13C5010348DA7C900BB6AF50
Geändert von Phily11 (05.04.2015 um 22:28 Uhr)

Alt 06.04.2015, 13:50   #9
schrauber
/// the machine
/// TB-Ausbilder
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.04.2015, 15:56   #10
Phily11
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 06.04.2015 15:41:14, SYSTEM, BOSSY-PC, Protection, Malware Protection, Starting, 
Protection, 06.04.2015 15:41:14, SYSTEM, BOSSY-PC, Protection, Malware Protection, Started, 
Protection, 06.04.2015 15:41:14, SYSTEM, BOSSY-PC, Protection, Malicious Website Protection, Starting, 
Update, 06.04.2015 15:41:16, SYSTEM, BOSSY-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.3.31.1, 
Protection, 06.04.2015 15:41:19, SYSTEM, BOSSY-PC, Protection, Malicious Website Protection, Started, 
Update, 06.04.2015 15:41:33, SYSTEM, BOSSY-PC, Manual, Malware Database, 2015.3.9.5, 2015.4.6.5, 
Protection, 06.04.2015 15:41:33, SYSTEM, BOSSY-PC, Protection, Refresh, Starting, 
Protection, 06.04.2015 15:41:33, SYSTEM, BOSSY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 06.04.2015 15:41:33, SYSTEM, BOSSY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 06.04.2015 15:41:40, SYSTEM, BOSSY-PC, Protection, Refresh, Success, 
Protection, 06.04.2015 15:41:40, SYSTEM, BOSSY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.04.2015 15:41:41, SYSTEM, BOSSY-PC, Protection, Malicious Website Protection, Started, 
Detection, 06.04.2015 15:44:20, SYSTEM, BOSSY-PC, Protection, Malwareschutz, Datei, PUP.Optional.BrowserWatch, C:\Program Files\XTab\BrowerWatchFF.dll, Quarantäne, [c598d49559316fc75808214ec739af51]
Detection, 06.04.2015 15:45:15, SYSTEM, BOSSY-PC, Protection, Malwareschutz, Datei, PUP.Optional.BrowserWatch, c:\program files\xtab\browerwatchff.dll, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [c598d49559316fc75808214ec739af51]
Detection, 06.04.2015 15:45:26, SYSTEM, BOSSY-PC, Protection, Malwareschutz, Datei, PUP.Optional.BrowserWatch, c:\program files\xtab\browerwatchff.dll, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [c598d49559316fc75808214ec739af51]
Detection, 06.04.2015 15:56:49, SYSTEM, BOSSY-PC, Protection, Malwareschutz, Datei, PUP.Optional.MultiPlug, C:\Users\Bossy\Downloads\kidprint.exe, Quarantäne, [8ad378f1a9e1eb4bd43f76ca7d856997]
Detection, 06.04.2015 15:56:53, SYSTEM, BOSSY-PC, Protection, Malwareschutz, Datei, PUP.Optional.MultiPlug, c:\users\bossy\downloads\kidprint.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [8ad378f1a9e1eb4bd43f76ca7d856997]
Detection, 06.04.2015 15:56:59, SYSTEM, BOSSY-PC, Protection, Malwareschutz, Datei, PUP.Optional.MultiPlug, c:\users\bossy\downloads\kidprint.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [8ad378f1a9e1eb4bd43f76ca7d856997]
Protection, 06.04.2015 16:06:48, SYSTEM, BOSSY-PC, Protection, Malware Protection, Starting, 
Protection, 06.04.2015 16:06:48, SYSTEM, BOSSY-PC, Protection, Malware Protection, Started, 
Protection, 06.04.2015 16:06:48, SYSTEM, BOSSY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.04.2015 16:06:51, SYSTEM, BOSSY-PC, Protection, Malicious Website Protection, Started, 

(end)
Code:
ATTFilter
# AdwCleaner v4.200 - Bericht erstellt 06/04/2015 um 16:18:28
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Bossy - BOSSY-PC
# Gestarted von : C:\Users\Bossy\Desktop\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Performance Optimizer
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\ProgramData\49d44cbb00006082
Ordner Gelöscht : C:\ProgramData\7975498bef72e5ff
Ordner Gelöscht : C:\ProgramData\aad6ebbe0000037b
Ordner Gelöscht : C:\Program Files\AmiExt
Ordner Gelöscht : C:\Program Files\Bench
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Convesoft
Ordner Gelöscht : C:\Program Files\Desk 365
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\InternetSpeedTracker_9t
Ordner Gelöscht : C:\Program Files\Mobogenie
Ordner Gelöscht : C:\Program Files\Registry Dr
Ordner Gelöscht : C:\Program Files\SupTab
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Program Files\WinZipper
Ordner Gelöscht : C:\Program Files\XTab
Ordner Gelöscht : C:\Program Files\CoupuSScaennier
Ordner Gelöscht : C:\Program Files\Common Files\337
Ordner Gelöscht : C:\Users\Bossy\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Bossy\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Bossy\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Bossy\AppData\Local\iac
Ordner Gelöscht : C:\Users\Bossy\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Bossy\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Bossy\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Bossy\AppData\Local\RegistryDr
Ordner Gelöscht : C:\Users\Bossy\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Bossy\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Bossy\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\Bossy\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Bossy\AppData\LocalLow\Check Point Software Technologies LTD
Ordner Gelöscht : C:\Users\Bossy\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Bossy\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\Bossy\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Bossy\AppData\Roaming\EZDownloader
Ordner Gelöscht : C:\Users\Bossy\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\Bossy\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Bossy\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Bossy\AppData\Roaming\WinZipper
Ordner Gelöscht : C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
Ordner Gelöscht : C:\Users\Bossy\Documents\Optimizer Pro
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\Bossy\daemonprocess.txt

