Windows Befehlsprozessor Blinkt , TR/EyeStye.B.cfg.59 festgestellt

Hannibal_2 · 31.01.2015, 17:05

Hallo,

seit Dezember blinkt bei mir der Windows Befehlsprozessor am unteren Bildrand. Avira (kostenlose Version) hat im Dezember einen Trojaner TR/EyeStye.B.cfg.59 und einen Virus EXP/ MS04-28.JPEG.A festgestellt und in Quarantäne veschoben.
Der Windows Befehlsprozessor blinkt immernoch.
Der Report von Antivir wurde leider automatisch nach 30 Tagen gelöscht.

Bei dem heutigen Virenscan kam die Meldung:
kein Virus gefunden
versteckte Objekte 1.

Woher weiß ich jetzt, ob ich wirklich nicht mehr infiziert bin? Die Dateien sind ja noch in Quarantäne und der Befehlsprozessor blinkt auch noch.
Wie schädlich ist der festgestellte Trojaner?

Bootsektor · 31.01.2015, 17:07

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hannibal_2 · 31.01.2015, 17:29

Hallo Sandra,
das war ja eine schnelle Antwort. Vielen Dank für Deine Hilfe
Ich habe das Farbar's Recovery Scan Tool herutergeladen.

Hier die FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015 01
Ran by Andreas (administrator) on ANDREAS-PC on 31-01-2015 17:17:15
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available profiles: Andreas)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Acer\ALaunch\ALaunchSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Smartbar) C:\Users\Andreas\AppData\Local\Smartbar\Application\Linkury.exe
() C:\Users\Andreas\AppData\Local\Temp\Shuka\UACGetter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Realtek Semiconductor Corp.) C:\Users\Andreas\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ALaunch] => C:\Acer\ALaunch\AlaunchClient.exe
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4468736 2007-05-18] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-03-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acer Tour] => [X]
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [752136 2007-06-27] (Dritek System Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [206952 2007-05-24] (CyberLink Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [SetPanel] => C:\Acer\APanel\APanel.cmd
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371712 2009-07-15] (shbox.de)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [Acer Tour Reminder] => [X]
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-06-23] (Google Inc.)
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Andreas\AppData\Local\Smartbar\Application\Linkury.exe [20248 2013-06-05] (Smartbar)
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [cmd] => C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe [5165056 2014-12-14] (Packer Framework) <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk
ShortcutTarget: PackerV2.exe.lnk -> C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe (Packer Framework)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={45BD610B-5421-4D88-B479-8A1A17FF0E4B}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={45BD610B-5421-4D88-B479-8A1A17FF0E4B}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
BHO: Yahoo! Toolbar Helper -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AskBar BHO -> {201f27d4-3704-41d6-89c1-aa35e39143ed} -> C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
BHO: Linkury SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll (HiTRUST)
BHO: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKLM - Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> Ask Toolbar - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
Toolbar: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default
FF NewTab: hxxp://home.sweetim.com/?src=97&barid={45BD610B-5421-4D88-B479-8A1A17FF0E4B}
FF DefaultSearchEngine: Web Search
FF DefaultSearchUrl: 
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @protectdisc.com/NPPDLicenseHelper -> C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\searchplugins\Web Search.xml
FF Extension: Avira Browser Safety - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\abs@avira.com [2015-01-31]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-28]
FF Extension: Linkury Smartbar - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f} [2013-09-23]
FF Extension: Torntv - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\torntv@torntv.com.xpi [2013-01-05]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-01-05]

Chrome: 
=======
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-29]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-29]
CHR Extension: (Google-Suche) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-29]
CHR Extension: (Avira Browserschutz) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-29]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Extension: (Google Mail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-01-08] (DATA BECKER GmbH & Co KG) [File not signed]
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) [File not signed]
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [767664 2007-05-28] (Bison Electronics. Inc. )
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-28] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 17:17 - 2015-01-31 17:19 - 00024882 _____ () C:\Users\Andreas\Desktop\FRST.txt
2015-01-31 17:14 - 2015-01-31 17:17 - 00000000 ____D () C:\FRST
2015-01-31 17:13 - 2015-01-31 17:13 - 01122304 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2015-01-31 16:30 - 2015-01-31 16:30 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2015-01-31 16:29 - 2015-01-31 16:30 - 00050477 _____ () C:\Users\Andreas\Downloads\Defogger.exe
2015-01-31 10:39 - 2015-01-31 10:39 - 00001006 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-15 17:52 - 2015-01-15 17:52 - 138300268 _____ () C:\Windows\MEMORY.DMP
2015-01-15 17:52 - 2015-01-15 17:52 - 00138096 _____ () C:\Windows\Minidump\Mini011515-01.dmp
2015-01-15 17:52 - 2015-01-15 17:52 - 00000000 ____D () C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 17:02 - 2012-09-26 16:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 16:59 - 2014-10-29 12:33 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-31 16:59 - 2010-04-27 16:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 16:22 - 2007-09-07 21:13 - 01433386 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 16:21 - 2009-05-02 21:20 - 00262133 _____ () C:\ProgramData\nvModes.001
2015-01-31 16:10 - 2010-04-27 16:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 16:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 16:08 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 16:08 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 14:01 - 2006-11-02 14:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-31 12:19 - 2011-01-12 20:59 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-31 12:03 - 2012-09-13 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-31 12:03 - 2012-09-13 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-31 10:41 - 2014-08-20 10:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:39 - 2012-12-23 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:39 - 2012-12-23 15:13 - 00000000 ____D () C:\Program Files\Avira
2015-01-16 02:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-01-15 21:13 - 2013-09-01 17:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 20:57 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-15 20:53 - 2008-11-10 10:14 - 00000000 ____D () C:\DVDVideoSoft
2015-01-15 20:53 - 2008-11-10 10:10 - 00000000 ____D () C:\Users\Andreas\Documents\DVDVideoSoft
2015-01-15 18:33 - 2007-10-17 21:05 - 00074240 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 18:06 - 2006-11-02 11:33 - 01643124 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 18:11 - 2013-07-31 19:42 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2015-01-02 16:45 - 2013-08-04 13:50 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\HandBrake

