| |
| |||||||
Log-Analyse und Auswertung: Search Protect in TaskleisteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.04.2015, 17:10
| #16 |
 |  Search Protect in Taskleiste Mir ist unklar, ob das relevant ist, aber als ich die Fixlist abspeichern wollte, gab´s folgende Meldung: "Diese Datei enthält Zeichen im Unicode-Format, die verloren gehen, wenn die Datei im ANSI-Textformat gespeichert wird. Klicken Sie auf "Abbrechen", und wählen Sie eine der Unicode-Optionen aus dem Listenfeld "Codierung", um die Unicode-Informationen beizubehalten. Vorgang fortsetzen?" Ich hab ok gemacht... Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Bossy at 2015-04-10 17:56:59 Run:1
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Loaded Profiles: Bossy & (Available profiles: Bossy)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\55a028ea-91bf-4d6a-a550-d23f9320ad6d
C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\Profiles\user.js
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
AppInit_DLLs: ~1??????( => ~1??????( File Not Found
Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kidprint.lnk
ShortcutTarget: kidprint.lnk -> C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe (No File)
C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Task: {15A77AE5-3385-481D-9274-3EF9246D733C} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {336343BC-5BD6-4898-BEDB-6AE1343F53E3} - \RocketTab No Task File <==== ATTENTION
Task: {56685EE7-0FB5-4F5C-995A-70617EA6A936} - \ASP No Task File <==== ATTENTION
Task: {8A3A4E34-E155-41D7-A475-1E1CFDA13268} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {A1C3A25A-E251-4913-BD95-9F35C748CB4E} - \bench-sys No Task File <==== ATTENTION
Emptytemp:
*****************
C:\55a028ea-91bf-4d6a-a550-d23f9320ad6d => Moved successfully.
C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\Profiles\user.js => Moved successfully.
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll => Moved successfully.
"~1??????(" => Value Data not found.
C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kidprint.lnk => Moved successfully.
C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1}\kidprint.exe not found.
C:\ProgramData\{e5340274-51d6-6b05-e534-4027451d09d1} => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15A77AE5-3385-481D-9274-3EF9246D733C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15A77AE5-3385-481D-9274-3EF9246D733C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{336343BC-5BD6-4898-BEDB-6AE1343F53E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{336343BC-5BD6-4898-BEDB-6AE1343F53E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56685EE7-0FB5-4F5C-995A-70617EA6A936}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56685EE7-0FB5-4F5C-995A-70617EA6A936}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A3A4E34-E155-41D7-A475-1E1CFDA13268}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A3A4E34-E155-41D7-A475-1E1CFDA13268}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1C3A25A-E251-4913-BD95-9F35C748CB4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1C3A25A-E251-4913-BD95-9F35C748CB4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => Key deleted successfully.
EmptyTemp: => Removed 255.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:57:47 ====
==================== End Of Log ============================ Hab´s dann nochmal laufen lassen... FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Bossy (administrator) on BOSSY-PC on 10-04-2015 18:08:11 Running from C:\Users\Bossy\Desktop\Neuer Ordner (2) Loaded Profiles: Bossy (Available profiles: Bossy) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\ACER\Mobility Center\MobilityService.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Dropbox, Inc.) C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Neuer Ordner\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-30] FF Extension: No Name - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-12-01] FF Extension: Movie2kDownloader - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13] FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009-12-05] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-27] FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-01] FF Extension: No Name - C:\Program Files\AmiExt\flashEnhancer\ff [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed] R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation) R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [36864 2009-03-06] (Apple, Inc.) [File not signed] R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation) S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402432 2006-01-19] (ZyDAS Technology Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\Bossy\AppData\Local\Temp\catchme.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 RTSTOR; system32\drivers\RTSTOR.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-09 17:49 - 2015-04-09 17:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bossy\Downloads\revosetup95.exe 2015-04-08 22:50 - 2015-04-10 18:08 - 00000000 ____D () C:\Users\Bossy\Desktop\Neuer Ordner (2) 2015-04-08 20:14 - 2015-04-08 20:14 - 00000182 _____ () C:\Windows\wininit.ini 2015-04-06 16:44 - 2015-04-06 16:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BOSSY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat 2015-04-06 16:44 - 2015-04-06 16:44 - 00000000 ____D () C:\RegBackup 2015-04-06 16:16 - 2015-04-08 20:07 - 00000000 ____D () C:\AdwCleaner 2015-04-06 15:41 - 2015-04-10 18:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-04-06 15:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-06 15:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-06 15:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-05 22:43 - 2015-04-05 22:43 - 00015328 _____ () C:\ComboFix.txt 2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\Qoobox 2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\ComboFix 2015-04-05 22:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-05 22:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-05 22:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-05 22:27 - 2015-04-05 22:42 - 00000000 ____D () C:\Windows\erdnt 2015-04-01 23:40 - 2015-04-01 23:40 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ___RD () C:\Program Files\Skype 