Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Search Protect in Taskleiste (https://www.trojaner-board.de/165744-search-protect-taskleiste.html)

Phily11 10.04.2015 17:10
Mir ist unklar, ob das relevant ist, aber als ich die Fixlist abspeichern wollte, gab´s folgende Meldung:

"Diese Datei enthält Zeichen im Unicode-Format, die verloren gehen, wenn die Datei im ANSI-Textformat gespeichert wird. Klicken Sie auf "Abbrechen", und wählen Sie eine der Unicode-Optionen aus dem Listenfeld "Codierung", um die Unicode-Informationen beizubehalten. Vorgang fortsetzen?"

Ich hab ok gemacht...

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Bossy at 2015-04-10 17:56:59 Run:1
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Loaded Profiles: Bossy &  (Available profiles: Bossy)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\55a028ea-91bf-4d6a-a550-d23f9320ad6d
C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\Profiles\user.js
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
AppInit_DLLs: ~1??????( => ~1??????( File Not Found
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kidprint.lnk
ShortcutTarget: kidprint.lnk -> C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe (No File)
C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Task: {15A77AE5-3385-481D-9274-3EF9246D733C} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION

Task: {336343BC-5BD6-4898-BEDB-6AE1343F53E3} - \RocketTab No Task File <==== ATTENTION

Task: {56685EE7-0FB5-4F5C-995A-70617EA6A936} - \ASP No Task File <==== ATTENTION

Task: {8A3A4E34-E155-41D7-A475-1E1CFDA13268} - \RocketTab Update Task No Task File <==== ATTENTION

Task: {A1C3A25A-E251-4913-BD95-9F35C748CB4E} - \bench-sys No Task File <==== ATTENTION
Emptytemp:
       
*****************

C:\55a028ea-91bf-4d6a-a550-d23f9320ad6d => Moved successfully.
C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\Profiles\user.js => Moved successfully.
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll => Moved successfully.
"~1??????(" => Value Data not found.
C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kidprint.lnk => Moved successfully.
C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe not found.
C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1} => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15A77AE5-3385-481D-9274-3EF9246D733C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15A77AE5-3385-481D-9274-3EF9246D733C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{336343BC-5BD6-4898-BEDB-6AE1343F53E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{336343BC-5BD6-4898-BEDB-6AE1343F53E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56685EE7-0FB5-4F5C-995A-70617EA6A936}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56685EE7-0FB5-4F5C-995A-70617EA6A936}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A3A4E34-E155-41D7-A475-1E1CFDA13268}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A3A4E34-E155-41D7-A475-1E1CFDA13268}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1C3A25A-E251-4913-BD95-9F35C748CB4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1C3A25A-E251-4913-BD95-9F35C748CB4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => Key deleted successfully.
EmptyTemp: => Removed 255.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:57:47 ====
LastRegBack: 2015-04-10 18:07

==================== End Of Log ============================

Hab´s dann nochmal laufen lassen...


