|
Plagegeister aller Art und deren Bekämpfung: Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestelltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.01.2015, 17:05 | #1 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo, seit Dezember blinkt bei mir der Windows Befehlsprozessor am unteren Bildrand. Avira (kostenlose Version) hat im Dezember einen Trojaner TR/EyeStye.B.cfg.59 und einen Virus EXP/ MS04-28.JPEG.A festgestellt und in Quarantäne veschoben. Der Windows Befehlsprozessor blinkt immernoch. Der Report von Antivir wurde leider automatisch nach 30 Tagen gelöscht. Bei dem heutigen Virenscan kam die Meldung: kein Virus gefunden versteckte Objekte 1. Woher weiß ich jetzt, ob ich wirklich nicht mehr infiziert bin? Die Dateien sind ja noch in Quarantäne und der Befehlsprozessor blinkt auch noch. Wie schädlich ist der festgestellte Trojaner? |
31.01.2015, 17:07 | #2 |
Ruhe in Frieden † 2019 | Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestelltMein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
31.01.2015, 17:29 | #3 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Sandra,
__________________das war ja eine schnelle Antwort. Vielen Dank für Deine Hilfe Ich habe das Farbar's Recovery Scan Tool herutergeladen. Hier die FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015 01 Ran by Andreas (administrator) on ANDREAS-PC on 31-01-2015 17:17:15 Running from C:\Users\Andreas\Desktop Loaded Profiles: Andreas (Available profiles: Andreas) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\Acer\ALaunch\ALaunchSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe (HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Acer\Mobility Center\MobilityService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Smartbar) C:\Users\Andreas\AppData\Local\Smartbar\Application\Linkury.exe () C:\Users\Andreas\AppData\Local\Temp\Shuka\UACGetter.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Realtek Semiconductor Corp.) C:\Users\Andreas\AppData\Local\Temp\RtkBtMnt.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [ALaunch] => C:\Acer\ALaunch\AlaunchClient.exe HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4468736 2007-05-18] (Realtek Semiconductor) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST) HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-03-08] (Adobe Systems Incorporated) HKLM\...\Run: [Acer Tour] => [X] HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [752136 2007-06-27] (Dritek System Inc.) HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [206952 2007-05-24] (CyberLink Corp.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.) HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.) HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.) HKLM\...\Run: [SetPanel] => C:\Acer\APanel\APanel.cmd HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-18] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371712 2009-07-15] (shbox.de) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKLM\...\Run: [Sweetpacks Communicator] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [Acer Tour Reminder] => [X] HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-06-23] (Google Inc.) HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Andreas\AppData\Local\Smartbar\Application\Linkury.exe [20248 2013-06-05] (Smartbar) HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [cmd] => C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe [5165056 2014-12-14] (Packer Framework) <===== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk ShortcutTarget: PackerV2.exe.lnk -> C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe (Packer Framework) Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={45BD610B-5421-4D88-B479-8A1A17FF0E4B} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={45BD610B-5421-4D88-B479-8A1A17FF0E4B} SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 BHO: Yahoo! Toolbar Helper -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: AskBar BHO -> {201f27d4-3704-41d6-89c1-aa35e39143ed} -> C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) BHO: Linkury SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll (HiTRUST) BHO: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST) Toolbar: HKLM - Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM - Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> Ask Toolbar - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) Toolbar: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default FF NewTab: hxxp://home.sweetim.com/?src=97&barid={45BD610B-5421-4D88-B479-8A1A17FF0E4B} FF DefaultSearchEngine: Web Search FF DefaultSearchUrl: FF SelectedSearchEngine: Web Search FF Homepage: hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970 FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @protectdisc.com/NPPDLicenseHelper -> C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\searchplugins\Web Search.xml FF Extension: Avira Browser Safety - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\abs@avira.com [2015-01-31] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-28] FF Extension: Linkury Smartbar - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f} [2013-09-23] FF Extension: Torntv - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\torntv@torntv.com.xpi [2013-01-05] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-01-05] Chrome: ======= CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-29] CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05] CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-29] CHR Extension: (Google-Suche) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-29] CHR Extension: (Avira Browserschutz) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-29] CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29] CHR Extension: (Google Mail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-29] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-01-08] (DATA BECKER GmbH & Co KG) [File not signed] R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT) R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed] R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) [File not signed] R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) [File not signed] R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) [File not signed] S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-29] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-29] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG) R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [767664 2007-05-28] (Bison Electronics. Inc. ) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-28] (NewTech Infosystems, Inc.) [File not signed] R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-02] (Cyberlink Corp.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 17:17 - 2015-01-31 17:19 - 00024882 _____ () C:\Users\Andreas\Desktop\FRST.txt 2015-01-31 17:14 - 2015-01-31 17:17 - 00000000 ____D () C:\FRST 2015-01-31 17:13 - 2015-01-31 17:13 - 01122304 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe 2015-01-31 16:30 - 2015-01-31 16:30 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe 2015-01-31 16:29 - 2015-01-31 16:30 - 00050477 _____ () C:\Users\Andreas\Downloads\Defogger.exe 2015-01-31 10:39 - 2015-01-31 10:39 - 00001006 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-15 17:52 - 2015-01-15 17:52 - 138300268 _____ () C:\Windows\MEMORY.DMP 2015-01-15 17:52 - 2015-01-15 17:52 - 00138096 _____ () C:\Windows\Minidump\Mini011515-01.dmp 2015-01-15 17:52 - 2015-01-15 17:52 - 00000000 ____D () C:\Windows\Minidump ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 17:02 - 2012-09-26 16:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-31 16:59 - 2014-10-29 12:33 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-31 16:59 - 2010-04-27 16:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-31 16:22 - 2007-09-07 21:13 - 01433386 _____ () C:\Windows\WindowsUpdate.log 2015-01-31 16:21 - 2009-05-02 21:20 - 00262133 _____ () C:\ProgramData\nvModes.001 2015-01-31 16:10 - 2010-04-27 16:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-31 16:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-31 16:08 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-31 16:08 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-31 14:01 - 2006-11-02 14:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-31 12:19 - 2011-01-12 20:59 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-01-31 12:03 - 2012-09-13 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-31 12:03 - 2012-09-13 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-31 10:41 - 2014-08-20 10:14 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-31 10:39 - 2012-12-23 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-31 10:39 - 2012-12-23 15:13 - 00000000 ____D () C:\Program Files\Avira 2015-01-16 02:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\uk-UA 2015-01-15 21:13 - 2013-09-01 17:59 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 20:57 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-01-15 20:53 - 2008-11-10 10:14 - 00000000 ____D () C:\DVDVideoSoft 2015-01-15 20:53 - 2008-11-10 10:10 - 00000000 ____D () C:\Users\Andreas\Documents\DVDVideoSoft 2015-01-15 18:33 - 2007-10-17 21:05 - 00074240 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-15 18:06 - 2006-11-02 11:33 - 01643124 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-02 18:11 - 2013-07-31 19:42 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc 2015-01-02 16:45 - 2013-08-04 13:50 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\HandBrake ==================== Files in the root of some directories ======= 2014-03-04 18:55 - 2014-03-04 18:55 - 49940480 _____ () C:\Program Files\GUTAD6E.tmp 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Galaxy Swirl 2012-11-03 22:54 - 2012-11-03 22:54 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Gems 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Generic 2012-11-03 22:50 - 2012-11-03 22:50 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Hip Hop 2007-10-17 21:49 - 2009-05-02 21:14 - 0027525 _____ () C:\Users\Andreas\AppData\Roaming\nvModes.001 2007-10-17 21:46 - 2008-11-10 18:07 - 0027525 _____ () C:\Users\Andreas\AppData\Roaming\nvModes.dat 2007-10-17 20:22 - 2013-12-20 20:20 - 0004180 _____ () C:\Users\Andreas\AppData\Roaming\wklnhst.dat 2007-10-22 20:35 - 2012-02-22 20:41 - 0000680 _____ () C:\Users\Andreas\AppData\Local\d3d9caps.dat 2007-10-17 21:05 - 2015-01-15 18:33 - 0074240 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2008-08-17 14:00 - 2008-08-17 14:00 - 0000095 _____ () C:\Users\Andreas\AppData\Local\fusioncache.dat 2007-11-06 20:40 - 2007-11-06 20:40 - 0000305 _____ () C:\ProgramData\addr_file.html 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\ProgramData\Grapher 2012-11-03 22:54 - 2012-11-03 22:54 - 0000268 ___RH () C:\ProgramData\Graphics 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\ProgramData\Guides 2012-11-03 22:50 - 2012-11-03 22:50 - 0000268 ___RH () C:\ProgramData\Horns 2009-05-02 21:20 - 2015-01-31 16:21 - 0262133 _____ () C:\ProgramData\nvModes.001 2009-05-02 21:20 - 2014-12-20 20:15 - 0262133 _____ () C:\ProgramData\nvModes.dat 2012-11-03 22:50 - 2012-11-03 22:51 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2012-11-03 22:54 - 2014-11-04 22:36 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2012-11-03 22:52 - 2014-11-16 21:40 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2012-11-03 22:52 - 2012-11-03 23:23 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT Files to move or delete: ==================== C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe Some content of TEMP: ==================== C:\Users\Andreas\AppData\Local\Temp\avgnt.exe C:\Users\Andreas\AppData\Local\Temp\PicasaUpdater_3904.exe C:\Users\Andreas\AppData\Local\Temp\PicasaUpdater_6e78.exe C:\Users\Andreas\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Andreas\AppData\Local\Temp\vlc-2.1.2-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-31 16:27 ==================== End Of Log ============================ --- --- --- hier Die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-01-2015 01 Ran by Andreas at 2015-01-31 17:19:32 Running from C:\Users\Andreas\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3D-Garten 8.0 (HKLM\...