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Users\Bossy\AppData\Local\Skype 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-04-01 22:40 - 2015-04-10 18:00 - 00016072 _____ () C:\Windows\PFRO.log 2015-04-01 22:34 - 2015-04-10 18:00 - 00027839 _____ () C:\ProgramData\nvModes.001 2015-04-01 22:28 - 2015-04-10 18:08 - 00000000 ____D () C:\FRST 2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Downloads\FRST.exe 2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setupact.log 2015-04-01 20:24 - 2015-04-01 20:24 - 00027839 _____ () C:\ProgramData\nvModes.dat 2015-04-01 00:00 - 2015-04-09 17:22 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-31 20:36 - 2015-04-02 21:04 - 00000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin 2015-03-13 19:43 - 2015-03-13 19:43 - 00000986 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2015-03-13 19:43 - 2015-03-13 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2015-03-13 19:41 - 2015-03-13 19:41 - 00000000 ____D () C:\Program Files\ElsterFormular 2015-03-13 19:13 - 2015-03-13 19:18 - 00000000 ____D () C:\Users\Bossy\AppData\Local\elfopatch 2015-03-13 19:09 - 2015-03-13 19:15 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k (1).exe 2015-03-13 19:00 - 2015-03-13 19:05 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k.exe 2015-03-13 16:33 - 2015-02-26 04:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-13 16:33 - 2015-02-26 04:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-13 16:33 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-13 16:33 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-12 19:27 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-12 19:26 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-12 19:25 - 2015-02-26 02:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-12 19:15 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-12 19:15 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-12 19:14 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-12 19:13 - 2015-03-06 06:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-12 19:12 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-03-12 19:11 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 23:16 - 2015-02-21 19:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 23:16 - 2015-02-21 19:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-03-11 23:16 - 2015-02-21 19:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 23:16 - 2015-02-21 19:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 23:16 - 2015-02-21 19:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 23:16 - 2015-02-21 19:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 23:16 - 2015-02-21 19:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 23:16 - 2015-02-21 19:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-03-11 23:16 - 2015-02-21 19:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 23:16 - 2015-02-21 19:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 23:16 - 2015-02-21 19:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 23:16 - 2015-02-21 19:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 23:16 - 2015-02-21 19:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 23:16 - 2015-02-21 19:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 23:16 - 2015-02-21 19:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 23:16 - 2015-02-21 19:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 23:16 - 2015-02-21 19:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 23:16 - 2015-02-21 19:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 23:16 - 2015-02-21 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-03-11 23:16 - 2015-02-21 19:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-03-11 23:16 - 2015-02-21 19:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-03-11 23:16 - 2015-02-21 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-10 18:08 - 2008-01-21 09:16 - 01574846 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-10 18:05 - 2008-12-20 14:31 - 01726371 _____ () C:\Windows\WindowsUpdate.log 2015-04-10 18:04 - 2011-07-11 21:10 - 00000000 ___RD () C:\Users\Bossy\Dropbox 2015-04-10 18:04 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Dropbox 2015-04-10 18:01 - 2008-11-27 21:26 - 00000147 _____ () C:\Windows\system32\agent.log 2015-04-10 18:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-10 18:00 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-10 18:00 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-10 17:59 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-08 20:14 - 2011-07-11 21:10 - 00000923 _____ () C:\Users\Bossy\Desktop\Dropbox.lnk 2015-04-08 20:14 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-08 19:27 - 2010-11-11 23:46 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Skype 2015-04-06 16:20 - 2009-01-29 23:22 - 00000000 ____D () C:\Users\Bossy 2015-04-06 16:18 - 2009-12-05 02:05 - 00000000 ____D () C:\ProgramData\ICQ 2015-04-06 16:07 - 2009-03-17 16:51 - 00086480 _____ () C:\Users\Bossy\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-06 16:05 - 2006-11-02 14:47 - 00347504 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2015-04-05 22:40 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2015-04-02 21:26 - 2008-11-27 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-02 21:17 - 2008-12-20 14:44 - 00000000 ____D () C:\Program Files\Google 2015-04-02 00:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-01 23:40 - 2009-03-22 23:33 - 00000000 ____D () C:\ProgramData\Skype 2015-04-01 23:04 - 2009-01-29 23:25 - 00001797 _____ () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-01 22:43 - 2009-01-30 18:27 - 00204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-01 20:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2015-04-01 20:13 - 2013-08-16 23:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-04-01 20:13 - 2009-09-05 19:25 - 00000000 ____D () C:\Windows\Minidump 2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool 2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration 2015-04-01 20:13 - 2006-11-02 12:22 - 52428800 _____ () C:\Windows\system32\config\software_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\components_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 31981568 _____ () C:\Windows\system32\config\system_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2015-04-01 18:19 - 2009-05-03 16:32 - 00000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat 2015-04-01 01:27 - 2008-12-20 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-01 01:12 - 2008-11-27 21:50 - 00000000 ____D () C:\Program Files\Cyberlink 2015-04-01 01:12 - 2008-11-27 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-04-01 01:10 - 2008-11-27 20:46 - 00000000 ____D () C:\Windows\system32\RTCOM 2015-04-01 01:10 - 2008-11-27 20:45 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll 2015-04-01 01:06 - 2008-11-27 20:49 - 00000000 ____D () C:\Program Files\Winbond Electronics Corporation 2015-04-01 01:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system 2015-03-31 23:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-03-22 22:57 - 2011-10-26 21:52 - 00000000 ____D () C:\Users\Bossy\Documents\Schriftverkehr Eltern 2015-03-18 23:14 - 2009-03-17 17:25 - 00000000 ____D () C:\Users\Bossy\Documents\Finanzamt 2015-03-13 19:58 - 2014-11-15 03:09 - 00000000 ____D () C:\Users\Bossy\AppData\Local\.elfohilfe 2015-03-13 19:41 - 2012-02-10 18:06 - 00000000 ____D () C:\ProgramData\elsterformular 2015-03-12 19:25 - 2013-08-16 17:35 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 19:16 - 2006-11-02 12:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe ==================== Files in the root of some directories ======= 2015-03-31 20:36 - 2015-04-02 21:04 - 0000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin 2009-05-03 16:32 - 2015-04-01 18:19 - 0000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat 2009-01-30 18:27 - 2015-04-01 22:43 - 0204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-02 20:35 - 2014-01-02 20:37 - 0146741 _____ () C:\Users\Bossy\AppData\Local\edsinstaller.txt-20140102.log 2015-03-31 23:51 - 2015-04-01 00:06 - 0004728 _____ () C:\Users\Bossy\AppData\Local\Temp-log.txt 2008-12-20 14:53 - 2008-12-20 14:58 - 0006048 _____ () C:\ProgramData\ArcadeDeluxe2.log 2015-04-01 22:34 - 2015-04-10 18:00 - 0027839 _____ () C:\ProgramData\nvModes.001 2015-04-01 20:24 - 2015-04-01 20:24 - 0027839 _____ () C:\ProgramData\nvModes.dat 2013-12-31 01:25 - 2013-12-31 01:26 - 0000090 _____ () C:\ProgramData\PS.log Files to move or delete: ==================== C:\Users\Bossy\Dropbox 1.1.35.exe C:\Users\Bossy\wlsetup-web.exe Some content of TEMP: ==================== C:\Users\Bossy\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbovybb.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-10 18:07 ==================== End Of Log ============================ --- --- --- |
|
11.04.2015, 07:25
| #17 |
| /// the machine /// TB-Ausbilder    | Search Protect in Taskleiste Diesmal die Fixlist bitte in UNICODE speichern.
__________________Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
|
11.04.2015, 11:59
| #18 |
| | Search Protect in TaskleisteCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Bossy at 2015-04-11 12:57:58 Run:2
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Loaded Profiles: Bossy & (Available profiles: Bossy)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found
*****************
"~1穂娺篦ࠀ毸(" => Value Data not found.
==== End of Fixlog 12:57:58 ====
|
|
11.04.2015, 18:23
| #19 |
| /// the machine /// TB-Ausbilder | Search Protect in Taskleiste Frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.04.2015, 16:34
| #20 |
| | Search Protect in Taskleiste FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015 Ran by Bossy (administrator) on BOSSY-PC on 12-04-2015 17:32:00 Running from C:\Users\Bossy\Desktop\Neuer Ordner (2) Loaded Profiles: Bossy & (Available profiles: Bossy) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\ACER\Mobility Center\MobilityService.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Dropbox, Inc.) C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Neuer Ordner\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-30] FF Extension: No Name - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-12-01] FF Extension: Movie2kDownloader - C:\Users\Bossy\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13] FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009-12-05] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-27] FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-01] FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: No Name - C:\Program Files\AmiExt\flashEnhancer\ff [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed] R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation) R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [36864 2009-03-06] (Apple, Inc.) [File not signed] R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation) S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402432 2006-01-19] (ZyDAS Technology Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\Bossy\AppData\Local\Temp\catchme.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 RTSTOR; system32\drivers\RTSTOR.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-09 17:49 - 2015-04-09 17:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bossy\Downloads\revosetup95.exe 2015-04-08 22:50 - 2015-04-12 17:32 - 00000000 ____D () C:\Users\Bossy\Desktop\Neuer Ordner (2) 2015-04-08 20:14 - 2015-04-08 20:14 - 00000182 _____ () C:\Windows\wininit.ini 2015-04-06 16:44 - 2015-04-06 16:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BOSSY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat 2015-04-06 16:44 - 2015-04-06 16:44 - 00000000 ____D () C:\RegBackup 2015-04-06 16:16 - 2015-04-08 20:07 - 00000000 ____D () C:\AdwCleaner 2015-04-06 15:41 - 2015-04-11 15:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-04-06 15:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-06 15:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-06 15:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-05 22:43 - 2015-04-05 22:43 - 00015328 _____ () C:\ComboFix.txt 2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\Qoobox 2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\ComboFix 2015-04-05 22:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-05 22:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-05 22:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-05 22:27 - 2015-04-05 22:42 - 00000000 ____D () C:\Windows\erdnt 2015-04-01 