***** [ Geplante Tasks ] *****

Task Gelöscht : RegistryDr_Popup
Task Gelöscht : RegistryDr_Start

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\5eed9d9e26ebd12
Schlüssel Gelöscht : HKLM\SOFTWARE\5eed9d9e26ebd12
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{889F49D2-6CEA-40BE-BE5F-7217485F9745}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2561FD25-FE31-4E56-A120-AF7FEAAE3124}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Schlüssel Gelöscht : HKCU\Software\AmiExt
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Convesoft
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\RegistryDrLanguage
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Bench
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKLM\SOFTWARE\Lightspark Team
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IminentToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RocketTab
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{80E8B0A0-117D-1402-7CDE-688156237115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;<local>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49237;hxxps=127.0.0.1:49237

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [10304 Bytes] - [06/04/2015 16:16:44]
AdwCleaner[S0].txt - [9926 Bytes] - [06/04/2015 16:18:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9985  Bytes] ##########
Unter "Geplante Tasks" sind auch Ergebnisse. Soll ich die auch löschen?
- ASP
- bench-sys
- Desk 365 RunAsStdUser
- Rocket Tab
- Rocket Tab Update Task

Wie Du ja schon bemerkt hast, kenn ich mich nicht allzu gut mit dem ganzen aus.

