|
Plagegeister aller Art und deren Bekämpfung: Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestelltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.02.2015, 21:50 | #16 |
Ruhe in Frieden † 2019 | Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo, ahh da ist der Spyeyes-Ordner ja, in der Quarantäne von Malwarebytes. Wenn du möchtest, kannst du das löschen und auch grad die Funde in die Quarantäne von Malwarebytes packen, die grad gefunden wurden. Normalerweise ist es nicht notwendig die Q zu löschen. Mach bitte noch Schritt 1 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 2 Starte noch einmal FRST.
Danke |
14.02.2015, 13:22 | #17 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo,
__________________Der Scan mit dem Onlinescanner war gar nicht so lang. Es waren nur 2,5 h. mit dem Avira habe ich schonmal länger gebraucht. Warum soll denn der Eset Scanner wieder deinstalliert werden? Hier die logs. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=4d8a85d8778bb74faf992832936587b9 # engine=22467 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-14 08:50:44 # local_time=2015-02-14 09:50:44 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 5272 289327134 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 100 323536 261436572 0 0 # scanned=90 # found=0 # cleaned=0 # scan_time=6 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=4d8a85d8778bb74faf992832936587b9 # engine=22470 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-14 11:28:48 # local_time=2015-02-14 12:28:48 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 11156 289336618 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 100 329420 261446056 0 0 # scanned=324635 # found=16 # cleaned=0 # scan_time=9095 sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=297834C3BA7DDC4ED4662C56468655B25C7B0D62 ft=1 fh=c7091104e653332e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\tbDVDV.dll.vir" sh=4ED76C954DDB27646329A328EC9717880E591F42 ft=1 fh=1a33d2799f24b549 vn="MSIL/Toolbar.Linkury.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Packer\Files\Agent\Agent.exe.vir" sh=D349CC1257168ACE0799B9A12C9B943C4B022A58 ft=1 fh=1861052aec8c26f5 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Packer\Files\Kraus\Kraus.exe.vir" sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=94CCAAC63F0B9227B0667107919C7B8C3D9BD04F ft=1 fh=a62edfdd11e6c6ab vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andreas\AppData\Roaming\OpenCandy\0AA789168E85463DBD127D20688E45EE\Installer.exe.vir" sh=B518C4E896C2FA9EFFDE3C34E934A94EAA5F498B ft=1 fh=c71c001113a85518 vn="Win32/Toolbar.Linkury.K evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe.xBAD" sh=92C875B925AAFB85FEA5B8DBC68106D3F2244063 ft=1 fh=f1555bffbb16c47f vn="Variante von Win32/TrojanDropper.Agent.PQT Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\Andreas\AppData\Local\Temp\Shuka\Shuka\32.exe" sh=34798C4FB993F98A6D0B099234112EFF8F236A37 ft=1 fh=dcbb4656ee256fa4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Andreas\AppData\Local\Temp\Shuka\Shuka\UACGetter.exe" sh=CB1B7390AE8136911CF56981BB292DCA6529E414 ft=1 fh=0776d09e6337c47a vn="Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Andreas\AppData\Local\Temp\Shuka\Shuka\uninstall.exe" sh=492EB7C103E9B4AA46FE06DD5AA6FE478BC0D97E ft=1 fh=2fd36c62b93fd8b1 vn="Win32/SweetIM.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\AppData\Local\Temp\908209415\wssetup.exe" sh=67EC07E0F34F86396F3364EA40709185BA49A74B ft=1 fh=73b55ea706fa42a9 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\Downloads\FreeYouTubeToMP3Converter(1).exe" sh=848BB4BF9A9A2743DC086BFB0CB9F0A11F0FDA06 ft=1 fh=8d13beaf1272030d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Musik\Converter\FreeYouTubeToMp3Converter.exe" sh=07C3A8DE40271B9ECD674AF867A2C7F61D40DFBA ft=1 fh=8a8ff7b630139cd7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Musik\Converter\FreeYouTubeToMp3Converter35.exe" sh=848BB4BF9A9A2743DC086BFB0CB9F0A11F0FDA06 ft=1 fh=8d13beaf1272030d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Sicherheitskopie vom Laptop\Musik\Converter\FreeYouTubeToMp3Converter.exe" sh=07C3A8DE40271B9ECD674AF867A2C7F61D40DFBA ft=1 fh=8a8ff7b630139cd7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Sicherheitskopie vom Laptop\Musik\Converter\FreeYouTubeToMp3Converter35.exe" FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015 Ran by Andreas (administrator) on ANDREAS-PC on 14-02-2015 13:03:09 Running from C:\Users\Andreas\Desktop Loaded Profiles: Andreas (Available profiles: Andreas) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\Acer\ALaunch\ALaunchSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe (HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Acer\Mobility Center\MobilityService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Realtek Semiconductor Corp.) C:\Users\Andreas\AppData\Local\Temp\RtkBtMnt.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\System32\FirewallControlPanel.