\{554A4E80-0002-2006-0407-11FF59A27A18}) (Version: 8.0 - DiComp) Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.12.4213 - CyberLink Corporation) Acer Crystal Eye webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.96.701.07a - Acer Crystal Eye webcam) Acer Crystal Eye webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.8 - Acer Crystal Eye webcam) Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4012 - ) Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.) Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.) Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4008 - Acer Inc.) Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4008 - Acer Inc.) Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4017 - Acer Inc.) Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.) Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.) Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - ) Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.) Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.20070515 - Acer Inc.) Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader 8.1.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.1 - Adobe Systems Incorporated) AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - ) AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - ) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - Alps Electric) Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft Panorama Maker 6 (HKLM\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft) Ask Toolbar (HKLM\...\Ask Toolbar_is1) (Version: 4.1.0.2 - Ask.com) <==== ATTENTION AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks) Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Big Kahuna Reef 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}) (Version: - Oberon Media) Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) Crystal Reports Modules (HKLM\...\{957344B3-FD27-45B5-8026-44FEAB0F340A}) (Version: 1.0.0 - ideYAPI LTD.) DATA BECKER 3D Garten Designer 9 (HKLM\...\3D Garten Designer 9_is1) (Version: 9.0 - DATA BECKER GmbH & Co. KG) Denken und Rechnen 2 (HKLM\...\Denken und Rechnen 2) (Version: - ) DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: - ) Dynasty (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}) (Version: - Oberon Media) Free Video Dub version 2.0.22.925 (HKLM\...\Free Video Dub_is1) (Version: 2.0.22.925 - DVDVideoSoft Ltd.) Free YouTube Download version 3.1.42.1212 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.) FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Garmin Communicator Plugin (HKLM\...\{86B879A5-927E-4536-B5FC-17CA96B60078}) (Version: 2.6.4 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.) HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - ) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - ) ideCAD Architektur 5 Demo (HKLM\...\{8CE203AB-DD76-4340-A4BA-DBCCA19027B4}) (Version: 5.49.000 - ) Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.260 - Sun Microsystems, Inc.) Launch Manager (HKLM\...\LManager) (Version: - ) LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden Linkury Smartbar (HKLM\...\{F04C4F83-D9C7-408C-9DEB-D5526E72108C}) (Version: 1.24.22.10764 - Linkury Inc.) <==== ATTENTION Linkury Smartbar Engine (HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\{4beb1bf6-f4a3-4bb0-9820-54dd42bfad8b}) (Version: 1.24.22.10764 - Linkury Inc.) <==== ATTENTION Luxor 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}) (Version: - Oberon Media) meinHausplaner (HKLM\...\meinHausplaner) (Version: - ) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery Case Files - Prime Suspects (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}) (Version: - Oberon Media) Mystery Case Files Ravenhearst (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}) (Version: - Oberon Media) Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon) Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon) NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems) NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation) OpenOffice.org 3.2 (HKLM\...\{2217B0B4-35CB-48C6-B640-864DF2F30F99}) (Version: 3.2.9483 - OpenOffice.org) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.7 - Nikon) Poker Mania (HKLM\...\Poker Mania) (Version: - ) PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074117(3.7)_Vista_Acer - CyberLink Corporation) Protect Disc License Helper 1.0.118 (HKLM\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc) ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5413 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - ) Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung) Sandlot Games Client Services (HKLM\...\Sandlot Games Client Services_is1) (Version: - Sandlot Games) Star Defender 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}) (Version: - Oberon Media) SweetIM Bundle by SweetPacks (HKLM\...\SweetIM Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION SweetIM for Messenger 3.7 (Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM\...\{E8889865-31D8-4BE9-8CE4-20AEF81AD85E}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - S.A.D. GmbH) Toolbar 4.7 by SweetPacks (Version: 4.7.0004 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION Treasures of the Deep (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}) (Version: - Oberon Media) Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - ) Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - ) Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - ) Update Manager for SweetPacks 1.1 (Version: 1.1.0008 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.6.0 - Nikon) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin) Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - ) Yahoo! Toolbar mit Pop-Up-Blocker (HKLM\...\Yahoo! Companion) (Version: - ) Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{015C652B-6D65-49E9-9A0F-F9A2E1C4678E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{05F12417-022F-4164-8D3E-5F04C787DE31}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{07B2FFC7-FFF6-471C-AEC2-A93478209B06}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{08C5B872-ECA4-11D4-A7B9-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{23C3C2C4-FA91-11D3-A6DC-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{2CC7C7B2-9B2D-11d3-9099-00A0C9E71419}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CAF-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB1-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB3-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB9-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{377EBDC3-D059-11D4-A7A3-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{38F91081-BA6D-4659-BF13-1712E85C953E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3D4F2CB5-268C-4C2D-A055-6D66D527E44D}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3E5BBAF2-F63A-4EB7-A356-9C4BBD494CA9}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3ECFE218-336F-44C8-8911-BB501477F201}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{401643B8-C6EB-11D4-A79B-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{4126E7DD-2705-458D-9459-9AB8C18CDEA1}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{454CC187-E49D-11D3-9CA2-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{479DDB54-7CD7-11D3-A657-00902771E565}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\tslv.dll () CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{660ADE75-F449-11D3-A6D2-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{660ADE77-F449-11D3-A6D2-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{771C41D0-CCB4-456B-AE1E-7CBAE6298B40}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{7DE5C439-9CF2-4761-AFFD-C1A053782B30}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{84663529-9F6C-4C15-9F36-5E3F5FFFD1DA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{86C49566-24FD-487F-8D3A-CFBB1CB240E6}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8D7D6A02-D121-11D4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8D7D6A04-D121-11D4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8E205F3C-52CE-4578-AC81-A7089CDD6073}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{948D9136-1C5A-4C1A-B59D-EBAA269B45E0}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{985E4039-F6AE-11D3-9CB4-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{999BCD90-23D9-4890-948B-D0AE7078CF0A}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\saxmlserialize.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9CD5A7CF-1E0F-48CB-A70A-7B188951D04B}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9DFDA656-6083-4330-A8FA-D538ACBBB172}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B350-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B352-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B357-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B359-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A1F5F582-001B-11D4-A6E1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA692-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA69A-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA69C-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A6584661-F925-11D3-A6D8-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A798775F-0C79-4AFD-A972-B5E8AD6C1ADE}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{B7E8605E-329E-11D4-AAA2-00902741F1FC}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\crqe.