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.2 (04.06.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Bossy on 06.04.2015 at 16:43:58,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\bjagncpdjfokiialfnhacmojkenlmame
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Bossy\appdata\local\{681DA1B5-E850-45DD-B241-D84C566FF757}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.04.2015 at 16:46:27,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Bossy (administrator) on BOSSY-PC on 06-04-2015 16:53:45
Running from C:\Users\Bossy\Desktop
Loaded Profiles: Bossy (Available profiles: Bossy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Dropbox, Inc.) C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kidprint.lnk
ShortcutTarget: kidprint.lnk -> C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Neuer Ordner\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-30]
FF Extension: No Name - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-12-01]
FF Extension: Movie2kDownloader - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009-12-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-27]
FF HKLM\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files\AmiExt\flashEnhancer\ff
FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-01]
FF Extension: No Name - C:\Program Files\AmiExt\flashEnhancer\ff [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [36864 2009-03-06] (Apple, Inc.) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402432 2006-01-19] (ZyDAS Technology Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Bossy\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 16:53 - 2015-04-06 16:53 - 00000000 ____D () C:\Users\Bossy\Desktop\Neuer Ordner
2015-04-06 16:46 - 2015-04-06 16:52 - 00001754 _____ () C:\Users\Bossy\Desktop\JRT.txt
2015-04-06 16:44 - 2015-04-06 16:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BOSSY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-06 16:44 - 2015-04-06 16:44 - 00000000 ____D () C:\RegBackup
2015-04-06 16:43 - 2015-04-06 16:43 - 02691312 _____ (Thisisu) C:\Users\Bossy\Desktop\JRT.exe
2015-04-06 16:27 - 2015-04-06 16:27 - 00010065 _____ () C:\Users\Bossy\Desktop\AdwCleaner[S0] ordner.txt
2015-04-06 16:16 - 2015-04-06 16:28 - 00000000 ____D () C:\AdwCleaner
2015-04-06 16:16 - 2015-04-06 16:16 - 02208768 _____ () C:\Users\Bossy\Desktop\AdwCleaner_4.200.exe
2015-04-06 16:11 - 2015-04-06 16:11 - 00003082 _____ () C:\Users\Bossy\Desktop\mbam.txt
2015-04-06 16:02 - 2015-04-06 16:02 - 00001224 _____ () C:\Users\Bossy\Desktop\mbam ergebnisse.txt
2015-04-06 15:41 - 2015-04-06 16:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 15:40 - 2015-04-06 15:40 - 00000863 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-04-06 15:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 15:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-06 15:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-06 15:39 - 2015-04-06 15:39 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Bossy\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-05 22:43 - 2015-04-05 22:43 - 00015328 _____ () C:\ComboFix.txt
2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\Qoobox
2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\ComboFix
2015-04-05 22:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-05 22:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-05 22:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-05 22:27 - 2015-04-05 22:42 - 00000000 ____D () C:\Windows\erdnt
2015-04-05 22:27 - 2015-04-05 22:27 - 05617096 ____R (Swearware) C:\Users\Bossy\Desktop\ComboFix.exe
2015-04-02 22:45 - 2015-04-06 16:54 - 00013502 _____ () C:\Users\Bossy\Desktop\FRST.txt
2015-04-01 23:40 - 2015-04-01 23:40 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ___RD () C:\Program Files\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Users\Bossy\AppData\Local\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-01 22:40 - 2015-04-06 16:03 - 00014632 _____ () C:\Windows\PFRO.log
2015-04-01 22:34 - 2015-04-06 16:53 - 00027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 22:28 - 2015-04-06 16:53 - 00000000 ____D () C:\FRST
2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Downloads\FRST.exe
2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Desktop\FRST.exe
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setupact.log
2015-04-01 20:24 - 2015-04-01 20:24 - 00027839 _____ () C:\ProgramData\nvModes.dat
2015-04-01 00:00 - 2015-04-01 00:00 - 00001021 _____ () C:\Users\Bossy\Desktop\Revo Uninstaller.lnk
2015-04-01 00:00 - 2015-04-01 00:00 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-31 20:36 - 2015-04-02 21:04 - 00000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2015-03-24 22:06 - 2015-04-06 15:57 - 00000000 ____D () C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}
2015-03-13 19:43 - 2015-03-13 19:43 - 00000986 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-03-13 19:43 - 2015-03-13 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-03-13 19:41 - 2015-03-13 19:41 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-03-13 19:13 - 2015-03-13 19:18 - 00000000 ____D () C:\Users\Bossy\AppData\Local\elfopatch
2015-03-13 19:09 - 2015-03-13 19:15 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k (1).exe
2015-03-13 19:00 - 2015-03-13 19:05 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k.exe
2015-03-13 16:33 - 2015-02-26 04:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 16:33 - 2015-02-26 04:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 16:33 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 16:33 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 19:27 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 19:26 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 19:25 - 2015-02-26 02:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 19:15 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 19:15 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 19:14 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 19:13 - 2015-03-06 06:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 19:12 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 19:11 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 23:16 - 2015-02-21 19:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 23:16 - 2015-02-21 19:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 23:16 - 2015-02-21 19:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 23:16 - 2015-02-21 19:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 23:16 - 2015-02-21 19:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 23:16 - 2015-02-21 19:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 23:16 - 2015-02-21 19:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 23:16 - 2015-02-21 19:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 23:16 - 2015-02-21 19:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 23:16 - 2015-02-21 19:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 23:16 - 2015-02-21 19:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 23:16 - 2015-02-21 19:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 23:16 - 2015-02-21 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 16:52 - 2008-01-21 09:16 - 01597370 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-06 16:28 - 2008-12-20 14:31 - 01626037 _____ () C:\Windows\WindowsUpdate.log
2015-04-06 16:26 - 2011-07-11 21:10 - 00000000 ___RD () C:\Users\Bossy\Dropbox
2015-04-06 16:26 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Dropbox
2015-04-06 16:24 - 2008-11-27 21:26 - 00000147 _____ () C:\Windows\system32\agent.log
2015-04-06 16:24 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 16:23 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-06 16:23 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-06 16:22 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-06 16:20 - 2009-01-29 23:22 - 00000000 ____D () C:\Users\Bossy
2015-04-06 16:18 - 2009-12-05 02:05 - 00000000 ____D () C:\ProgramData\ICQ
2015-04-06 16:07 - 2009-03-17 16:51 - 00086480 _____ () C:\Users\Bossy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-06 16:05 - 2006-11-02 14:47 - 00347504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-04-05 22:40 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-05 22:08 - 2010-11-11 23:46 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Skype
2015-04-02 21:26 - 2008-11-27 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-02 21:17 - 2008-12-20 14:44 - 00000000 ____D () C:\Program Files\Google
2015-04-02 00:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-01 23:40 - 2009-03-22 23:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-01 23:04 - 2009-01-29 23:25 - 00001797 _____ () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-01 22:43 - 2009-01-30 18:27 - 00204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-01 20:13 - 2013-08-16 23:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-01 20:13 - 2009-09-05 19:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-04-01 20:13 - 2006-11-02 12:22 - 52428800 _____ () C:\Windows\system32\config\software_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\components_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 31981568 _____ () C:\Windows\system32\config\system_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-01 18:19 - 2009-05-03 16:32 - 00000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2015-04-01 01:27 - 2008-12-20 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-01 01:12 - 2008-11-27 21:50 - 00000000 ____D () C:\Program Files\Cyberlink
2015-04-01 01:12 - 2008-11-27 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-01 01:10 - 2008-11-27 20:46 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-04-01 01:10 - 2008-11-27 20:45 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-04-01 01:06 - 2008-11-27 20:49 - 00000000 ____D () C:\Program Files\Winbond Electronics Corporation
2015-04-01 01:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system
2015-03-31 23:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-22 22:57 - 2011-10-26 21:52 - 00000000 ____D () C:\Users\Bossy\Documents\Schriftverkehr Eltern
2015-03-18 23:14 - 2009-03-17 17:25 - 00000000 ____D () C:\Users\Bossy\Documents\Finanzamt
2015-03-13 19:58 - 2014-11-15 03:09 - 00000000 ____D () C:\Users\Bossy\AppData\Local\.elfohilfe
2015-03-13 19:41 - 2012-02-10 18:06 - 00000000 ____D () C:\ProgramData\elsterformular
2015-03-12 21:01 - 2011-07-11 21:10 - 00000923 _____ () C:\Users\Bossy\Desktop\Dropbox.lnk
2015-03-12 21:01 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 19:25 - 2013-08-16 17:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 19:16 - 2006-11-02 12:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2015-03-31 20:36 - 2015-04-02 21:04 - 0000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2009-05-03 16:32 - 2015-04-01 18:19 - 0000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2009-01-30 18:27 - 2015-04-01 22:43 - 0204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-02 20:35 - 2014-01-02 20:37 - 0146741 _____ () C:\Users\Bossy\AppData\Local\edsinstaller.txt-20140102.log
2015-03-31 23:51 - 2015-04-01 00:06 - 0004728 _____ () C:\Users\Bossy\AppData\Local\Temp-log.txt
2008-12-20 14:53 - 2008-12-20 14:58 - 0006048 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-04-01 22:34 - 2015-04-06 16:53 - 0027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 20:24 - 2015-04-01 20:24 - 0027839 _____ () C:\ProgramData\nvModes.dat
2013-12-31 01:25 - 2013-12-31 01:26 - 0000090 _____ () C:\ProgramData\PS.log