23:40 - 2015-04-01 23:40 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ___RD () C:\Program Files\Skype 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Users\Bossy\AppData\Local\Skype 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-04-01 22:40 - 2015-04-10 18:00 - 00016072 _____ () C:\Windows\PFRO.log 2015-04-01 22:34 - 2015-04-10 18:00 - 00027839 _____ () C:\ProgramData\nvModes.001 2015-04-01 22:28 - 2015-04-12 17:32 - 00000000 ____D () C:\FRST 2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Downloads\FRST.exe 2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setupact.log 2015-04-01 20:24 - 2015-04-01 20:24 - 00027839 _____ () C:\ProgramData\nvModes.dat 2015-04-01 00:00 - 2015-04-09 17:22 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-31 20:36 - 2015-04-02 21:04 - 00000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin 2015-03-13 19:43 - 2015-03-13 19:43 - 00000986 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2015-03-13 19:43 - 2015-03-13 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2015-03-13 19:41 - 2015-03-13 19:41 - 00000000 ____D () C:\Program Files\ElsterFormular 2015-03-13 19:13 - 2015-03-13 19:18 - 00000000 ____D () C:\Users\Bossy\AppData\Local\elfopatch 2015-03-13 19:09 - 2015-03-13 19:15 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k (1).exe 2015-03-13 19:00 - 2015-03-13 19:05 - 214212416 _____ (Landesfinanzdirektion Thüringen) C:\Users\Bossy\Downloads\ElsterFormular-16.1.20150309k.exe 2015-03-13 16:33 - 2015-02-26 04:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-13 16:33 - 2015-02-26 04:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-13 16:33 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-13 16:33 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 17:31 - 2008-12-20 14:31 - 01781563 _____ () C:\Windows\WindowsUpdate.log 2015-04-12 17:30 - 2010-11-11 23:46 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Skype 2015-04-11 15:02 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-11 15:02 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-10 18:21 - 2008-11-27 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-10 18:08 - 2008-01-21 09:16 - 01574846 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-10 18:04 - 2011-07-11 21:10 - 00000000 ___RD () C:\Users\Bossy\Dropbox 2015-04-10 18:04 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Dropbox 2015-04-10 18:01 - 2008-11-27 21:26 - 00000147 _____ () C:\Windows\system32\agent.log 2015-04-10 18:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-10 17:59 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-08 20:14 - 2011-07-11 21:10 - 00000923 _____ () C:\Users\Bossy\Desktop\Dropbox.lnk 2015-04-08 20:14 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-06 16:20 - 2009-01-29 23:22 - 00000000 ____D () C:\Users\Bossy 2015-04-06 16:18 - 2009-12-05 02:05 - 00000000 ____D () C:\ProgramData\ICQ 2015-04-06 16:07 - 2009-03-17 16:51 - 00086480 _____ () C:\Users\Bossy\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-06 16:05 - 2006-11-02 14:47 - 00347504 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2015-04-05 22:40 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2015-04-02 21:17 - 2008-12-20 14:44 - 00000000 ____D () C:\Program Files\Google 2015-04-02 00:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-01 23:40 - 2009-03-22 23:33 - 00000000 ____D () C:\ProgramData\Skype 2015-04-01 23:04 - 2009-01-29 23:25 - 00001797 _____ () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-01 22:43 - 2009-01-30 18:27 - 00204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-01 20:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2015-04-01 20:13 - 2013-08-16 23:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-04-01 20:13 - 2009-09-05 19:25 - 00000000 ____D () C:\Windows\Minidump 2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool 2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration 2015-04-01 20:13 - 2006-11-02 12:22 - 52428800 _____ () C:\Windows\system32\config\software_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\components_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 31981568 _____ () C:\Windows\system32\config\system_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2015-04-01 18:19 - 2009-05-03 16:32 - 00000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat 2015-04-01 01:27 - 2008-12-20 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-01 01:12 - 2008-11-27 21:50 - 00000000 ____D () C:\Program Files\Cyberlink 2015-04-01 01:12 - 2008-11-27 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-04-01 01:10 - 2008-11-27 20:46 - 00000000 ____D () C:\Windows\system32\RTCOM 2015-04-01 01:10 - 2008-11-27 20:45 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll 2015-04-01 01:06 - 2008-11-27 20:49 - 00000000 ____D () C:\Program Files\Winbond Electronics Corporation 2015-04-01 01:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system 2015-03-31 23:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-03-22 22:57 - 2011-10-26 21:52 - 00000000 ____D () C:\Users\Bossy\Documents\Schriftverkehr Eltern 2015-03-18 23:14 - 2009-03-17 17:25 - 00000000 ____D () C:\Users\Bossy\Documents\Finanzamt 2015-03-13 19:58 - 2014-11-15 03:09 - 00000000 ____D () C:\Users\Bossy\AppData\Local\.elfohilfe 2015-03-13 19:41 - 2012-02-10 18:06 - 00000000 ____D () C:\ProgramData\elsterformular ==================== Files in the root of some directories ======= 2015-03-31 20:36 - 2015-04-02 21:04 - 0000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin 2009-05-03 16:32 - 2015-04-01 18:19 - 0000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat 2009-01-30 18:27 - 2015-04-01 22:43 - 0204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-02 20:35 - 2014-01-02 20:37 - 0146741 _____ () C:\Users\Bossy\AppData\Local\edsinstaller.txt-20140102.log 2015-03-31 23:51 - 2015-04-01 00:06 - 0004728 _____ () C:\Users\Bossy\AppData\Local\Temp-log.txt 2008-12-20 14:53 - 2008-12-20 14:58 - 0006048 _____ () C:\ProgramData\ArcadeDeluxe2.log 2015-04-01 22:34 - 2015-04-10 18:00 - 0027839 _____ () C:\ProgramData\nvModes.001 2015-04-01 20:24 - 2015-04-01 20:24 - 0027839 _____ () C:\ProgramData\nvModes.dat 2013-12-31 01:25 - 2013-12-31 01:26 - 0000090 _____ () C:\ProgramData\PS.log Files to move or delete: ==================== C:\Users\Bossy\Dropbox 1.1.35.exe C:\Users\Bossy\wlsetup-web.exe Some content of TEMP: ==================== C:\Users\Bossy\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbovybb.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-10 18:12 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2015