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Bossy (administrator) on BOSSY-PC on 10-04-2015 18:08:11
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Loaded Profiles: Bossy (Available profiles: Bossy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Dropbox, Inc.) C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Neuer Ordner\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-30]
FF Extension: No Name - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-12-01]
FF Extension: Movie2kDownloader - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009-12-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-27]
FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-01]
FF Extension: No Name - C:\Program Files\AmiExt\flashEnhancer\ff [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [36864 2009-03-06] (Apple, Inc.) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402432 2006-01-19] (ZyDAS Technology Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Bossy\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 17:49 - 2015-04-09 17:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bossy\Downloads\revosetup95.exe
2015-04-08 22:50 - 2015-04-10 18:08 - 00000000 ____D () C:\Users\Bossy\Desktop\Neuer Ordner (2)
2015-04-08 20:14 - 2015-04-08 20:14 - 00000182 _____ () C:\Windows\wininit.ini
2015-04-06 16:44 - 2015-04-06 16:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BOSSY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-06 16:44 - 2015-04-06 16:44 - 00000000 ____D () C:\RegBackup
2015-04-06 16:16 - 2015-04-08 20:07 - 00000000 ____D () C:\AdwCleaner
2015-04-06 15:41 - 2015-04-10 18:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-06 15:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 15:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-06 15:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-05 22:43 - 2015-04-05 22:43 - 00015328 _____ () C:\ComboFix.txt
2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\Qoobox
2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\ComboFix
2015-04-05 22:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-05 22:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-05 22:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-05 22:27 - 2015-04-05 22:42 - 00000000 ____D () C:\Windows\erdnt
2015-04-01 23:40 - 2015-04-01 23:40 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ___RD () C:\Program Files\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Users\Bossy\AppData\Local\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-01 22:40 - 2015-04-10 18:00 - 00016072 _____ () C:\Windows\PFRO.log
2015-04-01 22:34 - 2015-04-10 18:00 - 00027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 22:28 - 2015-04-10 18:08 - 00000000 ____D () C:\FRST
2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Downloads\FRST.exe
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setupact.log
2015-04-01 20:24 - 2015-04-01 20:24 - 00027839 _____ () C:\ProgramData\nvModes.dat
2015-04-01 00:00 - 2015-04-09 17:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-31 20:36 - 2015-04-02 21:04 - 00000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2015-03-13 19:43 - 2015-03-13 19:43 - 00000986 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-03-13 19:43 - 2015-03-13 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-03-13 19:41 - 2015-03-13 19:41 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-03-13 19:13 - 2015-03-13 19:18 - 00000000 ____D () C:\Users\Bossy\AppData\Local\elfopatch
2015-03-13 19:09 - 2015-03-13 19:15 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k (1).exe
2015-03-13 19:00 - 2015-03-13 19:05 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k.exe
2015-03-13 16:33 - 2015-02-26 04:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 16:33 - 2015-02-26 04:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 16:33 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 16:33 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 19:27 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 19:26 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 19:25 - 2015-02-26 02:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 19:15 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 19:15 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 19:14 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 19:13 - 2015-03-06 06:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 19:12 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 19:11 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 23:16 - 2015-02-21 19:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 23:16 - 2015-02-21 19:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 23:16 - 2015-02-21 19:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 23:16 - 2015-02-21 19:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 23:16 - 2015-02-21 19:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 23:16 - 2015-02-21 19:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 23:16 - 2015-02-21 19:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 23:16 - 2015-02-21 19:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 23:16 - 2015-02-21 19:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 23:16 - 2015-02-21 19:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 23:16 - 2015-02-21 19:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 23:16 - 2015-02-21 19:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 23:16 - 2015-02-21 19:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 23:16 - 2015-02-21 19:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 23:16 - 2015-02-21 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 18:08 - 2008-01-21 09:16 - 01574846 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 18:05 - 2008-12-20 14:31 - 01726371 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 18:04 - 2011-07-11 21:10 - 00000000 ___RD () C:\Users\Bossy\Dropbox
2015-04-10 18:04 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Dropbox
2015-04-10 18:01 - 2008-11-27 21:26 - 00000147 _____ () C:\Windows\system32\agent.log
2015-04-10 18:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 18:00 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-10 18:00 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 17:59 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-08 20:14 - 2011-07-11 21:10 - 00000923 _____ () C:\Users\Bossy\Desktop\Dropbox.lnk
2015-04-08 20:14 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-08 19:27 - 2010-11-11 23:46 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Skype
2015-04-06 16:20 - 2009-01-29 23:22 - 00000000 ____D () C:\Users\Bossy
2015-04-06 16:18 - 2009-12-05 02:05 - 00000000 ____D () C:\ProgramData\ICQ
2015-04-06 16:07 - 2009-03-17 16:51 - 00086480 _____ () C:\Users\Bossy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-06 16:05 - 2006-11-02 14:47 - 00347504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-04-05 22:40 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-02 21:26 - 2008-11-27 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-02 21:17 - 2008-12-20 14:44 - 00000000 ____D () C:\Program Files\Google
2015-04-02 00:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-01 23:40 - 2009-03-22 23:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-01 23:04 - 2009-01-29 23:25 - 00001797 _____ () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-01 22:43 - 2009-01-30 18:27 - 00204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-01 20:13 - 2013-08-16 23:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-01 20:13 - 2009-09-05 19:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-04-01 20:13 - 2006-11-02 12:22 - 52428800 _____ () C:\Windows\system32\config\software_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\components_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 31981568 _____ () C:\Windows\system32\config\system_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-01 18:19 - 2009-05-03 16:32 - 00000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2015-04-01 01:27 - 2008-12-20 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-01 01:12 - 2008-11-27 21:50 - 00000000 ____D () C:\Program Files\Cyberlink
2015-04-01 01:12 - 2008-11-27 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-01 01:10 - 2008-11-27 20:46 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-04-01 01:10 - 2008-11-27 20:45 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-04-01 01:06 - 2008-11-27 20:49 - 00000000 ____D () C:\Program Files\Winbond Electronics Corporation
2015-04-01 01:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system
2015-03-31 23:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-22 22:57 - 2011-10-26 21:52 - 00000000 ____D () C:\Users\Bossy\Documents\Schriftverkehr Eltern
2015-03-18 23:14 - 2009-03-17 17:25 - 00000000 ____D () C:\Users\Bossy\Documents\Finanzamt
2015-03-13 19:58 - 2014-11-15 03:09 - 00000000 ____D () C:\Users\Bossy\AppData\Local\.elfohilfe
2015-03-13 19:41 - 2012-02-10 18:06 - 00000000 ____D () C:\ProgramData\elsterformular
2015-03-12 19:25 - 2013-08-16 17:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 19:16 - 2006-11-02 12:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2015-03-31 20:36 - 2015-04-02 21:04 - 0000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2009-05-03 16:32 - 2015-04-01 18:19 - 0000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2009-01-30 18:27 - 2015-04-01 22:43 - 0204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-02 20:35 - 2014-01-02 20:37 - 0146741 _____ () C:\Users\Bossy\AppData\Local\edsinstaller.txt-20140102.log
2015-03-31 23:51 - 2015-04-01 00:06 - 0004728 _____ () C:\Users\Bossy\AppData\Local\Temp-log.txt
2008-12-20 14:53 - 2008-12-20 14:58 - 0006048 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-04-01 22:34 - 2015-04-10 18:00 - 0027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 20:24 - 2015-04-01 20:24 - 0027839 _____ () C:\ProgramData\nvModes.dat
2013-12-31 01:25 - 2013-12-31 01:26 - 0000090 _____ () C:\ProgramData\PS.log