Files to move or delete:
====================
C:\Users\Bossy\Dropbox 1.1.35.exe
C:\Users\Bossy\wlsetup-web.exe


Some content of TEMP:
====================
C:\Users\Bossy\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuwg80q.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-06 16:30

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Bossy at 2015-04-06 16:54:24
Running from C:\Users\Bossy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0701 - Acer Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
Free Studio version 6.4.0.1122 (HKLM\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.52 - Conexant Systems)
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote 2003 (HKLM\...\{90A10407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (HKLM\...\{903B0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.7 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\Bossy\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

01-04-2015 18:09:13 Wiederherstellungsvorgang
01-04-2015 20:07:07 Wiederherstellungsvorgang
01-04-2015 20:47:05 Revo Uninstaller's restore point - CoupuSScaennier
01-04-2015 21:03:01 Revo Uninstaller's restore point - MaxProvider
01-04-2015 22:29:35 Revo Uninstaller's restore point - Allin1Convert Internet Explorer Toolbar
01-04-2015 22:35:39 Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 22:36:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 23:23:32 Windows Update
02-04-2015 21:15:23 Revo Uninstaller's restore point - Google Chrome
05-04-2015 22:28:19 ComboFix created restore point
05-04-2015 22:28:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-04-05 22:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CFAE5A8-5E69-48C3-896D-01FE08F920FB} - System32\Tasks\RunTool => C:\Users\Bossy\AppData\Local\1e8098b0-759c-45bd-bba9-33ce9038164b\sysad.exe [2015-02-25] ()
Task: {15A77AE5-3385-481D-9274-3EF9246D733C} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {336343BC-5BD6-4898-BEDB-6AE1343F53E3} - \RocketTab No Task File <==== ATTENTION
Task: {3B03607A-1E5B-4987-B496-3CE38BE335A7} - System32\Tasks\{4F8ABF1E-C3A6-4815-B289-2488494D7739} => Iexplore.exe Skype für den Desktop herunterladen
Task: {418261C4-9CC2-4378-8EA3-1E1304265AAA} - System32\Tasks\Microsoft\Windows\RestartManager\{3E700159-D7B9-4c03-A8D4-B3DC07D3EE5F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {56685EE7-0FB5-4F5C-995A-70617EA6A936} - \ASP No Task File <==== ATTENTION
Task: {8A3A4E34-E155-41D7-A475-1E1CFDA13268} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {A1C3A25A-E251-4913-BD95-9F35C748CB4E} - \bench-sys No Task File <==== ATTENTION
Task: {EA4A2A10-7261-4800-A6DC-C077AD69C038} - System32\Tasks\{B21CF838-32DF-4D72-BCDB-9455AFD8AF86} => Iexplore.exe Skype für den Desktop herunterladen

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2008-10-16 17:57 - 2008-10-16 17:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-03-17 16:45 - 2001-10-28 17:42 - 00116224 ____N () C:\Windows\System32\pdfcmnnt.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-11-27 20:54 - 2008-08-19 15:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-11-27 20:54 - 2008-11-27 20:54 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-11-27 21:56 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-11-27 21:56 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2015-03-05 00:08 - 2015-03-05 00:08 - 00750080 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-04-06 16:26 - 2015-04-06 16:26 - 00043008 _____ () c:\users\bossy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuwg80q.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00047616 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00865280 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 00:07 - 2015-03-05 00:07 - 00200704 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2009-03-23 19:50 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-05 11:45 - 2009-08-05 11:45 - 00106312 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL
2008-05-07 22:33 - 2008-05-07 22:33 - 00417792 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\adobexmp.dll
2007-11-16 17:02 - 2007-11-16 17:02 - 00401408 ____R () C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
2007-11-16 17:02 - 2007-11-16 17:02 - 00479232 ____R () C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:58DD92AC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\wolken_12.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Schnellstart.lnk => C:\Windows\pss\Microsoft Office OneNote 2003 Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bossy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1970263591-3964681878-2414383680-500 - Administrator - Disabled)
Bossy (S-1-5-21-1970263591-3964681878-2414383680-1000 - Administrator - Enabled) => C:\Users\Bossy
Gast (S-1-5-21-1970263591-3964681878-2414383680-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: GT-I8190
Description: GT-I8190
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SAMSUNG Electronics Co. Ltd. 
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-06 16:54:18.308
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-06 16:54:17.953
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-06 16:54:17.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-06 16:54:17.166
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 45%
Total physical RAM: 3066.12 MB
Available physical RAM: 1673.87 MB
Total Pagefile: 6336.63 MB
Available Pagefile: 4819.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.48 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:68.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:54.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 50A5B170)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