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C113DA70-E957-11D3-A6C7-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C978FD27-F390-11D3-A6D1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C978FD29-F390-11D3-A6D1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{CFA1F8B3-46F9-444B-AA19-7A284D008A74}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E092-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E09B-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E09F-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A1-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A3-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A5-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A7-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A9-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D97C7D7D-FF5B-4802-BE3F-D8748E986F7B}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{DBA36674-FB63-11D3-9CB6-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{DBA36678-FB63-11D3-9CB6-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E04F5EF0-FF09-4C86-B0EC-A4EC377C4DCF}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\saxmlserialize.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E69D927A-9686-4CE1-800C-FF739EEC7EB3}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E86BB58D-0A87-4DE2-92F7-E74DA7FEBB3F}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{F986A051-D154-11d4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{FA189F65-BFB2-4cb7-BC35-0E97F508011E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions) ==================== Restore Points ========================= 16-11-2014 16:11:19 Windows Update 16-11-2014 16:16:28 Windows Update 26-11-2014 20:45:27 Windows Update 17-12-2014 19:01:32 Windows Update 20-12-2014 18:46:49 Windows Update 15-01-2015 20:35:54 Windows Update 15-01-2015 20:56:42 Windows Update 31-01-2015 10:18:40 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {166C06E1-F91D-4CB8-B3A3-91DD8FC124DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {1DBC7DE7-C3B3-42CD-A466-FDA8D0999B43} - System32\Tasks\Microsoft\Windows\RestartManager\{2357A169-3205-4d6d-A548-F79A8EB9ECED} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {814EC4EC-65A3-4C83-AD2D-3BAE05E8E904} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Andreas => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {B2DA1320-4CAA-4C9F-BE59-03B990FD3591} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {D1F3D537-21BC-4FC1-A892-FF6446892A45} - System32\Tasks\{F4D13830-066A-4B6E-81E6-7BE644EDCC8D} => pcalua.exe -a C:\Users\Andreas\AppData\Local\Temp\Temp2_mein_hpl_2008.zip\MEIN_HPL_2008.exe Task: {E2D74F6A-F7CC-4CB4-A6C3-24F63F25301D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated) Task: {EF1FDE15-725D-45E7-975B-0A8C0192EE0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {F6FA62FD-07E0-4660-8737-36157ED84369} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-30] (Google) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-08-02 21:43 - 2005-01-06 17:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll 2007-07-28 11:16 - 2007-01-26 13:24 - 00050688 _____ () C:\Acer\ALaunch\ALaunchSvc.exe 2007-07-28 10:55 - 2006-11-24 11:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe 2007-07-28 10:55 - 2006-10-24 09:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll 2007-07-28 10:53 - 2007-01-23 14:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2007-09-07 21:24 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll 2007-09-07 21:24 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2007-07-28 10:38 - 2007-06-28 17:50 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00081920 _____ () C:\Acer\Empowering Technology\eSettings\Service\INT15.dll 2007-04-25 15:30 - 2007-04-25 15:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll 2007-04-25 15:31 - 2007-04-25 15:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll 2007-07-28 10:33 - 2007-02-07 08:25 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll 2007-07-28 18:01 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00032024 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00051480 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00149784 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00111896 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 01725208 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00078104 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00012568 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00729368 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00081176 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00013592 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00016152 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00019736 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00021272 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00057112 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00013592 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00014104 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00051480 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll 2013-06-05 14:01 - 2013-06-05 14:01 - 00047384 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\MACTrackBarLib.dll 2013-06-05 14:01 - 2013-06-05 14:01 - 00025368 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00245528 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll 2013-06-05 14:03 - 2013-06-05 14:03 - 00025368 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll 2014-12-14 14:36 - 2014-12-14 14:36 - 00193536 _____ () C:\Users\Andreas\AppData\Local\Temp\Shuka\UACGetter.exe 2007-07-28 10:24 - 2007-06-15 15:15 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll 2007-07-28 10:24 - 2007-06-15 15:47 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll 2007-07-28 10:39 - 2007-06-11 13:54 - 00106496 _____ () C:\Acer\Empowering Technology\eAudio\eAudioUI.dll 2007-07-28 10:39 - 2007-03-22 10:51 - 00003584 _____ () C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll 2007-07-28 10:35 - 2007-04-11 15:42 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll 2007-07-28 10:35 - 2007-04-11 14:07 - 00077824 _____ () C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll 2007-07-28 10:37 - 2007-05-24 08:53 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll 2007-07-28 10:37 - 2007-05-24 08:53 - 00106496 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll 2007-07-28 20:21 - 2007-06-13 15:56 - 00249856 ____R () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Library.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00126976 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.View.resources.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00007680 _____ () C:\Acer\Empowering Technology\eSettings\DXNativeIface.dll 2009-10-20 20:02 - 2010-05-06 20:50 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2014-06-29 12:57 - 2014-06-29 12:58 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2015-01-31 12:03 - 2015-01-31 12:03 - 16844976 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:375A40C3 AlternateDataStreams: C:\ProgramData\TEMP:5F64C164 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-695030953-4224019398-3706738656-500 - Administrator - Disabled) Andreas (S-1-5-21-695030953-4224019398-3706738656-1000 - Administrator - Enabled) => C:\Users\Andreas ASPNET (S-1-5-21-695030953-4224019398-3706738656-1002 - Limited - Enabled) Gast (S-1-5-21-695030953-4224019398-3706738656-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/31/2015 04:23:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Runtime.InteropServices.COMException Stapel: bei System.Windows.Media.Composition.DUCE+Channel.SyncFlush() bei System.Windows.Media.MediaContext.CompleteRender() bei System.Windows.Interop.HwndTarget.OnResize() bei System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr) bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei System.Windows.Forms.UnsafeNativeMethods.GetMessageW(MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form) bei Avira.OE.Systray.Program.Main(System.String[]) Error: (01/31/2015 04:22:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e34 Anfangszeit: 01d03d67f4e0bef0 Zeitpunkt der Beendigung: 513 Error: (01/31/2015 10:38:14 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Andreas-PC) Description: 0Avira.OE.ServiceHost.exeAvira Service Host03026216123682343003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530070006500650064007500700043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530065007200760069006300650048006F00730074002E00650078006500000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072004E00610074006900760065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00440072006F00700062006F00780043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C0057006500620053006F0063006B006500740034004E00650074002E0064006C006C00000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D0073007600630070003100320030002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E0043006F006D006D0075006E0069006300610074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00640065002D00440045005C00410076006900720061002E004F0045002E00530065007200760069006300650048006F00730074002E007200650073006F00750072006300650073002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C004E004C006F0067002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004E006100740069007600650043006F00720065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530070006500650064007500700043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C004D0069007800700061006E0065006C002E004E00450054002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00420072006F00770073006500720045007800740065006E00730069006F006E0043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00570069006E0043006F00720065002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C0049006F006E00690063002E005A00690070002E0052006500640075006300650064002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00530065007200760069006300650053007400610063006B002E0054006500780074002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00440072006F00700062006F00780043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00570069006E0043006F00720065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E0043006F006D006D0075006E0069006300610074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00530079007300740065006D002E0044006100740061002E00530051004C006900740065002E0064006C006C00000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D0073007600630072003100320030002E0064006C006C000000 Error: (01/31/2015 10:21:33 