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [ALaunch] => C:\Acer\ALaunch\AlaunchClient.exe HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4468736 2007-05-18] (Realtek Semiconductor) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST) HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-03-08] (Adobe Systems Incorporated) HKLM\...\Run: [Acer Tour] => [X] HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [752136 2007-06-27] (Dritek System Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.) HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.) HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.) HKLM\...\Run: [SetPanel] => C:\Acer\APanel\APanel.cmd HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-18] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371712 2009-07-15] (shbox.de) HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [Acer Tour Reminder] => [X] HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-06-23] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.) Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll (HiTRUST) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default FF NewTab: about:blank FF DefaultSearchUrl: FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @protectdisc.com/NPPDLicenseHelper -> C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Avira Browser Safety - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\abs@avira.com [2015-02-05] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-28] Chrome: ======= CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-29] CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05] CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-29] CHR Extension: (Google-Suche) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-29] CHR Extension: (Avira Browserschutz) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-29] CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29] CHR Extension: (Google Mail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-29] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-01-08] (DATA BECKER GmbH & Co KG) [File not signed] R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT) R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed] R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) [File not signed] R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) [File not signed] R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) [File not signed] S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-29] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-29] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG) R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [767664 2007-05-28] (Bison Electronics. Inc. ) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-28] (NewTech Infosystems, Inc.) [File not signed] R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-14 09:44 - 2015-02-14 09:44 - 00000000 ____D () C:\Program Files\ESET 2015-02-14 09:40 - 2015-02-14 09:41 - 02347384 _____ (ESET) C:\Users\Andreas\Desktop\esetsmartinstaller_deu.exe 2015-02-08 13:29 - 2015-02-08 13:29 - 00000466 _____ () C:\Users\Andreas\Desktop\mbam0802.txt 2015-02-07 16:34 - 2015-02-07 16:34 - 00000466 _____ () C:\Users\Andreas\Desktop\mbam07.02.txt 2015-02-06 19:15 - 2015-02-06 19:15 - 00004207 _____ () C:\Users\Andreas\Desktop\mbam.txt 2015-02-06 18:18 - 2015-02-14 10:41 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-06 18:18 - 2015-02-06 18:21 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-06 18:18 - 2015-02-06 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-06 18:18 - 2015-02-06 18:21 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-02-06 18:18 - 2015-02-06 18:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-06 18:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-06 18:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-06 18:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-06 18:15 - 2015-02-06 18:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-06 18:08 - 2015-02-06 18:08 - 00020449 _____ () C:\Users\Andreas\Desktop\AdwCleaner[S0].txt 2015-02-06 17:51 - 2015-02-06 17:59 - 00000000 ____D () C:\AdwCleaner 2015-02-06 17:51 - 2015-02-06 17:51 - 02112512 _____ () C:\Users\Andreas\Downloads\AdwCleaner_4.110.exe 2015-02-06 17:39 - 2015-02-06 17:39 - 00001061 _____ () C:\Users\Andreas\Desktop\Revo Uninstaller.lnk 2015-02-06 17:39 - 2015-02-06 17:39 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-02-06 17:38 - 2015-02-06 17:38 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andreas\Downloads\revosetup95.exe 2015-02-06 17:14 - 2015-02-14 13:02 - 00000000 ____D () C:\Users\Andreas\Desktop\FRST-OlderVersion 2015-02-05 19:24 - 2015-02-06 17:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-31 17:19 - 2015-02-06 19:20 - 00054370 _____ () C:\Users\Andreas\Desktop\Addition.txt 2015-01-31 17:17 - 2015-02-14 13:03 - 00019175 _____ () C:\Users\Andreas\Desktop\FRST.txt 2015-01-31 17:14 - 2015-02-14 13:03 - 00000000 ____D () C:\FRST 2015-01-31 17:13 - 2015-02-14 13:02 - 01125888 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe 2015-01-31 16:30 - 2015-01-31 16:30 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe 2015-01-31 16:29 - 2015-01-31 16:30 - 00050477 _____ () C:\Users\Andreas\Downloads\Defogger.exe 2015-01-15 17:52 - 2015-01-15 17:52 - 138300268 _____ () C:\Windows\MEMORY.DMP 2015-01-15 17:52 - 2015-01-15 17:52 - 00138096 _____ () C:\Windows\Minidump\Mini011515-01.dmp 2015-01-15 17:52 - 2015-01-15 17:52 - 00000000 ____D () C:\Windows\Minidump ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-14 13:03 - 2010-04-27 16:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-14 13:02 - 2012-09-26 16:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-14 12:34 - 2007-09-07 21:13 - 01993731 _____ () C:\Windows\WindowsUpdate.log 2015-02-14 12:11 - 2011-01-12 20:59 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-02-14 11:04 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-14 11:04 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-14 09:58 - 2006-11-02 11:33 - 01643124 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-14 09:49 - 2013-09-01 17:59 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-14 09:20 - 2009-05-02 21:20 - 00262133 _____ () C:\ProgramData\nvModes.001 2015-02-14 09:18 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-02-14 09:07 - 2010-04-27 16:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-14 09:04 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-11 18:48 - 2006-11-02 14:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-10 16:47 - 2014-08-20 10:14 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-10 16:47 - 2012-12-23 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-10 16:47 - 2012-12-23 15:13 - 00000000 ____D () C:\Program Files\Avira 2015-02-10 16:30 - 2009-05-02 21:20 - 00262133 _____ () C:\ProgramData\nvModes.dat 2015-02-07 17:08 - 2014-10-29 12:33 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-06 20:02 - 2012-09-13 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-06 20:02 - 2012-09-13 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-06 19:01 - 2007-07-28 11:05 - 00233674 _____ () C:\Windows\PFRO.log 2015-02-06 18:01 - 2013-12-24 12:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-02-06 17:59 - 2013-01-07 13:25 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-02-06 17:30 - 2007-07-28 10:52 - 00000000 ____D () C:\Program Files\Acer Arcade Deluxe 2015-02-06 17:30 - 2007-07-28 09:32 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-31 17:39 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-01-16 02:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\uk-UA 2015-01-15 20:53 - 2008-11-10 10:14 - 00000000 ____D () C:\DVDVideoSoft 2015-01-15 20:53 - 2008-11-10 10:10 - 00000000 ____D () C:\Users\Andreas\Documents\DVDVideoSoft 2015-01-15 18:33 - 2007-10-17 21:05 - 00074240 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Files in the root of some directories ======= 2014-03-04 18:55 - 2014-03-04 18:55 - 49940480 _____ () C:\Program Files\GUTAD6E.tmp 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Galaxy Swirl 2012-11-03 22:54 - 2012-11-03 22:54 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Gems 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Generic 2012-11-03 22:50 - 2012-11-03 22:50 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Hip Hop 2007-10-17 21:49 - 2009-05-02 21:14 - 0027525 _____ () C:\Users\Andreas\AppData\Roaming\nvModes.001 2007-10-17 21:46 - 2008-11-10 18:07 - 0027525 _____ () C:\Users\Andreas\AppData\Roaming\nvModes.dat 2007-10-17 20:22 - 2013-12-20 20:20 - 0004180 _____ () C:\Users\Andreas\AppData\Roaming\wklnhst.dat 2007-10-22 20:35 - 2012-02-22 20:41 - 0000680 _____ () C:\Users\Andreas\AppData\Local\d3d9caps.dat 2007-10-17 21:05 - 2015-01-15 18:33 - 0074240 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2008-08-17 14:00 - 2008-08-17 14:00 - 0000095 _____ () C:\Users\Andreas\AppData\Local\fusioncache.dat 2007-11-06 20:40 - 2007-11-06 20:40 - 0000305 _____ () C:\ProgramData\addr_file.html 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\ProgramData\Grapher 2012-11-03 22:54 - 2012-11-03 22:54 - 0000268 ___RH () C:\ProgramData\Graphics 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\ProgramData\Guides 2012-11-03 22:50 - 2012-11-03 22:50 - 0000268 ___RH () C:\ProgramData\Horns 2009-05-02 21:20 - 2015-02-14 09:20 - 0262133 _____ () C:\ProgramData\nvModes.001 2009-05-02 21:20 - 2015-02-10 16:30 - 0262133 _____ () C:\ProgramData\nvModes.dat 2012-11-03 22:50 - 2012-11-03 22:51 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2012-11-03 22:54 - 2014-11-04 22:36 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2012-11-03 22:52 - 2014-11-16 21:40 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2012-11-03 22:52 - 2012-11-03 23:23 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\Andreas\AppData\Local\Temp\avgnt.exe C:\Users\Andreas\AppData\Local\Temp\PicasaUpdater_3904.exe C:\Users\Andreas\AppData\Local\Temp\PicasaUpdater_6e78.exe C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe C:\Users\Andreas\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll C:\Users\Andreas\AppData\Local\Temp\vlc-2.1.2-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-14 09:44 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-02-2015 Ran by Andreas at 2015-02-14 13:04:36 Running from C:\Users\Andreas\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3D-Garten 8.0 (HKLM\...