==================== End Of Log ============================
--- --- ---

Alt 07.04.2015, 11:09   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Alles löschen was AdwCleaner anzeigt.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.04.2015, 21:30   #12
Phily11
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 08/04/2015 um 20:07:35
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Bossy - BOSSY-PC
# Gestarted von : C:\Users\Bossy\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ext@flash-Enhancer.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [10304 Bytes] - [06/04/2015 16:16:44]
AdwCleaner[R1].txt - [1084 Bytes] - [06/04/2015 16:28:03]
AdwCleaner[R2].txt - [1271 Bytes] - [08/04/2015 20:06:36]
AdwCleaner[S0].txt - [10065 Bytes] - [06/04/2015 16:18:28]
AdwCleaner[S1].txt - [1038 Bytes] - [08/04/2015 20:07:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1097  Bytes] ##########
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3948910f8c12d34b8102fa6b77fd5f91
# engine=23289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-08 07:48:16
# local_time=2015-04-08 09:48:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4691872 51506490 0 0
# scanned=188737
# found=6
# cleaned=0
# scan_time=4922
sh=DE874C82E8FB00836567E72188819518C1D9EFF9 ft=1 fh=32eff61841b8e9cf vn="Win32/Bundlore.Q evtl. unerwünschte Anwendung" ac=I fn="C:\55a028ea-91bf-4d6a-a550-d23f9320ad6d\lib82672.dll"
sh=B992ED7A1B4DF30F6AF8A911FBFDE92ED9F77519 ft=1 fh=5dac4dde3cd39976 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=E1A2C9DA921D9DA917ADE37B872D97E732A138BD ft=1 fh=a4119be6dfe53dd8 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=FC022B7B60E2312B74592E593476E64736C301FE ft=1 fh=8cfb0c6c021c14a0 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Bossy\SoftonicDownloader_fuer_windows-live-messenger.exe.vir"
sh=CEF8BAE91D4D3EC24FD95E5D614F12E61CD10245 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\Profiles\user.js"
sh=B1A68C4BD7D8782CEE180580311081F423E8638B ft=1 fh=b0d19998d0be5414 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.99  
 Windows Vista Service Pack 2 x86   
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Adobe Reader 9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Bossy (administrator) on BOSSY-PC on 08-04-2015 22:21:25
Running from C:\Users\Bossy\Desktop
Loaded Profiles: Bossy (Available profiles: Bossy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kidprint.lnk
ShortcutTarget: kidprint.lnk -> C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Neuer Ordner\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-30]
FF Extension: No Name - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-12-01]
FF Extension: Movie2kDownloader - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009-12-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-27]
FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-01]
FF Extension: No Name - C:\Program Files\AmiExt\flashEnhancer\ff [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [36864 2009-03-06] (Apple, Inc.) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402432 2006-01-19] (ZyDAS Technology Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Bossy\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 22:17 - 2015-04-08 22:17 - 00852607 _____ () C:\Users\Bossy\Desktop\SecurityCheck.exe
2015-04-08 20:22 - 2015-04-08 22:16 - 00000000 ____D () C:\Program Files\ESET
2015-04-08 20:21 - 2015-04-08 20:21 - 02347384 _____ (ESET) C:\Users\Bossy\Desktop\esetsmartinstaller_deu.exe
2015-04-08 20:14 - 2015-04-08 20:14 - 00000182 _____ () C:\Windows\wininit.ini
2015-04-08 20:06 - 2015-04-08 20:06 - 02217984 _____ () C:\Users\Bossy\Desktop\AdwCleaner_4.201.exe
2015-04-06 16:53 - 2015-04-06 16:53 - 00000000 ____D () C:\Users\Bossy\Desktop\Neuer Ordner
2015-04-06 16:46 - 2015-04-06 16:52 - 00001754 _____ () C:\Users\Bossy\Desktop\JRT.txt
2015-04-06 16:44 - 2015-04-06 16:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BOSSY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-06 16:44 - 2015-04-06 16:44 - 00000000 ____D () C:\RegBackup
2015-04-06 16:43 - 2015-04-06 16:43 - 02691312 _____ (Thisisu) C:\Users\Bossy\Desktop\JRT.exe
2015-04-06 16:27 - 2015-04-06 16:27 - 00010065 _____ () C:\Users\Bossy\Desktop\AdwCleaner[S0] ordner.txt
2015-04-06 16:16 - 2015-04-08 20:07 - 00000000 ____D () C:\AdwCleaner
2015-04-06 16:11 - 2015-04-06 16:11 - 00003082 _____ () C:\Users\Bossy\Desktop\mbam.txt
2015-04-06 16:02 - 2015-04-06 16:02 - 00001224 _____ () C:\Users\Bossy\Desktop\mbam ergebnisse.txt
2015-04-06 15:41 - 2015-04-08 20:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 15:40 - 2015-04-06 15:40 - 00000863 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-04-06 15:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 15:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-06 15:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-06 15:39 - 2015-04-06 15:39 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Bossy\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-05 22:43 - 2015-04-05 22:43 - 00015328 _____ () C:\ComboFix.txt
2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\Qoobox
2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\ComboFix
2015-04-05 22:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-05 22:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-05 22:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-05 22:27 - 2015-04-05 22:42 - 00000000 ____D () C:\Windows\erdnt
2015-04-05 22:27 - 2015-04-05 22:27 - 05617096 ____R (Swearware) C:\Users\Bossy\Desktop\ComboFix.exe
2015-04-02 22:45 - 2015-04-08 22:21 - 00013573 _____ () C:\Users\Bossy\Desktop\FRST.txt
2015-04-01 23:40 - 2015-04-01 23:40 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ___RD () C:\Program Files\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Users\Bossy\AppData\Local\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-01 22:40 - 2015-04-06 16:03 - 00014632 _____ () C:\Windows\PFRO.log
2015-04-01 22:34 - 2015-04-08 20:09 - 00027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 22:28 - 2015-04-08 22:21 - 00000000 ____D () C:\FRST
2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Downloads\FRST.exe
2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Desktop\FRST.exe
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setupact.log
2015-04-01 20:24 - 2015-04-01 20:24 - 00027839 _____ () C:\ProgramData\nvModes.dat
2015-04-01 00:00 - 2015-04-01 00:00 - 00001021 _____ () C:\Users\Bossy\Desktop\Revo Uninstaller.lnk
2015-04-01 00:00 - 2015-04-01 00:00 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-31 20:36 - 2015-04-02 21:04 - 00000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2015-03-24 22:06 - 2015-04-06 15:57 - 00000000 ____D () C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}