Files to move or delete:
====================
C:\Users\Bossy\Dropbox 1.1.35.exe
C:\Users\Bossy\wlsetup-web.exe


Some content of TEMP:
====================
C:\Users\Bossy\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbovybb.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-10 18:07

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 11.04.2015 07:25
Diesmal die Fixlist bitte in UNICODE speichern.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Phily11 11.04.2015 11:59
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Bossy at 2015-04-11 12:57:58 Run:2
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Loaded Profiles: Bossy &  (Available profiles: Bossy)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found
       
*****************

"~1穂娺篦ࠀ毸(" => Value Data not found.

==== End of Fixlog 12:57:58 ====

schrauber 11.04.2015 18:23
Frisches FRST log bitte. Noch Probleme?

Phily11 12.04.2015 16:34
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by Bossy (administrator) on BOSSY-PC on 12-04-2015 17:32:00
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Loaded Profiles: Bossy &  (Available profiles: Bossy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Dropbox, Inc.) C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Neuer Ordner\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-30]
FF Extension: No Name - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-12-01]
FF Extension: Movie2kDownloader - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009-12-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-27]
FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-01]
FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files\AmiExt\flashEnhancer\ff [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [36864 2009-03-06] (Apple, Inc.) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402432 2006-01-19] (ZyDAS Technology Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Bossy\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 17:49 - 2015-04-09 17:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bossy\Downloads\revosetup95.exe
2015-04-08 22:50 - 2015-04-12 17:32 - 00000000 ____D () C:\Users\Bossy\Desktop\Neuer Ordner (2)
2015-04-08 20:14 - 2015-04-08 20:14 - 00000182 _____ () C:\Windows\wininit.ini
2015-04-06 16:44 - 2015-04-06 16:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BOSSY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-06 16:44 - 2015-04-06 16:44 - 00000000 ____D () C:\RegBackup
2015-04-06 16:16 - 2015-04-08 20:07 - 00000000 ____D () C:\AdwCleaner
2015-04-06 15:41 - 2015-04-11 15:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-06 15:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 15:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-06 15:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-05 22:43 - 2015-04-05 22:43 - 00015328 _____ () C:\ComboFix.txt
2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\Qoobox
2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\ComboFix
2015-04-05 22:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-05 22:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-05 22:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-05 22:27 - 2015-04-05 22:42 - 00000000 ____D () C:\Windows\erdnt
2015-04-01 23:40 - 2015-04-01 23:40 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ___RD () C:\Program Files\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Users\Bossy\AppData\Local\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-01 22:40 - 2015-04-10 18:00 - 00016072 _____ () C:\Windows\PFRO.log
2015-04-01 22:34 - 2015-04-10 18:00 - 00027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 22:28 - 2015-04-12 17:32 - 00000000 ____D () C:\FRST
2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Downloads\FRST.exe
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setupact.log
2015-04-01 20:24 - 2015-04-01 20:24 - 00027839 _____ () C:\ProgramData\nvModes.dat
2015-04-01 00:00 - 2015-04-09 17:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-31 20:36 - 2015-04-02 21:04 - 00000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2015-03-13 19:43 - 2015-03-13 19:43 - 00000986 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-03-13 19:43 - 2015-03-13 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-03-13 19:41 - 2015-03-13 19:41 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-03-13 19:13 - 2015-03-13 19:18 - 00000000 ____D () C:\Users\Bossy\AppData\Local\elfopatch
2015-03-13 19:09 - 2015-03-13 19:15 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k (1).exe
2015-03-13 19:00 - 2015-03-13 19:05 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k.exe