\{554A4E80-0002-2006-0407-11FF59A27A18}) (Version: 8.0 - DiComp) Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.12.4213 - CyberLink Corporation) Acer Crystal Eye webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.96.701.07a - Acer Crystal Eye webcam) Acer Crystal Eye webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.8 - Acer Crystal Eye webcam) Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4012 - ) Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.) Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.) Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4008 - Acer Inc.) Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4008 - Acer Inc.) Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4017 - Acer Inc.) Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.) Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.) Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - ) Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.) Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.20070515 - Acer Inc.) Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader 8.1.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.1 - Adobe Systems Incorporated) AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - ) AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - ) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - Alps Electric) Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft Panorama Maker 6 (HKLM\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft) AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks) Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG) Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Big Kahuna Reef 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}) (Version: - Oberon Media) Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) Crystal Reports Modules (HKLM\...\{957344B3-FD27-45B5-8026-44FEAB0F340A}) (Version: 1.0.0 - ideYAPI LTD.) DATA BECKER 3D Garten Designer 9 (HKLM\...\3D Garten Designer 9_is1) (Version: 9.0 - DATA BECKER GmbH & Co. KG) Denken und Rechnen 2 (HKLM\...\Denken und Rechnen 2) (Version: - ) DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: - ) Dynasty (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}) (Version: - Oberon Media) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Free Video Dub version 2.0.22.925 (HKLM\...\Free Video Dub_is1) (Version: 2.0.22.925 - DVDVideoSoft Ltd.) Free YouTube Download version 3.1.42.1212 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.) FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Garmin Communicator Plugin (HKLM\...\{86B879A5-927E-4536-B5FC-17CA96B60078}) (Version: 2.6.4 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.) HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - ) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - ) ideCAD Architektur 5 Demo (HKLM\...\{8CE203AB-DD76-4340-A4BA-DBCCA19027B4}) (Version: 5.49.000 - ) Launch Manager (HKLM\...\LManager) (Version: - ) LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden Luxor 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}) (Version: - Oberon Media) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) meinHausplaner (HKLM\...\meinHausplaner) (Version: - ) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery Case Files - Prime Suspects (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}) (Version: - Oberon Media) Mystery Case Files Ravenhearst (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}) (Version: - Oberon Media) Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon) Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon) NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems) NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation) OpenOffice.org 3.2 (HKLM\...\{2217B0B4-35CB-48C6-B640-864DF2F30F99}) (Version: 3.2.9483 - OpenOffice.org) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.7 - Nikon) Poker Mania (HKLM\...\Poker Mania) (Version: - ) PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074117(3.7)_Vista_Acer - CyberLink Corporation) Protect Disc License Helper 1.0.118 (HKLM\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc) ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5413 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - ) Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung) Sandlot Games Client Services (HKLM\...\Sandlot Games Client Services_is1) (Version: - Sandlot Games) Star Defender 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}) (Version: - Oberon Media) Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM\...