2015-03-13 19:43 - 2015-03-13 19:43 - 00000986 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-03-13 19:43 - 2015-03-13 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-03-13 19:41 - 2015-03-13 19:41 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-03-13 19:13 - 2015-03-13 19:18 - 00000000 ____D () C:\Users\Bossy\AppData\Local\elfopatch
2015-03-13 19:09 - 2015-03-13 19:15 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k (1).exe
2015-03-13 19:00 - 2015-03-13 19:05 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k.exe
2015-03-13 16:33 - 2015-02-26 04:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 16:33 - 2015-02-26 04:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 16:33 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 16:33 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 19:27 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 19:26 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 19:25 - 2015-02-26 02:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 19:15 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 19:15 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 19:14 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 19:13 - 2015-03-06 06:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 19:12 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 19:11 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 23:16 - 2015-02-21 19:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 23:16 - 2015-02-21 19:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 23:16 - 2015-02-21 19:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 23:16 - 2015-02-21 19:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 23:16 - 2015-02-21 19:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 23:16 - 2015-02-21 19:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 23:16 - 2015-02-21 19:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 23:16 - 2015-02-21 19:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 23:16 - 2015-02-21 19:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 23:16 - 2015-02-21 19:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 23:16 - 2015-02-21 19:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 23:16 - 2015-02-21 19:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 23:16 - 2015-02-21 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 22:09 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-08 22:09 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-08 21:19 - 2008-12-20 14:31 - 01693301 _____ () C:\Windows\WindowsUpdate.log
2015-04-08 20:14 - 2011-07-11 21:10 - 00000923 _____ () C:\Users\Bossy\Desktop\Dropbox.lnk
2015-04-08 20:14 - 2011-07-11 21:10 - 00000000 ___RD () C:\Users\Bossy\Dropbox
2015-04-08 20:14 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-08 20:14 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Dropbox
2015-04-08 20:13 - 2008-01-21 09:16 - 01574846 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-08 20:09 - 2008-11-27 21:26 - 00000147 _____ () C:\Windows\system32\agent.log
2015-04-08 20:09 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-08 20:07 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-08 19:27 - 2010-11-11 23:46 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Skype
2015-04-06 16:20 - 2009-01-29 23:22 - 00000000 ____D () C:\Users\Bossy
2015-04-06 16:18 - 2009-12-05 02:05 - 00000000 ____D () C:\ProgramData\ICQ
2015-04-06 16:07 - 2009-03-17 16:51 - 00086480 _____ () C:\Users\Bossy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-06 16:05 - 2006-11-02 14:47 - 00347504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-04-05 22:40 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-02 21:26 - 2008-11-27 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-02 21:17 - 2008-12-20 14:44 - 00000000 ____D () C:\Program Files\Google
2015-04-02 00:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-01 23:40 - 2009-03-22 23:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-01 23:04 - 2009-01-29 23:25 - 00001797 _____ () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-01 22:43 - 2009-01-30 18:27 - 00204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-01 20:13 - 2013-08-16 23:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-01 20:13 - 2009-09-05 19:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-04-01 20:13 - 2006-11-02 12:22 - 52428800 _____ () C:\Windows\system32\config\software_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\components_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 31981568 _____ () C:\Windows\system32\config\system_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-01 18:19 - 2009-05-03 16:32 - 00000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2015-04-01 01:27 - 2008-12-20 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-01 01:12 - 2008-11-27 21:50 - 00000000 ____D () C:\Program Files\Cyberlink
2015-04-01 01:12 - 2008-11-27 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-01 01:10 - 2008-11-27 20:46 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-04-01 01:10 - 2008-11-27 20:45 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-04-01 01:06 - 2008-11-27 20:49 - 00000000 ____D () C:\Program Files\Winbond Electronics Corporation
2015-04-01 01:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system
2015-03-31 23:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-22 22:57 - 2011-10-26 21:52 - 00000000 ____D () C:\Users\Bossy\Documents\Schriftverkehr Eltern
2015-03-18 23:14 - 2009-03-17 17:25 - 00000000 ____D () C:\Users\Bossy\Documents\Finanzamt
2015-03-13 19:58 - 2014-11-15 03:09 - 00000000 ____D () C:\Users\Bossy\AppData\Local\.elfohilfe
2015-03-13 19:41 - 2012-02-10 18:06 - 00000000 ____D () C:\ProgramData\elsterformular
2015-03-12 19:25 - 2013-08-16 17:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 19:16 - 2006-11-02 12:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2015-03-31 20:36 - 2015-04-02 21:04 - 0000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2009-05-03 16:32 - 2015-04-01 18:19 - 0000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2009-01-30 18:27 - 2015-04-01 22:43 - 0204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-02 20:35 - 2014-01-02 20:37 - 0146741 _____ () C:\Users\Bossy\AppData\Local\edsinstaller.txt-20140102.log
2015-03-31 23:51 - 2015-04-01 00:06 - 0004728 _____ () C:\Users\Bossy\AppData\Local\Temp-log.txt
2008-12-20 14:53 - 2008-12-20 14:58 - 0006048 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-04-01 22:34 - 2015-04-08 20:09 - 0027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 20:24 - 2015-04-01 20:24 - 0027839 _____ () C:\ProgramData\nvModes.dat
2013-12-31 01:25 - 2013-12-31 01:26 - 0000090 _____ () C:\ProgramData\PS.log