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Runtime.InteropServices.COMException Stapel: bei System.Windows.Media.Composition.DUCE+Channel.SyncFlush() bei System.Windows.Media.MediaContext.CompleteRender() bei System.Windows.Interop.HwndTarget.OnResize() bei System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr) bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei System.Windows.Forms.UnsafeNativeMethods.GetMessageW(MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form) bei Avira.OE.Systray.Program.Main(System.String[]) Error: (01/31/2015 10:08:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung PackerV2.exe, Version 2.1.1615.1214, Zeitstempel 0x548d9b76, fehlerhaftes Modul PackerV2.exe, Version 2.1.1615.1214, Zeitstempel 0x548d9b76, Ausnahmecode 0xc0000005, Fehleroffset 0x00033793, Prozess-ID 0xd2c, Anwendungsstartzeit PackerV2.exe0. Error: (01/31/2015 10:06:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung Avira.OE.Setup.Bundle.exe, Version 1.1.27.25527, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2028.0, Zeitstempel 0x5458d5e9, Ausnahmecode 0xc0000005, Fehleroffset 0x00005600, Prozess-ID 0xa9c, Anwendungsstartzeit Avira.OE.Setup.Bundle.exe0. Error: (01/15/2015 09:13:29 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (01/15/2015 09:13:28 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (01/15/2015 05:56:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung Avira.OE.Setup.Bundle.exe, Version 1.1.27.25527, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2028.0, Zeitstempel 0x5458d5e9, Ausnahmecode 0xc0000005, Fehleroffset 0x00005600, Prozess-ID 0xa2c, Anwendungsstartzeit Avira.OE.Setup.Bundle.exe0. Error: (01/15/2015 05:06:49 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c System errors: ============= Error: (01/31/2015 04:09:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (01/31/2015 10:36:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86 Error: (01/31/2015 10:32:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (01/31/2015 10:08:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows-Dienst für Schriftartencache%%1053 Error: (01/31/2015 10:08:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows-Dienst für Schriftartencache Error: (01/31/2015 10:07:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86 Error: (01/31/2015 10:06:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Installer%%1053 Error: (01/31/2015 10:06:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Installer Error: (01/31/2015 10:06:44 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046} Error: (01/31/2015 10:04:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-52 Percentage of memory in use: 61% Total physical RAM: 1790.19 MB Available physical RAM: 688.43 MB Total Pagefile: 3830.81 MB Available Pagefile: 1938.16 MB Total Virtual: 2047.88 MB Available Virtual: 1889.1 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:17.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:21.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149.1 GB) (Disk ID: B5BBB0F3) Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27) Partition 2: (Active) - (Size=69.8 GB) - (Type=06) Partition 3: (Not Active) - (Size=69.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Ciao Andreas |
31.01.2015, 23:19 | #4 | |
Ruhe in Frieden † 2019 | Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Andreas, Zitat:
Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [cmd] => C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe [5165056 2014-12-14] (Packer Framework) <===== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk ShortcutTarget: PackerV2.exe.lnk -> C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe (Packer Framework) C:\Users\Andreas\AppData\Local\Temp\Shuka Update Manager for SweetPacks 1.1 (Version: 1.1.0008 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:375A40C3 AlternateDataStreams: C:\ProgramData\TEMP:5F64C164 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Bitte deinstalliere folgende Programme (falls vorhanden) : Java(TM) 6 Update 26 Ask Toolbar Linkury Smartbar Linkury Smartbar Engine SweetIM Bundle by SweetPacks SweetIM for Messenger 3.7 Toolbar 4.7 by SweetPacks Update Manager for SweetPacks 1.1 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 3 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 4 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 5 Starte noch einmal FRST.
|
01.02.2015, 16:40 | #5 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Sandra, Code:
ATTFilter Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg.... Müsste mir dann erstmal ein neues Betriebssystem zulegen. Würde dann auf Windows 7 umsteigen. Weiß aber nicht ob der Laptop dafür so gut geeignet ist. Muss ich erstmal prüfen. Da ich nächste Woche eh nicht zuhause bin, habe ich Zeit mir gedanken zu machen. Schonmal vielen Dank für die bisherige Hilfe. Wie kann man sich denn noch effektiver vor Trojanern schützen, bzw. wobei könnte ich mir diesen eingefangen haben? Ciao Andreas |
01.02.2015, 17:56 | #6 |
Ruhe in Frieden † 2019 | Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Andreas, das ist deine freie Entscheidung. Ohne Log von Avira kann ich nicht sagen, ob er da drauf war, bis jetzt sehe ich nichts davon. Passwörter ändern ist auf jeden Fall Pflicht ob du nun neu aufsetzt oder nicht. Schreib mir doch noch mal die Ram-Größe und die Ghz-Zahl des Prozessors, müsste eigentlich Win 7 in der 32 bit Version drauf laufen. Allerdings finde ich die Festplatte recht klein... Um sich gegen Malwarebefall zu schützen ist zuerst ein aktuelles System Pflicht mit den aktuellesten Updates und Patches, die Programme auf dem System müssen auch auf dem neuesten Stand sein, besonders Adobe Reader, Flashplayer, Shockwaveplayer, Java, alle Browser. Auch ein Antivirenprogramm mit aktueller Datenbank ist Pflicht! Dann solltest du sichere Passwörter verwenden:
Nicht auf alles klicken, was fröhlich rumblinkt oder dich auffordert irgend etwas zu updaten. Software nur vom Originalhersteller laden Bei einer Installation eines Programmes alles abwählen, was nicht zum Programm gehört. Keinerlei Startseitenveränderungen zulassen. Vorsichtig beim Öffnen von Dateianhängen in Emails und Emails mit Auffirderung das Konto zu verifizieren oder Daten zu bestätigen sein. Lieber bei der betreffenden Firma direkt nachfragen, ob die Email legitim ist, wenn du dir nicht sicher bist. Und ganz wichtig brain.exe
__________________ --> Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt |
05.02.2015, 19:43 | #7 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Sandra, ich bin wieder da. Habe mich gegen eine Komplettformatierung entschieden. Werde Morgen mal die von Dir vorgeschlagenen Schritte durchführen. Code:
ATTFilter ...Ohne Log von Avira kann ich nicht sagen, ob er da drauf war, bis jetzt sehe ich nichts davon.... Viele Grüße Andreas |
06.02.2015, 20:20 | #9 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Sandra, das Bild der Quarantäne hänge ich an. Ich habe Deine Schritt für Schritt Anleitung durchgeführt. hier die Logs: Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-02-2015 Ran by Andreas at 2015-02-06 17:14:47 Run:1 Running from C:\Users\Andreas\Desktop Loaded Profiles: Andreas (Available profiles: Andreas) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [cmd] => C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe [5165056 2014-12-14] (Packer Framework) <===== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk ShortcutTarget: PackerV2.exe.lnk -> C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe (Packer Framework) C:\Users\Andreas\AppData\Local\Temp\Shuka Update Manager for SweetPacks 1.1 (Version: 1.1.0008 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:375A40C3 AlternateDataStreams: C:\ProgramData\TEMP:5F64C164 ***************** HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cmd => value deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk => Moved successfully. C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe => Moved successfully. C:\Users\Andreas\AppData\Local\Temp\Shuka => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}\\SystemComponent => value deleted successfully. C:\ProgramData\TEMP => ":375A40C3" ADS removed successfully. C:\ProgramData\TEMP => ":5F64C164" ADS removed successfully. ==== End of Fixlog 17:14:50 ==== AdwCleaner(S0).txt Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 17:59:27 # Aktualisiert 05/02/2015 von Xplode # Datenbank : 2015-02-05.2 [Server] # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86) # Benutzername : Andreas - ANDREAS-PC # Gestarted von : C:\Users\Andreas\Downloads\AdwCleaner_4.110.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\ProgramData\Yahoo! Companion Ordner Gelöscht : C:\ProgramData\Packer Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB Ordner Gelöscht : C:\Program Files\SweetIM Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Program Files\Common Files\Tobit Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\DVDVideoSoftTB Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Tobit Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com [!] Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [!] Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\torntv@torntv.com.xpi Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi Datei Gelöscht : C:\Program Files\Mozilla Firefox\Components\AskSearch.js Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\searchplugins\Web Search.xml ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\and Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\1ClickDownload Schlüssel Gelöscht : HKCU\Software\SweetIM Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB Schlüssel Gelöscht : HKLM\SOFTWARE\DVDVideoSoftTB Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\SweetIM Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F04C4F83-D9C7-408C-9DEB-D5526E72108C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 ***** [ Internetbrowser ] ***** -\\ Internet Explorer v9.0.8112.16584 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [SEARCH PAGE] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Mozilla Firefox v35.0.1 (x86 de) [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970"[...] [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...] [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledItems", "{8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f}:1.0,helperbar@helperbar.