2015-03-13 16:33 - 2015-02-26 04:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 16:33 - 2015-02-26 04:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 16:33 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 16:33 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 17:31 - 2008-12-20 14:31 - 01781563 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 17:30 - 2010-11-11 23:46 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Skype
2015-04-11 15:02 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 15:02 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 18:21 - 2008-11-27 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-10 18:08 - 2008-01-21 09:16 - 01574846 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 18:04 - 2011-07-11 21:10 - 00000000 ___RD () C:\Users\Bossy\Dropbox
2015-04-10 18:04 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Dropbox
2015-04-10 18:01 - 2008-11-27 21:26 - 00000147 _____ () C:\Windows\system32\agent.log
2015-04-10 18:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 17:59 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-08 20:14 - 2011-07-11 21:10 - 00000923 _____ () C:\Users\Bossy\Desktop\Dropbox.lnk
2015-04-08 20:14 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-06 16:20 - 2009-01-29 23:22 - 00000000 ____D () C:\Users\Bossy
2015-04-06 16:18 - 2009-12-05 02:05 - 00000000 ____D () C:\ProgramData\ICQ
2015-04-06 16:07 - 2009-03-17 16:51 - 00086480 _____ () C:\Users\Bossy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-06 16:05 - 2006-11-02 14:47 - 00347504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-04-05 22:40 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-02 21:17 - 2008-12-20 14:44 - 00000000 ____D () C:\Program Files\Google
2015-04-02 00:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-01 23:40 - 2009-03-22 23:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-01 23:04 - 2009-01-29 23:25 - 00001797 _____ () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-01 22:43 - 2009-01-30 18:27 - 00204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-01 20:13 - 2013-08-16 23:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-01 20:13 - 2009-09-05 19:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-04-01 20:13 - 2006-11-02 12:22 - 52428800 _____ () C:\Windows\system32\config\software_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\components_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 31981568 _____ () C:\Windows\system32\config\system_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-01 18:19 - 2009-05-03 16:32 - 00000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2015-04-01 01:27 - 2008-12-20 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-01 01:12 - 2008-11-27 21:50 - 00000000 ____D () C:\Program Files\Cyberlink
2015-04-01 01:12 - 2008-11-27 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-01 01:10 - 2008-11-27 20:46 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-04-01 01:10 - 2008-11-27 20:45 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-04-01 01:06 - 2008-11-27 20:49 - 00000000 ____D () C:\Program Files\Winbond Electronics Corporation
2015-04-01 01:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system
2015-03-31 23:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-22 22:57 - 2011-10-26 21:52 - 00000000 ____D () C:\Users\Bossy\Documents\Schriftverkehr Eltern
2015-03-18 23:14 - 2009-03-17 17:25 - 00000000 ____D () C:\Users\Bossy\Documents\Finanzamt
2015-03-13 19:58 - 2014-11-15 03:09 - 00000000 ____D () C:\Users\Bossy\AppData\Local\.elfohilfe
2015-03-13 19:41 - 2012-02-10 18:06 - 00000000 ____D () C:\ProgramData\elsterformular

==================== Files in the root of some directories =======

2015-03-31 20:36 - 2015-04-02 21:04 - 0000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2009-05-03 16:32 - 2015-04-01 18:19 - 0000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2009-01-30 18:27 - 2015-04-01 22:43 - 0204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-02 20:35 - 2014-01-02 20:37 - 0146741 _____ () C:\Users\Bossy\AppData\Local\edsinstaller.txt-20140102.log
2015-03-31 23:51 - 2015-04-01 00:06 - 0004728 _____ () C:\Users\Bossy\AppData\Local\Temp-log.txt
2008-12-20 14:53 - 2008-12-20 14:58 - 0006048 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-04-01 22:34 - 2015-04-10 18:00 - 0027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 20:24 - 2015-04-01 20:24 - 0027839 _____ () C:\ProgramData\nvModes.dat
2013-12-31 01:25 - 2013-12-31 01:26 - 0000090 _____ () C:\ProgramData\PS.log

Files to move or delete:
====================
C:\Users\Bossy\Dropbox 1.1.35.exe
C:\Users\Bossy\wlsetup-web.exe


Some content of TEMP:
====================
C:\Users\Bossy\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbovybb.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-10 18:12