\{E8889865-31D8-4BE9-8CE4-20AEF81AD85E}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - S.A.D. GmbH) Treasures of the Deep (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}) (Version: - Oberon Media) Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - ) Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - ) Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - ) ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.6.0 - Nikon) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin) Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{015C652B-6D65-49E9-9A0F-F9A2E1C4678E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{05F12417-022F-4164-8D3E-5F04C787DE31}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{07B2FFC7-FFF6-471C-AEC2-A93478209B06}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{08C5B872-ECA4-11D4-A7B9-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{23C3C2C4-FA91-11D3-A6DC-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{2CC7C7B2-9B2D-11d3-9099-00A0C9E71419}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CAF-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB1-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB3-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB9-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{377EBDC3-D059-11D4-A7A3-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{38F91081-BA6D-4659-BF13-1712E85C953E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3D4F2CB5-268C-4C2D-A055-6D66D527E44D}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3E5BBAF2-F63A-4EB7-A356-9C4BBD494CA9}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3ECFE218-336F-44C8-8911-BB501477F201}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{401643B8-C6EB-11D4-A79B-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{4126E7DD-2705-458D-9459-9AB8C18CDEA1}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{454CC187-E49D-11D3-9CA2-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{479DDB54-7CD7-11D3-A657-00902771E565}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\tslv.dll () CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{660ADE75-F449-11D3-A6D2-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{660ADE77-F449-11D3-A6D2-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{771C41D0-CCB4-456B-AE1E-7CBAE6298B40}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{7DE5C439-9CF2-4761-AFFD-C1A053782B30}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{84663529-9F6C-4C15-9F36-5E3F5FFFD1DA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{86C49566-24FD-487F-8D3A-CFBB1CB240E6}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8D7D6A02-D121-11D4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8D7D6A04-D121-11D4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8E205F3C-52CE-4578-AC81-A7089CDD6073}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{948D9136-1C5A-4C1A-B59D-EBAA269B45E0}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{985E4039-F6AE-11D3-9CB4-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{999BCD90-23D9-4890-948B-D0AE7078CF0A}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\saxmlserialize.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9CD5A7CF-1E0F-48CB-A70A-7B188951D04B}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9DFDA656-6083-4330-A8FA-D538ACBBB172}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B350-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B352-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B357-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B359-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A1F5F582-001B-11D4-A6E1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA692-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA69A-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA69C-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A6584661-F925-11D3-A6D8-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A798775F-0C79-4AFD-A972-B5E8AD6C1ADE}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{B7E8605E-329E-11D4-AAA2-00902741F1FC}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\crqe.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C113DA70-E957-11D3-A6C7-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C978FD27-F390-11D3-A6D1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C978FD29-F390-11D3-A6D1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{CFA1F8B3-46F9-444B-AA19-7A284D008A74}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E092-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E09B-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E09F-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A1-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A3-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A5-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A7-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A9-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D97C7D7D-FF5B-4802-BE3F-D8748E986F7B}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{DBA36674-FB63-11D3-9CB6-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{DBA36678-FB63-11D3-9CB6-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E04F5EF0-FF09-4C86-B0EC-A4EC377C4DCF}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\saxmlserialize.