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,[...] [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Country", "Germany"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 23131394); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", true); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.UserID", "8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Visibility", true); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.affid", "111583"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.countryiso", "de"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.downloadprovider", "oc"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.installationid", "8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.publisher", "oc"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q="); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.10011"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "none"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...] [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.newtab.created", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", ""); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.apps.)?facebook\\.com.*"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.apps.)?facebook\\.com.*"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", ""); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...] [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{45BD610B-5421-4D88-B479-8A1A17FF0E4B}"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={45BD610B-5421-4D88-B479-8A1A17FF0E4B}"); [1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0"); -\\ Google Chrome v40.0.2214.94 ************************* AdwCleaner[R0].txt - [20688 Bytes] - [06/02/2015 17:54:12] AdwCleaner[S0].txt - [20308 Bytes] - [06/02/2015 17:59:27] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20368 Bytes] ########## brauchst Du die auch? mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Update, 06.02.2015 18:19:04, SYSTEM, ANDREAS-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 06.02.2015 18:19:04, SYSTEM, ANDREAS-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, Update, 06.02.2015 18:19:21, SYSTEM, ANDREAS-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.6.6, Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.02.2015 18:20:27, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Stopping, Protection, 06.02.2015 18:21:27, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Stopped, Update, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, Update, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Protection, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, Protection, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, Protection, 06.02.2015 18:22:09, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 06.02.2015 18:22:11, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, Update, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.6.6, Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, Update, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Scheduler, Malware Database, 2015.2.6.6, 2015.2.6.7, Protection, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, Protection, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.02.2015 18:55:53, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.02.2015 18:56:27, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, Protection, 06.02.2015 18:56:27, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 06.02.2015 18:56:30, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, Protection, 06.02.2015 19:02:51, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, Protection, 06.02.2015 19:02:53, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, Protection, 06.02.2015 19:02:53, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 06.02.2015 19:05:40, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Update, 06.02.2015 18:19:04, SYSTEM, ANDREAS-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 06.02.2015 18:19:04, SYSTEM, ANDREAS-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, Update, 06.02.2015 18:19:21, SYSTEM, ANDREAS-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.6.6, Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.02.2015 18:20:27, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Stopping, Protection, 06.02.2015 18:21:27, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Stopped, Update, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, Update, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Protection, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, Protection, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, Protection, 06.02.2015 18:22:09, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 06.02.2015 18:22:11, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, Update, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.6.6, Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, Update, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Scheduler, Malware Database, 2015.2.6.6, 2015.2.6.7, Protection, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, Protection, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.02.2015 18:55:53, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.02.2015 18:56:27, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, Protection, 06.02.2015 18:56:27, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 06.02.2015 18:56:30, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, Protection, 06.02.2015 19:02:51, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, Protection, 06.02.2015 19:02:53, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, Protection, 06.02.2015 19:02:53, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 06.02.2015 19:05:40, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015 Ran by Andreas at 2015-02-06 19:18:32 Running from C:\Users\Andreas\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3D-Garten 8.0 (HKLM\...\{554A4E80-0002-2006-0407-11FF59A27A18}) (Version: 8.0 - DiComp) Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.12.4213 - CyberLink Corporation) Acer Crystal Eye webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.96.701.07a - Acer Crystal Eye webcam) Acer Crystal Eye webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.8 - Acer Crystal Eye webcam) Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4012 - ) Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.) Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.) Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4008 - Acer Inc.) Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4008 - Acer Inc.) Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4017 - Acer Inc.) Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.) Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.) Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - ) Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.) Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.20070515 - Acer Inc.) Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader 8.1.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.1 - Adobe Systems Incorporated) AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - ) AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - ) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - Alps Electric) Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft Panorama Maker 6 (HKLM\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft) AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks) Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG) Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Big Kahuna Reef 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}) (Version: - Oberon Media) Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) Crystal Reports Modules (HKLM\...\{957344B3-FD27-45B5-8026-44FEAB0F340A}) (Version: 1.0.0 - ideYAPI LTD.) DATA BECKER 3D Garten Designer 9 (HKLM\...\3D Garten Designer 9_is1) (Version: 9.0 - DATA BECKER GmbH & Co. KG) Denken und Rechnen 2 (HKLM\...\Denken und Rechnen 2) (Version: - ) DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: - ) Dynasty (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}) (Version: - Oberon Media) Free Video Dub version 2.0.22.925 (HKLM\...\Free Video Dub_is1) (Version: 2.0.22.925 - DVDVideoSoft Ltd.) Free YouTube Download version 3.1.42.1212 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.) FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Garmin Communicator Plugin (HKLM\...\{86B879A5-927E-4536-B5FC-17CA96B60078}) (Version: 2.6.4 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.) HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - ) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - ) ideCAD Architektur 5 Demo (HKLM\...\{8CE203AB-DD76-4340-A4BA-DBCCA19027B4}) (Version: 5.49.000 - ) Launch Manager (HKLM\...\LManager) (Version: - ) LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden Luxor 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}) (Version: - Oberon Media) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) meinHausplaner (HKLM\...\meinHausplaner) (Version: - ) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery Case Files - Prime Suspects (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}) (Version: - Oberon Media) Mystery Case Files Ravenhearst (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}) (Version: - Oberon Media) Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon) Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon) NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems) NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation) OpenOffice.org 3.2 (HKLM\...\{2217B0B4-35CB-48C6-B640-864DF2F30F99}) (Version: 3.2.9483 - OpenOffice.org) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.7 - Nikon) Poker Mania (HKLM\...\Poker Mania) (Version: - ) PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074117(3.7)_Vista_Acer - CyberLink Corporation) Protect Disc License Helper 1.0.118 (HKLM\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc) ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5413 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - ) Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung) Sandlot Games Client Services (HKLM\...\Sandlot Games Client Services_is1) (Version: - Sandlot Games) Star Defender 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}) (Version: - Oberon Media) Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM\...