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2015
Ran by Bossy at 2015-04-12 17:32:39
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0701 - Acer Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
Free Studio version 6.4.0.1122 (HKLM\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.52 - Conexant Systems)
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote 2003 (HKLM\...\{90A10407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (HKLM\...\{903B0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.7 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\Bossy\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\Bossy\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

01-04-2015 22:29:35 Revo Uninstaller's restore point - Allin1Convert Internet Explorer Toolbar
01-04-2015 22:35:39 Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 22:36:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 23:23:32 Windows Update
02-04-2015 21:15:23 Revo Uninstaller's restore point - Google Chrome
05-04-2015 22:28:19 ComboFix created restore point
05-04-2015 22:28:23 Windows Update
08-04-2015 22:15:19 Revo Uninstaller's restore point - ESET Online Scanner v3
09-04-2015 17:46:16 Revo Uninstaller's restore point - Revo Uninstaller 1.95
10-04-2015 18:16:08 Windows Update
11-04-2015 13:38:00 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-04-05 22:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CFAE5A8-5E69-48C3-896D-01FE08F920FB} - System32\Tasks\RunTool => C:\Users\Bossy\AppData\Local\1e8098b0-759c-45bd-bba9-33ce9038164b\sysad.exe [2015-02-25] ()
Task: {3B03607A-1E5B-4987-B496-3CE38BE335A7} - System32\Tasks\{4F8ABF1E-C3A6-4815-B289-2488494D7739} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.152.259/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {418261C4-9CC2-4378-8EA3-1E1304265AAA} - System32\Tasks\Microsoft\Windows\RestartManager\{3E700159-D7B9-4c03-A8D4-B3DC07D3EE5F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {EA4A2A10-7261-4800-A6DC-C077AD69C038} - System32\Tasks\{B21CF838-32DF-4D72-BCDB-9455AFD8AF86} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123.259/de/abandoninstall?source=lightinstaller&amp;page=tsBing

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2008-10-16 17:57 - 2008-10-16 17:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-03-17 16:45 - 2001-10-28 17:42 - 00116224 ____N () C:\Windows\System32\pdfcmnnt.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-11-27 20:54 - 2008-08-19 15:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-11-27 20:54 - 2008-11-27 20:54 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-11-27 21:56 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-11-27 21:56 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2009-03-23 19:50 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2015-04-10 18:04 - 2015-04-10 18:04 - 00043008 _____ () c:\users\bossy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbovybb.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2009-08-05 11:45 - 2009-08-05 11:45 - 00106312 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:58DD92AC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\wolken_12.jpg
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\wolken_12.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Schnellstart.lnk => C:\Windows\pss\Microsoft Office OneNote 2003 Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bossy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1970263591-3964681878-2414383680-500 - Administrator - Disabled)
Bossy (S-1-5-21-1970263591-3964681878-2414383680-1000 - Administrator - Enabled) => C:\Users\Bossy
Gast (S-1-5-21-1970263591-3964681878-2414383680-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (04/11/2015 00:41:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000stisvc

Error: (04/10/2015 05:58:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.195.2385.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.7.0205.00

        Quellpfad: 4.7.0205.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (04/08/2015 08:07:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll

Error: (04/08/2015 08:07:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll

Error: (04/08/2015 08:07:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll

Error: (04/08/2015 08:07:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Softwarelizenzierung11200001Neustart des Diensts

Error: (04/08/2015 08:07:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts

Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel(R) Matrix Storage Event Monitor1

Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts

Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-12 17:32:32.661
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 17:32:32.179
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 17:32:31.707
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 17:32:31.279
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 17:30:55.085
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 17:30:54.351
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 17:30:53.771
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 17:30:53.069
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 17:30:52.191
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-11 13:39:20.387
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 3066.12 MB
Available physical RAM: 1362.24 MB
Total Pagefile: 6336.63 MB
Available Pagefile: 4338.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.88 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:72.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:54.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 50A5B170)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

==================== End Of Log ============================

schrauber 13.04.2015 08:27
Der Eintrag ist noch da. Macht der Rechner noch Probleme?