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E69D927A-9686-4CE1-800C-FF739EEC7EB3}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E86BB58D-0A87-4DE2-92F7-E74DA7FEBB3F}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{F986A051-D154-11d4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{FA189F65-BFB2-4cb7-BC35-0E97F508011E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions) ==================== Restore Points ========================= 05-02-2015 19:27:44 Windows Update 06-02-2015 17:21:19 Removed Java(TM) 6 Update 26 06-02-2015 17:25:17 Removed Linkury Smartbar 06-02-2015 17:27:10 Removed Linkury Smartbar 06-02-2015 17:32:57 Removed Java(TM) 6 Update 26 06-02-2015 17:34:34 Removed Linkury Smartbar 06-02-2015 17:41:32 Revo Uninstaller's restore point - Linkury Smartbar 06-02-2015 17:41:51 Removed Linkury Smartbar 10-02-2015 16:50:30 Windows Update 14-02-2015 09:11:07 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {166C06E1-F91D-4CB8-B3A3-91DD8FC124DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {1DBC7DE7-C3B3-42CD-A466-FDA8D0999B43} - System32\Tasks\Microsoft\Windows\RestartManager\{2357A169-3205-4d6d-A548-F79A8EB9ECED} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {7FB06236-20B7-4313-8AB9-82AADD74EB33} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Andreas => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {B2DA1320-4CAA-4C9F-BE59-03B990FD3591} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {D1F3D537-21BC-4FC1-A892-FF6446892A45} - System32\Tasks\{F4D13830-066A-4B6E-81E6-7BE644EDCC8D} => pcalua.exe -a C:\Users\Andreas\AppData\Local\Temp\Temp2_mein_hpl_2008.zip\MEIN_HPL_2008.exe Task: {E2D74F6A-F7CC-4CB4-A6C3-24F63F25301D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {EF1FDE15-725D-45E7-975B-0A8C0192EE0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {F6FA62FD-07E0-4660-8737-36157ED84369} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-30] (Google) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2009-08-02 21:43 - 2005-01-06 17:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll 2007-07-28 11:16 - 2007-01-26 13:24 - 00050688 _____ () C:\Acer\ALaunch\ALaunchSvc.exe 2007-07-28 10:55 - 2006-11-24 11:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe 2007-07-28 10:55 - 2006-10-24 09:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll 2007-07-28 10:53 - 2007-01-23 14:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2007-09-07 21:24 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll 2007-09-07 21:24 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2007-07-28 10:38 - 2007-06-28 17:50 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll 2007-04-25 15:30 - 2007-04-25 15:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll 2007-04-25 15:31 - 2007-04-25 15:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll 2007-07-28 10:33 - 2007-02-07 08:25 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll 2007-07-28 18:01 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll 2007-07-28 10:24 - 2007-06-15 15:15 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll 2007-07-28 10:24 - 2007-06-15 15:47 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll 2007-07-28 10:39 - 2007-06-11 13:54 - 00106496 _____ () C:\Acer\Empowering Technology\eAudio\eAudioUI.dll 2007-07-28 10:39 - 2007-03-22 10:51 - 00003584 _____ () C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll 2007-07-28 10:35 - 2007-04-11 15:42 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll 2007-07-28 10:35 - 2007-04-11 14:07 - 00077824 _____ () C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll 2007-07-28 10:37 - 2007-05-24 08:53 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll 2007-07-28 10:37 - 2007-05-24 08:53 - 00106496 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll 2007-07-28 20:21 - 2007-06-13 15:56 - 00249856 ____R () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll 2009-10-20 20:02 - 2010-05-06 20:50 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2015-02-05 19:24 - 2015-02-05 19:25 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Control Panel\Desktop\\Wallpaper -> c:\Windows\Web\wallpaper\Acer01.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-695030953-4224019398-3706738656-500 - Administrator - Disabled) Andreas (S-1-5-21-695030953-4224019398-3706738656-1000 - Administrator - Enabled) => C:\Users\Andreas ASPNET (S-1-5-21-695030953-4224019398-3706738656-1002 - Limited - Enabled) Gast (S-1-5-21-695030953-4224019398-3706738656-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/14/2015 09:48:36 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (02/14/2015 09:48:34 AM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (02/10/2015 04:29:30 PM) (Source: Avira Service Host) (EventID: 0) (User: ) Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription) bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (02/08/2015 02:28:07 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier2\security.cpp78800706e5 Error: (02/07/2015 04:06:25 PM) (Source: Avira Service Host) (EventID: 0) (User: ) Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription) bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (02/06/2015 07:02:34 PM) (Source: Avira Service Host) (EventID: 0) (User: ) Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription) bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (02/06/2015 05:41:31 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005. Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {76884a30-9290-4e7b-84cd-d09503961cd0} Error: (02/06/2015 04:55:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung avira_de.exe, Version 1.1.29.22350, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2431.0, Zeitstempel 0x54a3de01, Ausnahmecode 0xc0000005, Fehleroffset 0x00005689, Prozess-ID 0x1508, Anwendungsstartzeit avira_de.exe0. Error: (01/31/2015 04:23:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Runtime.InteropServices.COMException Stapel: bei System.Windows.Media.Composition.DUCE+Channel.SyncFlush() bei System.Windows.Media.MediaContext.CompleteRender() bei System.Windows.Interop.HwndTarget.OnResize() bei System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr) bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei System.Windows.Forms.UnsafeNativeMethods.GetMessageW(MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form) bei Avira.OE.Systray.Program.Main(System.String[]) Error: (01/31/2015 04:22:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e34 Anfangszeit: 01d03d67f4e0bef0 Zeitpunkt der Beendigung: 513 System errors: ============= Error: (02/14/2015 09:08:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86 Error: (02/14/2015 09:04:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (02/11/2015 04:35:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86 Error: (02/11/2015 04:32:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (02/10/2015 05:51:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86 Error: (02/10/2015 05:48:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (02/10/2015 04:45:42 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046} Error: (02/10/2015 04:45:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Installer%%1053 Error: (02/10/2015 04:45:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Installer Error: (02/10/2015 04:32:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000Schedule Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-02-14 13:04:25.278 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-14 13:04:24.346 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-14 13:04:23.422 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-14 13:04:22.467 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-14 13:04:21.336 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-14 13:04:20.392 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-14 13:04:19.426 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-14 13:04:18.463 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-14 13:03:39.531 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-14 13:03:38.619 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-52 Percentage of memory in use: 57% Total physical RAM: 1790.19 MB Available physical RAM: 764.77 MB Total Pagefile: 3828.89 MB Available Pagefile: 1731.45 MB Total Virtual: 2047.88 MB Available Virtual: 1910.93 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:18.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:21.15 GB) NTFS Drive f: (SEA_DISK) (Fixed) (Total:279.39 GB) (Free:114.65 GB) FAT32 Drive g: (MIM 2 GB) (Removable) (Total:1.83 GB) (Free:0.03 GB) FAT Drive h: (STORE'N'GO) (Removable) (Total:0.94 GB) (Free:0.68 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149.1 GB) (Disk ID: B5BBB0F3) Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27) Partition 2: (Active) - (Size=69.8 GB) - (Type=06) Partition 3: (Not Active) - (Size=69.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 279.5 GB) (Disk ID: 287AE0F3) Partition 1: (Active) - (Size=279.5 GB) - (Type=0C) ======================================================== Disk: 2 (Size: 964 MB) (Disk ID: 91F72D24) Partition 1: (Not Active) - (Size=964 MB) - (Type=06) ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 1.8 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06) ==================== End Of Log ============================ |
15.02.2015, 21:08 | #18 | |
Ruhe in Frieden † 2019 | Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo,
__________________Zitat:
Funde sind in der Quarantäne (löschen wir gleich). Ein Installer von SweetIM und Rest kennst du sicherlich. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Andreas\AppData\Local\Temp\908209415\wssetup.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Deinstalliere Deinen Reader und lade Dir die neueste Version von hier herunter. Schaue, ob sich noch etwas mit installieren möchte und entferne den Haken gegebenenfalls. Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Falls du Java doch unbedingt benötigst, dann
Dazu:
Hier findest du eine Anleitung dazu. Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows. Windows Vista
Windows 7
Windows 8
Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun.