Ran by Bossy at 2015-04-12 17:32:39
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0701 - Acer Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
Free Studio version 6.4.0.1122 (HKLM\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.52 - Conexant Systems)
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote 2003 (HKLM\...\{90A10407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (HKLM\...\{903B0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.7 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\Bossy\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\Bossy\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
01-04-2015 22:29:35 Revo Uninstaller's restore point - Allin1Convert Internet Explorer Toolbar
01-04-2015 22:35:39 Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 22:36:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 23:23:32 Windows Update
02-04-2015 21:15:23 Revo Uninstaller's restore point - Google Chrome
05-04-2015 22:28:19 ComboFix created restore point
05-04-2015 22:28:23 Windows Update
08-04-2015 22:15:19 Revo Uninstaller's restore point - ESET Online Scanner v3
09-04-2015 17:46:16 Revo Uninstaller's restore point - Revo Uninstaller 1.95
10-04-2015 18:16:08 Windows Update
11-04-2015 13:38:00 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2015-04-05 22:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0CFAE5A8-5E69-48C3-896D-01FE08F920FB} - System32\Tasks\RunTool => C:\Users\Bossy\AppData\Local\1e8098b0-759c-45bd-bba9-33ce9038164b\sysad.exe [2015-02-25] ()
Task: {3B03607A-1E5B-4987-B496-3CE38BE335A7} - System32\Tasks\{4F8ABF1E-C3A6-4815-B289-2488494D7739} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.152.259/de/abandoninstall?source=lightinstaller&page=tsOptions&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {418261C4-9CC2-4378-8EA3-1E1304265AAA} - System32\Tasks\Microsoft\Windows\RestartManager\{3E700159-D7B9-4c03-A8D4-B3DC07D3EE5F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {EA4A2A10-7261-4800-A6DC-C077AD69C038} - System32\Tasks\{B21CF838-32DF-4D72-BCDB-9455AFD8AF86} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123.259/de/abandoninstall?source=lightinstaller&page=tsBing
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) ==============
2008-10-16 17:57 - 2008-10-16 17:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-03-17 16:45 - 2001-10-28 17:42 - 00116224 ____N () C:\Windows\System32\pdfcmnnt.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-11-27 20:54 - 2008-08-19 15:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-11-27 20:54 - 2008-11-27 20:54 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-11-27 21:56 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-11-27 21:56 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2009-03-23 19:50 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2015-04-10 18:04 - 2015-04-10 18:04 - 00043008 _____ () c:\users\bossy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbovybb.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2009-08-05 11:45 - 2009-08-05 11:45 - 00106312 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:58DD92AC
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\wolken_12.jpg
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\wolken_12.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Schnellstart.lnk => C:\Windows\pss\Microsoft Office OneNote 2003 Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bossy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-1970263591-3964681878-2414383680-500 - Administrator - Disabled)
Bossy (S-1-5-21-1970263591-3964681878-2414383680-1000 - Administrator - Enabled) => C:\Users\Bossy
Gast (S-1-5-21-1970263591-3964681878-2414383680-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (04/11/2015 00:41:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000stisvc
Error: (04/10/2015 05:58:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.195.2385.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.7.0205.00
Quellpfad: 4.7.0205.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (04/08/2015 08:07:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll
Error: (04/08/2015 08:07:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll
Error: (04/08/2015 08:07:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll
Error: (04/08/2015 08:07:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Softwarelizenzierung11200001Neustart des Diensts
Error: (04/08/2015 08:07:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts
Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel(R) Matrix Storage Event Monitor1
Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts
Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-04-12 17:32:32.661
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-12 17:32:32.179
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-12 17:32:31.707
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-12 17:32:31.279
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-12 17:30:55.085
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-12 17:30:54.351
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-12 17:30:53.771
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-12 17:30:53.069
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-12 17:30:52.191
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-11 13:39:20.387
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 3066.12 MB
Available physical RAM: 1362.24 MB
Total Pagefile: 6336.63 MB
Available Pagefile: 4338.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.88 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:72.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:54.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 50A5B170)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)
==================== End Of Log ============================
|
|
13.04.2015, 08:27
| #21 |
| /// the machine /// TB-Ausbilder | Search Protect in Taskleiste Der Eintrag ist noch da. Macht der Rechner noch Probleme?