Phily11 13.04.2015 17:12
Welchen Eintrag meinst Du? Firefox? Ich hab da noch ´ne Datei entdeckt, gelöscht und frisches FRST log gemacht


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by Bossy (administrator) on BOSSY-PC on 13-04-2015 18:08:10
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Loaded Profiles: Bossy (Available profiles: Bossy)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Dropbox, Inc.) C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() D:\omegavesko-SimpleADBBackup-0790701\adb.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Neuer Ordner\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-30]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009-12-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-27]
FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-01]
FF Extension: No Name - C:\Program Files\AmiExt\flashEnhancer\ff [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [36864 2009-03-06] (Apple, Inc.) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402432 2006-01-19] (ZyDAS Technology Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Bossy\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 20:47 - 2015-04-12 20:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2015-04-12 20:46 - 2015-04-12 20:46 - 00000000 ____D () C:\Windows\LastGood
2015-04-12 20:36 - 2013-02-10 02:18 - 00000000 ____D () C:\Users\Bossy\Desktop\omegavesko-SimpleADBBackup-0790701
2015-04-12 20:11 - 2015-04-12 20:12 - 33402372 _____ () C:\Users\Bossy\Downloads\omegavesko-SimpleADBBackup-0790701.zip
2015-04-09 17:49 - 2015-04-09 17:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bossy\Downloads\revosetup95.exe
2015-04-08 22:50 - 2015-04-13 18:08 - 00000000 ____D () C:\Users\Bossy\Desktop\Neuer Ordner (2)
2015-04-08 20:14 - 2015-04-08 20:14 - 00000182 _____ () C:\Windows\wininit.ini
2015-04-06 16:44 - 2015-04-06 16:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BOSSY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-06 16:44 - 2015-04-06 16:44 - 00000000 ____D () C:\RegBackup
2015-04-06 16:16 - 2015-04-08 20:07 - 00000000 ____D () C:\AdwCleaner
2015-04-06 15:41 - 2015-04-12 21:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-06 15:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 15:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-06 15:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-05 22:43 - 2015-04-05 22:43 - 00015328 _____ () C:\ComboFix.txt
2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\Qoobox
2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\ComboFix
2015-04-05 22:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-05 22:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-05 22:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-05 22:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-05 22:27 - 2015-04-05 22:42 - 00000000 ____D () C:\Windows\erdnt
2015-04-01 23:40 - 2015-04-01 23:40 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ___RD () C:\Program Files\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Users\Bossy\AppData\Local\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-01 22:40 - 2015-04-10 18:00 - 00016072 _____ () C:\Windows\PFRO.log
2015-04-01 22:34 - 2015-04-10 18:00 - 00027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 22:28 - 2015-04-13 18:08 - 00000000 ____D () C:\FRST
2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Downloads\FRST.exe
2015-04-01 21:11 - 2015-04-12 20:47 - 00000928 _____ () C:\Windows\setupact.log
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-01 20:24 - 2015-04-01 20:24 - 00027839 _____ () C:\ProgramData\nvModes.dat
2015-04-01 00:00 - 2015-04-09 17:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-31 20:36 - 2015-04-02 21:04 - 00000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 17:48 - 2008-12-20 14:31 - 01851529 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 17:28 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 17:28 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 20:46 - 2009-01-29 23:22 - 00000000 ____D () C:\Users\Bossy
2015-04-12 20:22 - 2012-02-11 16:24 - 00000000 ____D () C:\Neuer Ordner
2015-04-12 17:30 - 2010-11-11 23:46 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Skype
2015-04-10 18:21 - 2008-11-27 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-10 18:08 - 2008-01-21 09:16 - 01574846 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 18:04 - 2011-07-11 21:10 - 00000000 ___RD () C:\Users\Bossy\Dropbox
2015-04-10 18:04 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Dropbox
2015-04-10 18:01 - 2008-11-27 21:26 - 00000147 _____ () C:\Windows\system32\agent.log
2015-04-10 18:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 17:59 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-08 20:14 - 2011-07-11 21:10 - 00000923 _____ () C:\Users\Bossy\Desktop\Dropbox.lnk
2015-04-08 20:14 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-06 16:18 - 2009-12-05 02:05 - 00000000 ____D () C:\ProgramData\ICQ
2015-04-06 16:07 - 2009-03-17 16:51 - 00086480 _____ () C:\Users\Bossy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-06 16:05 - 2006-11-02 14:47 - 00347504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-04-05 22:40 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-02 21:17 - 2008-12-20 14:44 - 00000000 ____D () C:\Program Files\Google
2015-04-02 00:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-01 23:40 - 2009-03-22 23:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-01 23:04 - 2009-01-29 23:25 - 00001797 _____ () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-01 22:43 - 2009-01-30 18:27 - 00204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-01 20:13 - 2013-08-16 23:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-01 20:13 - 2009-09-05 19:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-04-01 20:13 - 2006-11-02 12:22 - 52428800 _____ () C:\Windows\system32\config\software_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\components_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 31981568 _____ () C:\Windows\system32\config\system_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-01 18:19 - 2009-05-03 16:32 - 00000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2015-04-01 01:27 - 2008-12-20 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-01 01:12 - 2008-11-27 21:50 - 00000000 ____D () C:\Program Files\Cyberlink
2015-04-01 01:12 - 2008-11-27 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-01 01:10 - 2008-11-27 20:46 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-04-01 01:10 - 2008-11-27 20:45 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-04-01 01:06 - 2008-11-27 20:49 - 00000000 ____D () C:\Program Files\Winbond Electronics Corporation
2015-04-01 01:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system
2015-03-31 23:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-22 22:57 - 2011-10-26 21:52 - 00000000 ____D () C:\Users\Bossy\Documents\Schriftverkehr Eltern
2015-03-18 23:14 - 2009-03-17 17:25 - 00000000 ____D () C:\Users\Bossy\Documents\Finanzamt