\{E8889865-31D8-4BE9-8CE4-20AEF81AD85E}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - S.A.D. GmbH) Treasures of the Deep (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}) (Version: - Oberon Media) Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - ) Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - ) Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - ) ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.6.0 - Nikon) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin) Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{015C652B-6D65-49E9-9A0F-F9A2E1C4678E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{05F12417-022F-4164-8D3E-5F04C787DE31}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{07B2FFC7-FFF6-471C-AEC2-A93478209B06}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{08C5B872-ECA4-11D4-A7B9-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{23C3C2C4-FA91-11D3-A6DC-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{2CC7C7B2-9B2D-11d3-9099-00A0C9E71419}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CAF-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB1-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB3-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB9-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{377EBDC3-D059-11D4-A7A3-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{38F91081-BA6D-4659-BF13-1712E85C953E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3D4F2CB5-268C-4C2D-A055-6D66D527E44D}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3E5BBAF2-F63A-4EB7-A356-9C4BBD494CA9}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3ECFE218-336F-44C8-8911-BB501477F201}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{401643B8-C6EB-11D4-A79B-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{4126E7DD-2705-458D-9459-9AB8C18CDEA1}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{454CC187-E49D-11D3-9CA2-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{479DDB54-7CD7-11D3-A657-00902771E565}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\tslv.dll () CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{660ADE75-F449-11D3-A6D2-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{660ADE77-F449-11D3-A6D2-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{771C41D0-CCB4-456B-AE1E-7CBAE6298B40}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{7DE5C439-9CF2-4761-AFFD-C1A053782B30}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{84663529-9F6C-4C15-9F36-5E3F5FFFD1DA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{86C49566-24FD-487F-8D3A-CFBB1CB240E6}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8D7D6A02-D121-11D4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8D7D6A04-D121-11D4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8E205F3C-52CE-4578-AC81-A7089CDD6073}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{948D9136-1C5A-4C1A-B59D-EBAA269B45E0}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{985E4039-F6AE-11D3-9CB4-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{999BCD90-23D9-4890-948B-D0AE7078CF0A}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\saxmlserialize.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9CD5A7CF-1E0F-48CB-A70A-7B188951D04B}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9DFDA656-6083-4330-A8FA-D538ACBBB172}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B350-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B352-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B357-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B359-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A1F5F582-001B-11D4-A6E1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA692-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA69A-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA69C-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A6584661-F925-11D3-A6D8-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A798775F-0C79-4AFD-A972-B5E8AD6C1ADE}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{B7E8605E-329E-11D4-AAA2-00902741F1FC}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\crqe.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C113DA70-E957-11D3-A6C7-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C978FD27-F390-11D3-A6D1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C978FD29-F390-11D3-A6D1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{CFA1F8B3-46F9-444B-AA19-7A284D008A74}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E092-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E09B-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E09F-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A1-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A3-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A5-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A7-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A9-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D97C7D7D-FF5B-4802-BE3F-D8748E986F7B}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{DBA36674-FB63-11D3-9CB6-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{DBA36678-FB63-11D3-9CB6-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E04F5EF0-FF09-4C86-B0EC-A4EC377C4DCF}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\saxmlserialize.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E69D927A-9686-4CE1-800C-FF739EEC7EB3}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E86BB58D-0A87-4DE2-92F7-E74DA7FEBB3F}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{F986A051-D154-11d4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.) CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{FA189F65-BFB2-4cb7-BC35-0E97F508011E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions) ==================== Restore Points ========================= 15-01-2015 20:35:54 Windows Update 15-01-2015 20:56:42 Windows Update 31-01-2015 10:18:40 Windows Update 05-02-2015 19:27:44 Windows Update 06-02-2015 17:21:19 Removed Java(TM) 6 Update 26 06-02-2015 17:25:17 Removed Linkury Smartbar 06-02-2015 17:27:10 Removed Linkury Smartbar 06-02-2015 17:32:57 Removed Java(TM) 6 Update 26 06-02-2015 17:34:34 Removed Linkury Smartbar 06-02-2015 17:41:32 Revo Uninstaller's restore point - Linkury Smartbar 06-02-2015 17:41:51 Removed Linkury Smartbar ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {166C06E1-F91D-4CB8-B3A3-91DD8FC124DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {1DBC7DE7-C3B3-42CD-A466-FDA8D0999B43} - System32\Tasks\Microsoft\Windows\RestartManager\{2357A169-3205-4d6d-A548-F79A8EB9ECED} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {6825395E-9EE3-4726-BB58-61CF6B2FABB9} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Andreas => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {B2DA1320-4CAA-4C9F-BE59-03B990FD3591} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {D1F3D537-21BC-4FC1-A892-FF6446892A45} - System32\Tasks\{F4D13830-066A-4B6E-81E6-7BE644EDCC8D} => pcalua.exe -a C:\Users\Andreas\AppData\Local\Temp\Temp2_mein_hpl_2008.zip\MEIN_HPL_2008.exe Task: {E2D74F6A-F7CC-4CB4-A6C3-24F63F25301D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {EF1FDE15-725D-45E7-975B-0A8C0192EE0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.) Task: {F6FA62FD-07E0-4660-8737-36157ED84369} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-30] (Google) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2009-08-02 21:43 - 2005-01-06 17:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll 2007-07-28 11:16 - 2007-01-26 13:24 - 00050688 _____ () C:\Acer\ALaunch\ALaunchSvc.exe 2007-07-28 10:55 - 2006-11-24 11:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe 2007-07-28 10:55 - 2006-10-24 09:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll 2007-07-28 10:53 - 2007-01-23 14:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2007-09-07 21:24 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll 2007-09-07 21:24 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2007-07-28 10:38 - 2007-06-28 17:50 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll 2007-04-25 15:30 - 2007-04-25 15:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll 2007-04-25 15:31 - 2007-04-25 15:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll 2007-07-28 10:33 - 2007-02-07 08:25 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll 2007-07-28 10:24 - 2007-06-15 15:15 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll 2007-07-28 10:24 - 2007-06-15 15:47 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll 2007-07-28 10:39 - 2007-06-11 13:54 - 00106496 _____ () C:\Acer\Empowering Technology\eAudio\eAudioUI.dll 2007-07-28 10:39 - 2007-03-22 10:51 - 00003584 _____ () C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll 2007-07-28 10:35 - 2007-04-11 15:42 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll 2007-07-28 10:35 - 2007-04-11 14:07 - 00077824 _____ () C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll 2007-07-28 10:37 - 2007-05-24 08:53 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll 2007-07-28 10:37 - 2007-05-24 08:53 - 00106496 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll 2007-07-28 20:21 - 2007-06-13 15:56 - 00249856 ____R () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll 2007-07-28 10:38 - 2007-06-28 17:50 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll 2009-10-20 20:02 - 2010-05-06 20:50 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Control Panel\Desktop\\Wallpaper -> c:\Windows\Web\wallpaper\Acer01.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-695030953-4224019398-3706738656-500 - Administrator - Disabled) Andreas (S-1-5-21-695030953-4224019398-3706738656-1000 - Administrator - Enabled) => C:\Users\Andreas ASPNET (S-1-5-21-695030953-4224019398-3706738656-1002 - Limited - Enabled) Gast (S-1-5-21-695030953-4224019398-3706738656-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/06/2015 07:02:34 PM) (Source: Avira Service Host) (EventID: 0) (User: ) Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription) bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (02/06/2015 05:41:31 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005. Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {76884a30-9290-4e7b-84cd-d09503961cd0} Error: (02/06/2015 04:55:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung avira_de.exe, Version 1.1.29.22350, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2431.0, Zeitstempel 0x54a3de01, Ausnahmecode 0xc0000005, Fehleroffset 0x00005689, Prozess-ID 0x1508, Anwendungsstartzeit avira_de.exe0. Error: (01/31/2015 04:23:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Runtime.InteropServices.COMException Stapel: bei System.Windows.Media.Composition.DUCE+Channel.SyncFlush() bei System.Windows.Media.MediaContext.CompleteRender() bei System.Windows.Interop.HwndTarget.OnResize() bei System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr) bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei System.Windows.Forms.UnsafeNativeMethods.GetMessageW(MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form) bei Avira.OE.Systray.Program.Main(System.String[]) Error: (01/31/2015 04:22:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e34 Anfangszeit: 01d03d67f4e0bef0 Zeitpunkt der Beendigung: 513 Error: (01/31/2015 10:38:14 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Andreas-PC) Description: 0Avira.OE.ServiceHost.exeAvira Service Host03026216123682343003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530070006500650064007500700043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530065007200760069006300650048006F00730074002E00650078006500000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072004E00610074006900760065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00440072006F00700062006F00780043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C0057006500620053006F0063006B006500740034004E00650074002E0064006C006C00000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D0073007600630070003100320030002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E0043006F006D006D0075006E0069006300610074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00640065002D00440045005C00410076006900720061002E004F0045002E00530065007200760069006300650048006F00730074002E007200650073006F00750072006300650073002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C004E004C006F0067002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004E006100740069007600650043006F00720065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530070006500650064007500700043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C004D0069007800700061006E0065006C002E004E00450054002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00420072006F00770073006500720045007800740065006E00730069006F006E0043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00570069006E0043006F00720065002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C0049006F006E00690063002E005A00690070002E0052006500640075006300650064002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00530065007200760069006300650053007400610063006B002E0054006500780074002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00440072006F00700062006F00780043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00570069006E0043006F00720065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E0043006F006D006D0075006E0069006300610074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00530079007300740065006D002E0044006100740061002E00530051004C006900740065002E0064006C006C00000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D0073007600630072003100320030002E0064006C006C000000 Error: (01/31/2015 10:21:33 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Runtime.InteropServices.COMException Stapel: bei System.Windows.Media.Composition.DUCE+Channel.SyncFlush() bei System.Windows.Media.MediaContext.CompleteRender() bei System.Windows.Interop.HwndTarget.OnResize() bei System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr) bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei System.Windows.Forms.UnsafeNativeMethods.GetMessageW(MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form) bei Avira.OE.Systray.Program.Main(System.String[]) Error: (01/31/2015 10:08:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung PackerV2.exe, Version 2.1.1615.1214, Zeitstempel 0x548d9b76, fehlerhaftes Modul PackerV2.exe, Version 2.1.1615.1214, Zeitstempel 0x548d9b76, Ausnahmecode 0xc0000005, Fehleroffset 0x00033793, Prozess-ID 0xd2c, Anwendungsstartzeit PackerV2.exe0. Error: (01/31/2015 10:06:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung Avira.OE.Setup.Bundle.exe, Version 1.1.27.25527, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2028.0, Zeitstempel 0x5458d5e9, Ausnahmecode 0xc0000005, Fehleroffset 0x00005600, Prozess-ID 0xa9c, Anwendungsstartzeit Avira.OE.Setup.Bundle.exe0. Error: (01/15/2015 09:13:29 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 System errors: ============= Error: (02/06/2015 07:06:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86 Error: (02/06/2015 07:02:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (02/06/2015 06:02:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (02/06/2015 05:59:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Softwarelizenzierung11200001Neustart des Diensts Error: (02/06/2015 05:59:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Avira Service Host1100001Neustart des Diensts Error: (02/06/2015 05:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Windows Presentation Foundation Font Cache 4.0.0.0101Neustart des Diensts Error: (02/06/2015 05:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Windows Search1300001Neustart des Diensts Error: (02/06/2015 05:59:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: ALaunch Service1 Error: (02/06/2015 05:59:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: ePower Service1 Error: (02/06/2015 05:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: eSettings Service1600001Neustart des Diensts Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-02-06 19:18:19.479 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-06 19:18:18.559 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-06 19:18:17.623 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-06 19:18:16.671 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-06 19:18:15.501 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-06 19:18:14.565 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-06 19:18:13.629 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-06 19:18:12.662 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-06 19:17:28.763 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-06 19:17:27.890 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-52 Percentage of memory in use: 61% Total physical RAM: 1790.19 MB Available physical RAM: 692.31 MB Total Pagefile: 3828.9 MB Available Pagefile: 2128.81 MB Total Virtual: 2047.88 MB Available Virtual: 1906.94 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:18.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:21.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149.1 GB) (Disk ID: B5BBB0F3) Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27) Partition 2: (Active) - (Size=69.8 GB) - (Type=06) Partition 3: (Not Active) - (Size=69.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Das sind ne Menge Daten. Ich hoffe ich habe nichts vergessen. Sollte man evtl. mit den Programmen AdwCleaner und Malwarebytes Anti-Malware regelmäßig einen Scan vom dem System machen lassen? Ich habe noch eine externe Festplatte. Die hängt aber nur sporadisch am Rechner. Sollte man da auch mal suchen lassen? Viele Grüße Andreas |
07.02.2015, 01:57 | #10 |
Ruhe in Frieden † 2019 | Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Andreas, bitte schau noch mal in Malwarebytes nach dem Suchlaufsprotokoll, das ist das Schutzprotokoll. Dann fehlt mir noch die aktuelle FRST.txt und du hattest da tatsächlich mal Spyeye drauf, Der lief aber grad nicht mehr. Schritt 1
Schritt 2 FRST.txt posten Schritt 3 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter cmd: dir c:\syscheckrt /s Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
07.02.2015, 17:02 | #11 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Sandra, hier nun die FRSt.txt von gestern. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015 Ran by Andreas (administrator) on ANDREAS-PC on 06-02-2015 19:16:48 Running from C:\Users\Andreas\Desktop Loaded Profiles: Andreas (Available profiles: Andreas) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Acer\ALaunch\ALaunchSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe (HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Acer\Mobility Center\MobilityService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Realtek Semiconductor Corp.) C:\Users\Andreas\AppData\Local\Temp\RtkBtMnt.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [ALaunch] => C:\Acer\ALaunch\AlaunchClient.exe HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4468736 2007-05-18] (Realtek Semiconductor) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST) HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-03-08] (Adobe Systems Incorporated) HKLM\...\Run: [Acer Tour] => [X] HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [752136 2007-06-27] (Dritek System Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.) HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.) HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.) HKLM\...\Run: [SetPanel] => C:\Acer\APanel\APanel.cmd HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-18] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371712 2009-07-15] (shbox.de) HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [Acer Tour Reminder] => [X] HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-06-23] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.) Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll (HiTRUST) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default FF NewTab: about:blank FF DefaultSearchUrl: FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @protectdisc.com/NPPDLicenseHelper -> C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Avira Browser Safety - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\abs@avira.com [2015-02-05] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-28] Chrome: ======= CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-29] CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05] CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-29] CHR Extension: (Google-Suche) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-29] CHR Extension: (Avira Browserschutz) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-29] CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29] CHR Extension: (Google Mail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-29] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG) R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-01-08] (DATA BECKER GmbH & Co KG) [File not signed] R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT) R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed] R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) [File not signed] R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) [File not signed] R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) [File not signed] S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-29] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-29] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG) R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [767664 2007-05-28] (Bison Electronics. Inc. ) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-28] (NewTech Infosystems, Inc.) [File not signed] R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 19:15 - 2015-02-06 19:15 - 00004207 _____ () C:\Users\Andreas\Desktop\mbam.txt 2015-02-06 18:18 - 2015-02-06 19:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-06 18:18 - 2015-02-06 18:21 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-06 18:18 - 2015-02-06 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-06 18:18 - 2015-02-06 18:21 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-02-06 