__________________ --> Search Protect in Taskleiste |
|
13.04.2015, 17:12
| #22 |
| | Search Protect in Taskleiste Welchen Eintrag meinst Du? Firefox? Ich hab da noch ´ne Datei entdeckt, gelöscht und frisches FRST log gemacht FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015 Ran by Bossy (administrator) on BOSSY-PC on 13-04-2015 18:08:10 Running from C:\Users\Bossy\Desktop\Neuer Ordner (2) Loaded Profiles: Bossy (Available profiles: Bossy) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\ACER\Mobility Center\MobilityService.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Dropbox, Inc.) C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\conime.exe () D:\omegavesko-SimpleADBBackup-0790701\adb.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) AppInit_DLLs: ~1穂娺篦ࠀ毸( => ~1穂娺篦ࠀ毸( File Not Found Startup: C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = SearchScopes: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = Toolbar: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Neuer Ordner\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1970263591-3964681878-2414383680-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-30] FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009-12-05] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-27] FF HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-01] FF Extension: No Name - C:\Program Files\AmiExt\flashEnhancer\ff [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed] R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation) R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [90536 2008-05-27] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-05-27] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [122152 2008-05-27] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [115496 2008-05-27] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [25768 2008-05-27] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [111912 2008-05-27] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [117672 2008-05-27] (MCCI Corporation) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [36864 2009-03-06] (Apple, Inc.) [File not signed] R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation) S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402432 2006-01-19] (ZyDAS Technology Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\Bossy\AppData\Local\Temp\catchme.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 RTSTOR; system32\drivers\RTSTOR.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 20:47 - 2015-04-12 20:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2015-04-12 20:46 - 2015-04-12 20:46 - 00000000 ____D () C:\Windows\LastGood 2015-04-12 20:36 - 2013-02-10 02:18 - 00000000 ____D () C:\Users\Bossy\Desktop\omegavesko-SimpleADBBackup-0790701 2015-04-12 20:11 - 2015-04-12 20:12 - 33402372 _____ () C:\Users\Bossy\Downloads\omegavesko-SimpleADBBackup-0790701.zip 2015-04-09 17:49 - 2015-04-09 17:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bossy\Downloads\revosetup95.exe 2015-04-08 22:50 - 2015-04-13 18:08 - 00000000 ____D () C:\Users\Bossy\Desktop\Neuer Ordner (2) 2015-04-08 20:14 - 2015-04-08 20:14 - 00000182 _____ () C:\Windows\wininit.ini 2015-04-06 16:44 - 2015-04-06 16:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BOSSY-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat 2015-04-06 16:44 - 2015-04-06 16:44 - 00000000 ____D () C:\RegBackup 2015-04-06 16:16 - 2015-04-08 20:07 - 00000000 ____D () C:\AdwCleaner 2015-04-06 15:41 - 2015-04-12 21:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-06 15:40 - 2015-04-06 15:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-04-06 15:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-06 15:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-06 15:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-05 22:43 - 2015-04-05 22:43 - 00015328 _____ () C:\ComboFix.txt 2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\Qoobox 2015-04-05 22:28 - 2015-04-05 22:43 - 00000000 ____D () C:\ComboFix 2015-04-05 22:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-05 22:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-05 22:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-05 22:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-05 22:27 - 2015-04-05 22:42 - 00000000 ____D () C:\Windows\erdnt 2015-04-01 23:40 - 2015-04-01 23:40 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ___RD () C:\Program Files\Skype 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Users\Bossy\AppData\Local\Skype 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-04-01 23:40 - 2015-04-01 23:40 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-04-01 22:40 - 2015-04-10 18:00 - 00016072 _____ () C:\Windows\PFRO.log 2015-04-01 22:34 - 2015-04-10 18:00 - 00027839 _____ () C:\ProgramData\nvModes.001 2015-04-01 22:28 - 2015-04-13 18:08 - 00000000 ____D () C:\FRST 2015-04-01 22:28 - 2015-04-01 22:28 - 01135104 _____ (Farbar) C:\Users\Bossy\Downloads\FRST.exe 2015-04-01 21:11 - 2015-04-12 20:47 - 00000928 _____ () C:\Windows\setupact.log 2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-01 20:24 - 2015-04-01 20:24 - 00027839 _____ () C:\ProgramData\nvModes.dat 2015-04-01 00:00 - 2015-04-09 17:22 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-31 20:36 - 2015-04-02 21:04 - 00000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 17:48 - 2008-12-20 14:31 - 01851529 _____ () C:\Windows\WindowsUpdate.log 2015-04-13 17:28 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-13 17:28 - 2006-11-02 14:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-12 20:46 - 2009-01-29 23:22 - 00000000 ____D () C:\Users\Bossy 2015-04-12 20:22 - 2012-02-11 16:24 - 00000000 ____D () C:\Neuer Ordner 2015-04-12 17:30 - 2010-11-11 23:46 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Skype 2015-04-10 18:21 - 2008-11-27 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-10 18:08 - 2008-01-21 09:16 - 01574846 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-10 18:04 - 2011-07-11 21:10 - 00000000 ___RD () C:\Users\Bossy\Dropbox 2015-04-10 18:04 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Dropbox 2015-04-10 18:01 - 2008-11-27 21:26 - 00000147 _____ () C:\Windows\system32\agent.log 2015-04-10 18:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-10 17:59 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-08 20:14 - 2011-07-11 21:10 - 00000923 _____ () C:\Users\Bossy\Desktop\Dropbox.lnk 2015-04-08 20:14 - 2011-07-11 21:05 - 00000000 ____D () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-06 16:18 - 2009-12-05 02:05 - 00000000 ____D () C:\ProgramData\ICQ 2015-04-06 16:07 - 2009-03-17 16:51 - 00086480 _____ () C:\Users\Bossy\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-06 16:05 - 2006-11-02 14:47 - 00347504 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2015-04-05 22:43 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2015-04-05 22:40 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2015-04-02 21:17 - 2008-12-20 14:44 - 00000000 ____D () C:\Program Files\Google 2015-04-02 00:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-01 23:40 - 2009-03-22 23:33 - 00000000 ____D () C:\ProgramData\Skype 2015-04-01 23:04 - 2009-01-29 23:25 - 00001797 _____ () C:\Users\Bossy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-01 22:43 - 2009-01-30 18:27 - 00204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-01 20:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2015-04-01 20:13 - 2013-08-16 23:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-04-01 20:13 - 2009-09-05 19:25 - 00000000 ____D () C:\Windows\Minidump 2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool 2015-04-01 20:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration 2015-04-01 20:13 - 2006-11-02 12:22 - 52428800 _____ () C:\Windows\system32\config\software_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\components_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 31981568 _____ () C:\Windows\system32\config\system_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2015-04-01 20:13 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2015-04-01 18:19 - 2009-05-03 16:32 - 00000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat 2015-04-01 01:27 - 2008-12-20 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-01 01:12 - 2008-11-27 21:50 - 00000000 ____D () C:\Program Files\Cyberlink 2015-04-01 01:12 - 2008-11-27 20:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-04-01 01:10 - 2008-11-27 20:46 - 00000000 ____D () C:\Windows\system32\RTCOM 2015-04-01 01:10 - 2008-11-27 20:45 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll 2015-04-01 01:06 - 2008-11-27 20:49 - 00000000 ____D () C:\Program Files\Winbond Electronics Corporation 2015-04-01 01:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system 2015-03-31 23:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-03-22 22:57 - 2011-10-26 21:52 - 00000000 ____D () C:\Users\Bossy\Documents\Schriftverkehr Eltern 2015-03-18 23:14 - 2009-03-17 17:25 - 00000000 ____D () C:\Users\Bossy\Documents\Finanzamt ==================== Files in the root of some directories ======= 2015-03-31 20:36 - 2015-04-02 21:04 - 0000020 _____ () C:\Users\Bossy\AppData\Roaming\appdataFr3.bin 2009-05-03 16:32 - 2015-04-01 18:19 - 0000680 _____ () C:\Users\Bossy\AppData\Local\d3d9caps.dat 2009-01-30 18:27 - 2015-04-01 22:43 - 0204800 _____ () C:\Users\Bossy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-02 20:35 - 2014-01-02 20:37 - 0146741 _____ () C:\Users\Bossy\AppData\Local\edsinstaller.txt-20140102.log 2015-03-31 23:51 - 2015-04-01 00:06 - 0004728 _____ () C:\Users\Bossy\AppData\Local\Temp-log.txt 2008-12-20 14:53 - 2008-12-20 14:58 - 0006048 _____ () C:\ProgramData\ArcadeDeluxe2.log 2015-04-01 22:34 - 2015-04-10 18:00 - 0027839 _____ () C:\ProgramData\nvModes.001 2015-04-01 20:24 - 2015-04-01 20:24 - 0027839 _____ () C:\ProgramData\nvModes.dat 2013-12-31 01:25 - 2013-12-31 01:26 - 0000090 _____ () C:\ProgramData\PS.log Files to move or delete: ==================== C:\Users\Bossy\Dropbox 1.1.35.exe C:\Users\Bossy\wlsetup-web.exe Some content of TEMP: ==================== C:\Users\Bossy\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbovybb.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-10 18:12 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2015
Ran by Bossy at 2015-04-13 18:08:48
Running from C:\Users\Bossy\Desktop\Neuer Ordner (2)
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.0701 - Acer Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
Free Studio version 6.4.0.1122 (HKLM\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.52 - Conexant Systems)
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote 2003 (HKLM\...\{90A10407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (HKLM\...\{903B0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.7 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\Bossy\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1970263591-3964681878-2414383680-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bossy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
01-04-2015 22:29:35 Revo Uninstaller's restore point - Allin1Convert Internet Explorer Toolbar
01-04-2015 22:35:39 Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 22:36:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-04-2015 23:23:32 Windows Update
02-04-2015 21:15:23 Revo Uninstaller's restore point - Google Chrome
05-04-2015 22:28:19 ComboFix created restore point
05-04-2015 22:28:23 Windows Update
08-04-2015 22:15:19 Revo Uninstaller's restore point - ESET Online Scanner v3
09-04-2015 17:46:16 Revo Uninstaller's restore point - Revo Uninstaller 1.95
10-04-2015 18:16:08 Windows Update
11-04-2015 13:38:00 Geplanter Prüfpunkt
12-04-2015 20:46:36 Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co., Ltd.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2015-04-05 22:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0CFAE5A8-5E69-48C3-896D-01FE08F920FB} - System32\Tasks\RunTool => C:\Users\Bossy\AppData\Local\1e8098b0-759c-45bd-bba9-33ce9038164b\sysad.exe [2015-02-25] ()
Task: {3B03607A-1E5B-4987-B496-3CE38BE335A7} - System32\Tasks\{4F8ABF1E-C3A6-4815-B289-2488494D7739} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.152.259/de/abandoninstall?source=lightinstaller&page=tsOptions&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {418261C4-9CC2-4378-8EA3-1E1304265AAA} - System32\Tasks\Microsoft\Windows\RestartManager\{3E700159-D7B9-4c03-A8D4-B3DC07D3EE5F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {EA4A2A10-7261-4800-A6DC-C077AD69C038} - System32\Tasks\{B21CF838-32DF-4D72-BCDB-9455AFD8AF86} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123.259/de/abandoninstall?source=lightinstaller&page=tsBing
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) ==============