==================== Files in the root of some directories =======

2015-03-31 20:36 - 2015-04-02 21:04 - 0000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin
2009-05-03 16:32 - 2015-04-01 18:19 - 0000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat
2009-01-30 18:27 - 2015-04-01 22:43 - 0204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-02 20:35 - 2014-01-02 20:37 - 0146741 _____ () C:\Users\Bossy\AppData\Local\edsinstaller.txt-20140102.log
2015-03-31 23:51 - 2015-04-01 00:06 - 0004728 _____ () C:\Users\Bossy\AppData\Local\Temp-log.txt
2008-12-20 14:53 - 2008-12-20 14:58 - 0006048 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-04-01 22:34 - 2015-04-10 18:00 - 0027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 20:24 - 2015-04-01 20:24 - 0027839 _____ () C:\ProgramData\nvModes.dat
2013-12-31 01:25 - 2013-12-31 01:26 - 0000090 _____ () C:\ProgramData\PS.log

Files to move or delete:
====================
C:\Users\Bossy\Dropbox 1.1.35.exe
C:\Users\Bossy\wlsetup-web.exe


Some content of TEMP:
====================
C:\Users\Bossy\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbovybb.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-10 18:12

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2015
Ran by Bossy at 2015-04-13 18:08:48
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0701 - Acer Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
Free Studio version 6.4.0.1122 (HKLM\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.52 - Conexant Systems)
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote 2003 (HKLM\...\{90A10407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (HKLM\...\{903B0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.7 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\Bossy\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

01-04-2015 22:29:35 Revo Uninstaller's restore point - Allin1Convert Internet Explorer Toolbar
01-04-2015 22:35:39 Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 22:36:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 23:23:32 Windows Update
02-04-2015 21:15:23 Revo Uninstaller's restore point - Google Chrome
05-04-2015 22:28:19 ComboFix created restore point
05-04-2015 22:28:23 Windows Update
08-04-2015 22:15:19 Revo Uninstaller's restore point - ESET Online Scanner v3
09-04-2015 17:46:16 Revo Uninstaller's restore point - Revo Uninstaller 1.95
10-04-2015 18:16:08 Windows Update
11-04-2015 13:38:00 Geplanter Prüfpunkt
12-04-2015 20:46:36 Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co., Ltd.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-04-05 22:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CFAE5A8-5E69-48C3-896D-01FE08F920FB} - System32\Tasks\RunTool => C:\Users\Bossy\AppData\Local\1e8098b0-759c-45bd-bba9-33ce9038164b\sysad.exe [2015-02-25] ()
Task: {3B03607A-1E5B-4987-B496-3CE38BE335A7} - System32\Tasks\{4F8ABF1E-C3A6-4815-B289-2488494D7739} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.152.259/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {418261C4-9CC2-4378-8EA3-1E1304265AAA} - System32\Tasks\Microsoft\Windows\RestartManager\{3E700159-D7B9-4c03-A8D4-B3DC07D3EE5F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {EA4A2A10-7261-4800-A6DC-C077AD69C038} - System32\Tasks\{B21CF838-32DF-4D72-BCDB-9455AFD8AF86} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123.259/de/abandoninstall?source=lightinstaller&amp;page=tsBing

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2008-10-16 17:57 - 2008-10-16 17:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-03-17 16:45 - 2001-10-28 17:42 - 00116224 ____N () C:\Windows\System32\pdfcmnnt.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-11-27 20:54 - 2008-08-19 15:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-11-27 20:54 - 2008-11-27 20:54 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-11-27 21:56 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-11-27 21:56 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2009-03-23 19:50 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2015-04-10 18:04 - 2015-04-10 18:04 - 00043008 _____ () c:\users\bossy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbovybb.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-12 20:27 - 2013-02-10 02:18 - 00815104 ____N () D:\omegavesko-SimpleADBBackup-0790701\adb.exe
2009-08-05 11:45 - 2009-08-05 11:45 - 00106312 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:58DD92AC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\wolken_12.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Schnellstart.lnk => C:\Windows\pss\Microsoft Office OneNote 2003 Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bossy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1970263591-3964681878-2414383680-500 - Administrator - Disabled)
Bossy (S-1-5-21-1970263591-3964681878-2414383680-1000 - Administrator - Enabled) => C:\Users\Bossy
Gast (S-1-5-21-1970263591-3964681878-2414383680-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (04/11/2015 00:41:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000stisvc