18:18 - 2015-02-06 18:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-06 18:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-06 18:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-06 18:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-06 18:15 - 2015-02-06 18:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-06 18:08 - 2015-02-06 18:08 - 00020449 _____ () C:\Users\Andreas\Desktop\AdwCleaner[S0].txt 2015-02-06 18:07 - 2015-02-06 18:07 - 00001006 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-02-06 17:51 - 2015-02-06 17:59 - 00000000 ____D () C:\AdwCleaner 2015-02-06 17:51 - 2015-02-06 17:51 - 02112512 _____ () C:\Users\Andreas\Downloads\AdwCleaner_4.110.exe 2015-02-06 17:39 - 2015-02-06 17:39 - 00001061 _____ () C:\Users\Andreas\Desktop\Revo Uninstaller.lnk 2015-02-06 17:39 - 2015-02-06 17:39 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-02-06 17:38 - 2015-02-06 17:38 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andreas\Downloads\revosetup95.exe 2015-02-06 17:14 - 2015-02-06 17:14 - 00000000 ____D () C:\Users\Andreas\Desktop\FRST-OlderVersion 2015-02-05 19:24 - 2015-02-06 17:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-31 17:19 - 2015-01-31 17:21 - 00055491 _____ () C:\Users\Andreas\Desktop\Addition.txt 2015-01-31 17:17 - 2015-02-06 19:17 - 00018861 _____ () C:\Users\Andreas\Desktop\FRST.txt 2015-01-31 17:14 - 2015-02-06 19:16 - 00000000 ____D () C:\FRST 2015-01-31 17:13 - 2015-02-06 17:14 - 01123328 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe 2015-01-31 16:30 - 2015-01-31 16:30 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe 2015-01-31 16:29 - 2015-01-31 16:30 - 00050477 _____ () C:\Users\Andreas\Downloads\Defogger.exe 2015-01-15 17:52 - 2015-01-15 17:52 - 138300268 _____ () C:\Windows\MEMORY.DMP 2015-01-15 17:52 - 2015-01-15 17:52 - 00138096 _____ () C:\Windows\Minidump\Mini011515-01.dmp 2015-01-15 17:52 - 2015-01-15 17:52 - 00000000 ____D () C:\Windows\Minidump ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 19:13 - 2007-09-07 21:13 - 01652674 _____ () C:\Windows\WindowsUpdate.log 2015-02-06 19:07 - 2009-05-02 21:20 - 00262133 _____ () C:\ProgramData\nvModes.001 2015-02-06 19:03 - 2010-04-27 16:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-06 19:02 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-06 19:02 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-06 19:02 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-06 19:01 - 2007-07-28 11:05 - 00233674 _____ () C:\Windows\PFRO.log 2015-02-06 19:00 - 2006-11-02 14:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-06 18:56 - 2010-04-27 16:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-06 18:07 - 2014-08-20 10:14 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-06 18:07 - 2012-12-23 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-06 18:06 - 2012-12-23 15:13 - 00000000 ____D () C:\Program Files\Avira 2015-02-06 18:02 - 2012-09-26 16:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-06 18:01 - 2013-12-24 12:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-02-06 17:59 - 2013-01-07 13:25 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-02-06 17:30 - 2007-07-28 10:52 - 00000000 ____D () C:\Program Files\Acer Arcade Deluxe 2015-02-06 17:30 - 2007-07-28 09:32 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-02-06 17:06 - 2012-09-13 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-06 17:06 - 2012-09-13 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-31 17:39 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-01-31 16:59 - 2014-10-29 12:33 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-31 12:19 - 2011-01-12 20:59 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-01-16 02:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\uk-UA 2015-01-15 21:13 - 2013-09-01 17:59 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 20:57 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-01-15 20:53 - 2008-11-10 10:14 - 00000000 ____D () C:\DVDVideoSoft 2015-01-15 20:53 - 2008-11-10 10:10 - 00000000 ____D () C:\Users\Andreas\Documents\DVDVideoSoft 2015-01-15 18:33 - 2007-10-17 21:05 - 00074240 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-15 18:06 - 2006-11-02 11:33 - 01643124 _____ () C:\Windows\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2014-03-04 18:55 - 2014-03-04 18:55 - 49940480 _____ () C:\Program Files\GUTAD6E.tmp 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Galaxy Swirl 2012-11-03 22:54 - 2012-11-03 22:54 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Gems 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Generic 2012-11-03 22:50 - 2012-11-03 22:50 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Hip Hop 2007-10-17 21:49 - 2009-05-02 21:14 - 0027525 _____ () C:\Users\Andreas\AppData\Roaming\nvModes.001 2007-10-17 21:46 - 2008-11-10 18:07 - 0027525 _____ () C:\Users\Andreas\AppData\Roaming\nvModes.dat 2007-10-17 20:22 - 2013-12-20 20:20 - 0004180 _____ () C:\Users\Andreas\AppData\Roaming\wklnhst.dat 2007-10-22 20:35 - 2012-02-22 20:41 - 0000680 _____ () C:\Users\Andreas\AppData\Local\d3d9caps.dat 2007-10-17 21:05 - 2015-01-15 18:33 - 0074240 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2008-08-17 14:00 - 2008-08-17 14:00 - 0000095 _____ () C:\Users\Andreas\AppData\Local\fusioncache.dat 2007-11-06 20:40 - 2007-11-06 20:40 - 0000305 _____ () C:\ProgramData\addr_file.html 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\ProgramData\Grapher 2012-11-03 22:54 - 2012-11-03 22:54 - 0000268 ___RH () C:\ProgramData\Graphics 2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\ProgramData\Guides 2012-11-03 22:50 - 2012-11-03 22:50 - 0000268 ___RH () C:\ProgramData\Horns 2009-05-02 21:20 - 2015-02-06 19:07 - 0262133 _____ () C:\ProgramData\nvModes.001 2009-05-02 21:20 - 2014-12-20 20:15 - 0262133 _____ () C:\ProgramData\nvModes.dat 2012-11-03 22:50 - 2012-11-03 22:51 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2012-11-03 22:54 - 2014-11-04 22:36 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2012-11-03 22:52 - 2014-11-16 21:40 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2012-11-03 22:52 - 2012-11-03 23:23 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\Andreas\AppData\Local\Temp\avgnt.exe C:\Users\Andreas\AppData\Local\Temp\PicasaUpdater_3904.exe C:\Users\Andreas\AppData\Local\Temp\PicasaUpdater_6e78.exe C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe C:\Users\Andreas\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll C:\Users\Andreas\AppData\Local\Temp\vlc-2.1.2-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-06 19:11 ==================== End Of Log ============================ In Malwarebytes sind jetzt 2 Protokolle. Das letzte ist von Heute. Wird jetzt täglich gescant? Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 07.02.2015 16:06:12, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, Protection, 07.02.2015 16:06:12, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, Protection, 07.02.2015 16:06:12, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 07.02.2015 16:09:07, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-02-2015 Ran by Andreas at 2015-02-07 16:42:47 Run:2 Running from C:\Users\Andreas\Desktop Loaded Profiles: Andreas (Available profiles: Andreas) Boot Mode: Normal ============================================== Content of fixlist: ***************** cmd: dir c:\syscheckrt /s ***************** ========= dir c:\syscheckrt /s ========= Datentr�ger in Laufwerk C: ist ACER Volumeseriennummer: 382D-A49E Datei nicht gefunden ========= End of CMD: ========= ==== End of Fixlog 16:49:08 ==== |
07.02.2015, 23:13 | #12 |
Ruhe in Frieden † 2019 | Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo, der Ordner ist leer, war also wirklich nur ein Überbleibsel einer früheren Infektion. Können wir löschen. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter c:\syscheckrt Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Bitte schau nochmal bei Malwarebytes nach dem Log, dieses ist das Schutzprotokoll, Ich brauch das Suchlaufsprotokoll. Du hast jetzt halt nen Echtzeitscanner, da ist das normal, dass der im Hintergrund vor sich hinwerkelt.
|
08.02.2015, 13:44 | #13 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Sandra, hier die Logs Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-02-2015 Ran by Andreas at 2015-02-08 13:27:21 Run:3 Running from C:\Users\Andreas\Desktop Loaded Profiles: Andreas (Available profiles: Andreas) Boot Mode: Normal ============================================== Content of fixlist: ***************** c:\syscheckrt ***************** "c:\syscheckrt" => File/Directory not found. ==== End of Fixlog 13:27:21 ==== Bei mbam bin ich mir nicht sicher, ob das immer das richtige ist. Da steht Schutzprotokoll nicht Suchlaufsprotokoll (s. Anhang) mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 08.02.2015 13:04:50, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, Protection, 08.02.2015 13:04:50, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, Protection, 08.02.2015 13:04:50, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, Protection, 08.02.2015 13:07:27, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, (end) Ciao Andreas |
09.02.2015, 22:46 | #14 |
Ruhe in Frieden † 2019 | Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo, gut, die ist anscheinend von AVira schon beseitigt worden. Ja das Malwarebyteslog ist das Schutzlog, kannst du nochmal einen Scan nach der Anleitung machen und schauen, ob du nun ein Log bekommst? Schritt 1 Downloade Dir bitte Malwarebytes Anti-Malware
|
10.02.2015, 18:12 | #15 |
| Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt Hallo Sandra, hier das Suchlaufsprotokoll. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.02.2015 Suchlauf-Zeit: 17:02:45 Logdatei: mbam Suchlauflog 10_02.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.10.09 Rootkit Datenbank: v2015.02.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Andreas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 313436 Verstrichene Zeit: 25 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 2 PUP.Optional.SweetPacks.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\SweetPacksToolbarData, , [6a67d646b2d877bf1862d8ab1be8df21], PUP.Optional.SweetPacks.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\SweetPacksToolbarData\logs, , [6a67d646b2d877bf1862d8ab1be8df21], Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Ciao Andreas |
Themen zu Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt |
antivir, automatisch, avira, bli, blinkt, dateien, dezember, festgestellt, heutige, infiziert, kostenlose, meldung, ms04-28.jpeg.a, nicht mehr, quarantäne, report, scan, schädlich, tr/eyestye.b.cfg.59, troja, trojaner, trojaner?, version, virenscan, virus, windows, wirklich |