2008-10-16 17:57 - 2008-10-16 17:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-03-17 16:45 - 2001-10-28 17:42 - 00116224 ____N () C:\Windows\System32\pdfcmnnt.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-11-27 20:54 - 2008-08-19 15:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-11-27 20:54 - 2008-11-27 20:54 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-11-27 20:54 - 2008-11-27 20:54 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-11-27 21:56 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-11-27 21:56 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2009-03-23 19:50 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2015-04-10 18:04 - 2015-04-10 18:04 - 00043008 _____ () c:\users\bossy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbovybb.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Bossy\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-12 20:27 - 2013-02-10 02:18 - 00815104 ____N () D:\omegavesko-SimpleADBBackup-0790701\adb.exe
2009-08-05 11:45 - 2009-08-05 11:45 - 00106312 _____ () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:58DD92AC
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1970263591-3964681878-2414383680-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\wolken_12.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Schnellstart.lnk => C:\Windows\pss\Microsoft Office OneNote 2003 Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bossy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-1970263591-3964681878-2414383680-500 - Administrator - Disabled)
Bossy (S-1-5-21-1970263591-3964681878-2414383680-1000 - Administrator - Enabled) => C:\Users\Bossy
Gast (S-1-5-21-1970263591-3964681878-2414383680-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/10/2015 06:04:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BOSSY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (04/11/2015 00:41:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000stisvc
Error: (04/10/2015 05:58:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.195.2385.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.7.0205.00
Quellpfad: 4.7.0205.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (04/08/2015 08:07:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll
Error: (04/08/2015 08:07:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll
Error: (04/08/2015 08:07:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: C:\Windows\System32\IWMSSvc.dll
Error: (04/08/2015 08:07:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Softwarelizenzierung11200001Neustart des Diensts
Error: (04/08/2015 08:07:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts
Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel(R) Matrix Storage Event Monitor1
Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts
Error: (04/08/2015 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-04-13 18:08:43.175
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-13 18:08:42.817
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-13 18:08:42.457
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-13 18:08:42.099
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-13 18:08:41.523
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-13 18:08:41.161
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-13 18:08:40.801
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-13 18:08:40.441
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-13 18:08:21.619
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-13 18:08:21.213
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 48%
Total physical RAM: 3066.12 MB
Available physical RAM: 1579.27 MB
Total Pagefile: 6336.63 MB
Available Pagefile: 4280.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.69 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:71.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:50.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 50A5B170)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)
==================== End Of Log ============================
 Ich hab halt nur plötzlich gesehen, dass ich dieses Zeichen in der Taskleiste hatte  |
|
14.04.2015, 07:03
| #23 |
| /// the machine /// TB-Ausbilder | Search Protect in Taskleiste Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.04.2015, 22:11
| #24 |
| | Search Protect in Taskleiste Defogger hab ich gar nichts gefunden. Combofix hatte ich nur eine Datei, die ich gelöscht hab. Als ich Windows+R ausführen wollte, meinte er, dass combofix nicht gefunden werden konnte. Code:
ATTFilter # DelFix v10.9 - Datei am 16/04/2015 um 22:57:12 erstellt
# Aktualisiert am 27/02/2015 von Xplode
# Benutzer : Bossy - BOSSY-PC
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\Qoobox
Gelöscht : C:\Combofix
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\Bossy\Downloads\FRST.exe
Gelöscht : C:\Windows\grep.exe
Gelöscht : C:\Windows\PEV.exe
Gelöscht : C:\Windows\NIRCMD.exe
Gelöscht : C:\Windows\MBR.exe
Gelöscht : C:\Windows\SED.exe
Gelöscht : C:\Windows\SWREG.exe
Gelöscht : C:\Windows\SWSC.exe
Gelöscht : C:\Windows\SWXCACLS.exe
Gelöscht : C:\Windows\Zip.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #1196 [Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 | 04/01/2015 20:35:39]
Gelöscht : RP #1197 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 | 04/01/2015 20:36:08]
Gelöscht : RP #1198 [Windows Update | 04/01/2015 21:23:32]
Gelöscht : RP #1200 [Revo Uninstaller's restore point - Google Chrome | 04/02/2015 19:15:23]
Gelöscht : RP #1201 [ComboFix created restore point | 04/05/2015 20:28:19]
Gelöscht : RP #1202 [Windows Update | 04/05/2015 20:28:23]
Gelöscht : RP #1204 [Revo Uninstaller's restore point - ESET Online Scanner v3 | 04/08/2015 20:15:19]
Gelöscht : RP #1206 [Revo Uninstaller's restore point - Revo Uninstaller 1.95 | 04/09/2015 15:46:16]
Gelöscht : RP #1207 [Windows Update | 04/10/2015 16:16:08]
Gelöscht : RP #1208 [Geplanter Prüfpunkt | 04/11/2015 11:38:00]
Gelöscht : RP #1209 [Gerätetreiber-Paketinstallation: SAMSUNG Electronics Co., Ltd. | 04/12/2015 18:46:36]
Gelöscht : RP #1210 [Installed PDF Architect 3 View Module | 04/13/2015 17:23:18]
Gelöscht : RP #1211 [Installed PDF Architect 3 Edit Module | 04/13/2015 17:24:32]
Gelöscht : RP #1212 [Installed PDF Architect 3 Create Module | 04/13/2015 17:25:24]
Gelöscht : RP #1214 [Revo Uninstaller's restore point - PDF Architect 3 | 04/13/2015 17:55:54]
Gelöscht : RP #1215 [Windows Update | 04/13/2015 19:32:26]
Gelöscht : RP #1216 [Windows Update | 04/13/2015 19:44:35]
Gelöscht : RP #1217 [Windows Update | 04/15/2015 20:03:17]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
|
|
17.04.2015, 19:27
| #25 |
| /// the machine /// TB-Ausbilder | Search Protect in Taskleiste passt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Search Protect in Taskleiste |
| andere, anderen, arten, beitrag, entfern, protect, runterladen, search, search protect, starte, starten, taskleiste, thema |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