Files to move or delete:
====================
C:\Users\Bossy\Dropbox 1.1.35.exe
C:\Users\Bossy\wlsetup-web.exe


Some content of TEMP:
====================
C:\Users\Bossy\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnfzzte.dll
C:\Users\Bossy\AppData\Local\temp\Quarantine.exe
C:\Users\Bossy\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-08 20:15

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Bossy at 2015-04-08 22:22:07
Running from C:\Users\Bossy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0701 - Acer Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
Free Studio version 6.4.0.1122 (HKLM\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.52 - Conexant Systems)
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote 2003 (HKLM\...\{90A10407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (HKLM\...\{903B0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.7 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\Bossy\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

01-04-2015 20:07:07 Wiederherstellungsvorgang
01-04-2015 20:47:05 Revo Uninstaller's restore point - CoupuSScaennier
01-04-2015 21:03:01 Revo Uninstaller's restore point - MaxProvider
01-04-2015 22:29:35 Revo Uninstaller's restore point - Allin1Convert Internet Explorer Toolbar
01-04-2015 22:35:39 Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 22:36:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 23:23:32 Windows Update
02-04-2015 21:15:23 Revo Uninstaller's restore point - Google Chrome
05-04-2015 22:28:19 ComboFix created restore point
05-04-2015 22:28:23 Windows Update
08-04-2015 22:15:19 Revo Uninstaller's restore point - ESET Online Scanner v3

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-04-05 22:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CFAE5A8-5E69-48C3-896D-01FE08F920FB} - System32\Tasks\RunTool => C:\Users\Bossy\AppData\Local\1e8098b0-759c-45bd-bba9-33ce9038164b\sysad.exe [2015-02-25] ()
Task: {15A77AE5-3385-481D-9274-3EF9246D733C} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {336343BC-5BD6-4898-BEDB-6AE1343F53E3} - \RocketTab No Task File <==== ATTENTION
Task: {3B03607A-1E5B-4987-B496-3CE38BE335A7} - System32\Tasks\{4F8ABF1E-C3A6-4815-B289-2488494D7739} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.152.259/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {418261C4-9CC2-4378-8EA3-1E1304265AAA} - System32\Tasks\Microsoft\Windows\RestartManager\{3E700159-D7B9-4c03-A8D4-B3DC07D3EE5F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {56685EE7-0FB5-4F5C-995A-70617EA6A936} - \ASP No Task File <==== ATTENTION
Task: {8A3A4E34-E155-41D7-A475-1E1CFDA13268} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {A1C3A25A-E251-4913-BD95-9F35C748CB4E} - \bench-sys No Task File <==== ATTENTION
Task: {EA4A2A10-7261-4800-A6DC-C077AD69C038} - System32\Tasks\{B21CF838-32DF-4D72-BCDB-9455AFD8AF86} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123.259/de/abandoninstall?source=lightinstaller&amp;page=tsBing

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2008-10-16 17:57 - 2008-10-16 17:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-03-17 16:45 - 2001-10-28 17:42 - 00116224 ____N () C:\Windows\System32\pdfcmnnt.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-11-27 20:54 - 2008-08-19 15:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-11-27 20:54 - 2008-11-27 20:54 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-11-27 21:56 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-11-27 21:56 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2009-03-23 19:50 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2015-04-08 20:14 - 2015-04-08 20:14 - 00043008 _____ () c:\users\bossy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnfzzte.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:58DD92AC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\wolken_12.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Schnellstart.lnk => C:\Windows\pss\Microsoft Office OneNote 2003 Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bossy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1970263591-3964681878-2414383680-500 - Administrator - Disabled)
Bossy (S-1-5-21-1970263591-3964681878-2414383680-1000 - Administrator - Enabled) => C:\Users\Bossy
Gast (S-1-5-21-1970263591-3964681878-2414383680-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 10:15:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {b314288a-58ec-41a1-bdb7-c34b01627888}

Error: (04/08/2015 08:09:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2015 05:00:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/08/2015 08:07:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll

Error: (04/08/2015 08:07:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll

Error: (04/08/2015 08:07:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll

Error: (04/08/2015 08:07:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Softwarelizenzierung11200001Neustart des Diensts

Error: (04/08/2015 08:07:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts

Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel(R) Matrix Storage Event Monitor1

Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts

Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1

Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel® PROSet/Wireless Registry Service1

Error: (04/08/2015 08:07:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NTI Backup Now 5 Scheduler Service1


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-08 22:22:01.908
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-08 22:22:01.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-08 22:22:01.152
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-08 22:22:00.788
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-08 22:22:00.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-08 22:21:59.924
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-08 22:21:59.563
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-08 22:21:59.178
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-08 22:21:35.024
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-08 22:21:34.663
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 56%
Total physical RAM: 3066.12 MB
Available physical RAM: 1320.32 MB
Total Pagefile: 6336.63 MB
Available Pagefile: 4516.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.48 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:69.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:54.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 50A5B170)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

==================== End Of Log ============================
Ich sag schon mal danke (!!!), denn so langsam hab ich das Gefühl mein Laptop ist voll gestopft mit Viren und Trojanern!
Du gibst mir aber doch Bescheid, wenn alles tutti ist, oder?

Alt 09.04.2015, 12:12   #13
schrauber
/// the machine
/// TB-Ausbilder
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\55a028ea-91bf-4d6a-a550-d23f9320ad6d
C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\Profiles\user.js
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kidprint.lnk
ShortcutTarget: kidprint.lnk -> C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe (No File)
C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Task: {15A77AE5-3385-481D-9274-3EF9246D733C} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION

Task: {336343BC-5BD6-4898-BEDB-6AE1343F53E3} - \RocketTab No Task File <==== ATTENTION

Task: {56685EE7-0FB5-4F5C-995A-70617EA6A936} - \ASP No Task File <==== ATTENTION

Task: {8A3A4E34-E155-41D7-A475-1E1CFDA13268} - \RocketTab Update Task No Task File <==== ATTENTION

Task: {A1C3A25A-E251-4913-BD95-9F35C748CB4E} - \bench-sys No Task File <==== ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.04.2015, 16:42   #14
Phily11
 
Search Protect in Taskleiste - Frage

Search Protect in Taskleiste


Ich hab gar kein Firefox, weder im Revo Uninstaller, noch in der Suche unter Start finde ich Firefox. Ich hab nur mal ´ne Mail bekommen, in der als Fußzeile Firefox genannt war.

Soll ich den zweiten Schritt dann trotzdem machen??? Ich hab als Browser den Internet Explorer...

Alt 10.04.2015, 07:24   #15
schrauber
/// the machine
/// TB-Ausbilder
 
Search Protect in Taskleiste - Standard

Search Protect in Taskleiste


Ja mach mal den Fix.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 1 von 2 1 2

Themen zu Search Protect in Taskleiste
andere, anderen, arten, beitrag, entfern, protect, runterladen, search, search protect, starte, starten, taskleiste, thema


« Win 8 - Ständiger Virenfund + Automatische Werbeumleitung im Browser | Windows 7: Ungültiges Bild (error) VC32LO »


Ähnliche Themen: Search Protect in Taskleiste


  1. Search Protect Problem
    Plagegeister aller Art und deren Bekämpfung - 22.08.2016 (21)
  2. Search Protect in der Taskleiste nach Skype download!
    Plagegeister aller Art und deren Bekämpfung - 23.04.2015 (7)
  3. Search Protect in Taskleiste
    Lob, Kritik und Wünsche - 16.04.2015 (1)
  4. Search Protect entfernen
    Anleitungen, FAQs & Links - 04.03.2015 (2)
  5. "search protect" in taskleiste (windows7)
    Log-Analyse und Auswertung - 13.02.2015 (13)
  6. Search Protect und Co entfernen
    Plagegeister aller Art und deren Bekämpfung - 30.12.2014 (19)
  7. Search Protect, eventl. maleware, in der Windows Taskleiste - unter installierten Programmen in der Systemsteuerung nicht aufgeführt - Win 7
    Plagegeister aller Art und deren Bekämpfung - 24.12.2014 (3)
  8. Protect search -wie werde ich ihn los?
    Log-Analyse und Auswertung - 03.12.2014 (10)
  9. Search Protect, eventl. maleware, in der Windows Taskleiste - unter installierten Programmen in der Systemsteuerung nicht aufgeführt - Win 7
    Plagegeister aller Art und deren Bekämpfung - 13.10.2014 (10)
  10. Search Protect in Taskleiste und nicht deinstallierbar
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (17)
  11. Search Protect mitinstalliert
    Plagegeister aller Art und deren Bekämpfung - 22.08.2014 (15)
  12. Search Protect (trovi.com, search.iminent.com), Fehler bei der Deinstallation.
    Plagegeister aller Art und deren Bekämpfung - 22.07.2014 (17)
  13. Problem mit Search Protect
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (18)
  14. Search Protect Beseitigung
    Log-Analyse und Auswertung - 05.05.2014 (11)
  15. Search Protect / V-bates 2.0.0.438
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (11)
  16. Search protect - conduit
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (17)
  17. search protect condoit
    Alles rund um Windows - 29.12.2013 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Search Protect in Taskleiste - Hallo! Ich habe Search Protect in der Taskleiste und bekomme es nicht entfernt. Leider habe ich es zu spät gesehen und mein Viren-Programm ist in der Zwischenzeit sicherlich schon ein - Search Protect in Taskleiste...
Archiv
Du betrachtest: Search Protect in Taskleiste auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19