Error: (04/10/2015 05:58:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.195.2385.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.7.0205.00

        Quellpfad: 4.7.0205.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (04/08/2015 08:07:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll

Error: (04/08/2015 08:07:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll

Error: (04/08/2015 08:07:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll

Error: (04/08/2015 08:07:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Softwarelizenzierung11200001Neustart des Diensts

Error: (04/08/2015 08:07:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts

Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel(R) Matrix Storage Event Monitor1

Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts

Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-13 18:08:43.175
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-13 18:08:42.817
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-13 18:08:42.457
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-13 18:08:42.099
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-13 18:08:41.523
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-13 18:08:41.161
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-13 18:08:40.801
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-13 18:08:40.441
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-13 18:08:21.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-13 18:08:21.213
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 48%
Total physical RAM: 3066.12 MB
Available physical RAM: 1579.27 MB
Total Pagefile: 6336.63 MB
Available Pagefile: 4280.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.69 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:71.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:50.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 50A5B170)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

==================== End Of Log ============================
Probleme hab ich ehrlich gesagt von vornherein nicht gehabt, wahrscheinlich, weil ich so wenig Plan davon hab :D Ich hab halt nur plötzlich gesehen, dass ich dieses Zeichen in der Taskleiste hatte :)

schrauber 14.04.2015 07:03
http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Phily11 16.04.2015 22:11
Defogger hab ich gar nichts gefunden.
Combofix hatte ich nur eine Datei, die ich gelöscht hab.
Als ich Windows+R ausführen wollte, meinte er, dass combofix nicht gefunden werden konnte.

Code:
# DelFix v10.9 - Datei am 16/04/2015 um 22:57:12 erstellt
# Aktualisiert am 27/02/2015 von Xplode
# Benutzer : Bossy - BOSSY-PC
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\Qoobox
Gelöscht : C:\Combofix
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\Bossy\Downloads\FRST.exe
Gelöscht : C:\Windows\grep.exe
Gelöscht : C:\Windows\PEV.exe
Gelöscht : C:\Windows\NIRCMD.exe
Gelöscht : C:\Windows\MBR.exe
Gelöscht : C:\Windows\SED.exe
Gelöscht : C:\Windows\SWREG.exe
Gelöscht : C:\Windows\SWSC.exe
Gelöscht : C:\Windows\SWXCACLS.exe
Gelöscht : C:\Windows\Zip.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #1196 [Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 | 04/01/2015 20:35:39]
Gelöscht : RP #1197 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 | 04/01/2015 20:36:08]
Gelöscht : RP #1198 [Windows Update | 04/01/2015 21:23:32]
Gelöscht : RP #1200 [Revo Uninstaller's restore point - Google Chrome | 04/02/2015 19:15:23]
Gelöscht : RP #1201 [ComboFix created restore point | 04/05/2015 20:28:19]
Gelöscht : RP #1202 [Windows Update | 04/05/2015 20:28:23]
Gelöscht : RP #1204 [Revo Uninstaller's restore point - ESET Online Scanner v3 | 04/08/2015 20:15:19]
Gelöscht : RP #1206 [Revo Uninstaller's restore point - Revo Uninstaller 1.95 | 04/09/2015 15:46:16]
Gelöscht : RP #1207 [Windows Update | 04/10/2015 16:16:08]
Gelöscht : RP #1208 [Geplanter Prüfpunkt | 04/11/2015 11:38:00]
Gelöscht : RP #1209 [Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co., Ltd.  | 04/12/2015 18:46:36]
Gelöscht : RP #1210 [Installed PDF Architect 3 View Module | 04/13/2015 17:23:18]
Gelöscht : RP #1211 [Installed PDF Architect 3 Edit Module | 04/13/2015 17:24:32]
Gelöscht : RP #1212 [Installed PDF Architect 3 Create Module | 04/13/2015 17:25:24]
Gelöscht : RP #1214 [Revo Uninstaller's restore point - PDF Architect 3 | 04/13/2015 17:55:54]
Gelöscht : RP #1215 [Windows Update | 04/13/2015 19:32:26]
Gelöscht : RP #1216 [Windows Update | 04/13/2015 19:44:35]
Gelöscht : RP #1217 [Windows Update | 04/15/2015 20:03:17]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

schrauber 17.04.2015 19:27
passt :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:22 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19