__________________ |
16.02.2015, 17:51 | #19 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Sandra, hier das Log. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015 Ran by Andreas at 2015-02-16 17:33:57 Run:4 Running from C:\Users\Andreas\Desktop Loaded Profiles: Andreas (Available profiles: Andreas) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Andreas\AppData\Local\Temp\908209415\wssetup.exe ***************** C:\Users\Andreas\AppData\Local\Temp\908209415\wssetup.exe => Moved successfully. ==== End of Fixlog 17:33:58 ==== Das war ja alles sehr Informativ. Habe allerdings auch nicht alles Verstanden. Was für eine Funktion hat das Programm FRST? Was ist die Bedeutung von Fix. Wird da etwas gelöscht? Als Antivirenprogramm hatte ich bisher Antivir Freeversion. Spricht da etwas dagegen? Oder soll ich auf dei Bezahlvariante wechseln? Malwarebytes werde ich wohl behalten. Das ist allerdings eine Testversion. Gibt es da eine Laufzeitbeschränkung? Jetzt werde ic noch die anderen Schritte abarbeiten. Wahrscheinlich werde ic hspäter noch ein paar fragen haben. Vielen Dank Andreas |
16.02.2015, 23:44 | #20 | ||||||
Ruhe in Frieden † 2019 | Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Andreas, Zitat:
Zitat:
Zitat:
Ja, in den meisten Fällen löschen wir mit einem Fix etwas. Wir können aber auch Sachen auslesen, Einträge in der Registry bearbeiten, MD5 von Dateien erzeugen, Dateien ersetzen... FRST ist ein sehr "großes" Tool und hat ziemlich viele coole Funktionen. Zitat:
Zitat:
Zitat:
|
24.02.2015, 18:25 | #21 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Sandra, nochmals vielen Dank für Deine Unterstützung. Ich habe doch nochmal eine Frage bzgl. Adw Cleaner und CCleaner. Spricht etwas dagegen diese Programme regelmäßig zum "aufräumen" zu nutzen? Ich würde euch auch gern mit einer Spende Unterstützen und etwas Überweisen. Auf Eurem Link habe ich das Konto von Peter Zawadzki gefunden. Wofür wird das Geld verwendet bzw. wem kommt es zugute? Viele Grüße Andreas |
24.02.2015, 23:06 | #22 | |||
Ruhe in Frieden † 2019 | Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Andreas, Zitat:
Zitat:
Zitat:
Falls du weitere Fragen hast, kannst du sie jederzeit hier in diesem Thread stellen. |
Themen zu Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt |
antivir, automatisch, avira, bli, blinkt, dateien, dezember, festgestellt, heutige, infiziert, kostenlose, meldung, ms04-28.jpeg.a, nicht mehr, quarantäne, report, scan, schädlich, tr/eyestye.b.cfg.59, troja, trojaner, trojaner?, version, virenscan, virus, windows, wirklich |