==================== Files in the root of some directories =======

2014-03-04 18:55 - 2014-03-04 18:55 - 49940480 _____ () C:\Program Files\GUTAD6E.tmp
2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Galaxy Swirl
2012-11-03 22:54 - 2012-11-03 22:54 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Gems
2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Generic
2012-11-03 22:50 - 2012-11-03 22:50 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Hip Hop
2007-10-17 21:49 - 2009-05-02 21:14 - 0027525 _____ () C:\Users\Andreas\AppData\Roaming\nvModes.001
2007-10-17 21:46 - 2008-11-10 18:07 - 0027525 _____ () C:\Users\Andreas\AppData\Roaming\nvModes.dat
2007-10-17 20:22 - 2013-12-20 20:20 - 0004180 _____ () C:\Users\Andreas\AppData\Roaming\wklnhst.dat
2007-10-22 20:35 - 2012-02-22 20:41 - 0000680 _____ () C:\Users\Andreas\AppData\Local\d3d9caps.dat
2007-10-17 21:05 - 2015-01-15 18:33 - 0074240 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-17 14:00 - 2008-08-17 14:00 - 0000095 _____ () C:\Users\Andreas\AppData\Local\fusioncache.dat
2007-11-06 20:40 - 2007-11-06 20:40 - 0000305 _____ () C:\ProgramData\addr_file.html
2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\ProgramData\Grapher
2012-11-03 22:54 - 2012-11-03 22:54 - 0000268 ___RH () C:\ProgramData\Graphics
2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\ProgramData\Guides
2012-11-03 22:50 - 2012-11-03 22:50 - 0000268 ___RH () C:\ProgramData\Horns
2009-05-02 21:20 - 2015-01-31 16:21 - 0262133 _____ () C:\ProgramData\nvModes.001
2009-05-02 21:20 - 2014-12-20 20:15 - 0262133 _____ () C:\ProgramData\nvModes.dat
2012-11-03 22:50 - 2012-11-03 22:51 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2012-11-03 22:54 - 2014-11-04 22:36 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2012-11-03 22:52 - 2014-11-16 21:40 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2012-11-03 22:52 - 2012-11-03 23:23 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Files to move or delete:
====================
C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe


Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\PicasaUpdater_3904.exe
C:\Users\Andreas\AppData\Local\Temp\PicasaUpdater_6e78.exe
C:\Users\Andreas\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Andreas\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 16:27

==================== End Of Log ============================

--- --- ---

--- --- ---

hier

Die Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-01-2015 01
Ran by Andreas at 2015-01-31 17:19:32
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D-Garten 8.0 (HKLM\...\{554A4E80-0002-2006-0407-11FF59A27A18}) (Version: 8.0 - DiComp)
Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.12.4213 - CyberLink Corporation)
Acer Crystal Eye webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.96.701.07a - Acer Crystal Eye webcam)
Acer Crystal Eye webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.8 - Acer Crystal Eye webcam)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4012 - )
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4008 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4008 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4017 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.20070515 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader 8.1.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.1 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - Alps Electric)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Ask Toolbar (HKLM\...\Ask Toolbar_is1) (Version: 4.1.0.2 - Ask.com) <==== ATTENTION
AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Big Kahuna Reef 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}) (Version:  - Oberon Media)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Crystal Reports Modules (HKLM\...\{957344B3-FD27-45B5-8026-44FEAB0F340A}) (Version: 1.0.0 - ideYAPI LTD.)
DATA BECKER 3D Garten Designer 9 (HKLM\...\3D Garten Designer 9_is1) (Version: 9.0 - DATA BECKER GmbH & Co. KG)
Denken und Rechnen 2 (HKLM\...\Denken und Rechnen 2) (Version:  - )
DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version:  - )
Dynasty (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}) (Version:  - Oberon Media)
Free Video Dub version 2.0.22.925 (HKLM\...\Free Video Dub_is1) (Version: 2.0.22.925 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.1.42.1212 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Garmin Communicator Plugin (HKLM\...\{86B879A5-927E-4536-B5FC-17CA96B60078}) (Version: 2.6.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
ideCAD Architektur 5 Demo (HKLM\...\{8CE203AB-DD76-4340-A4BA-DBCCA19027B4}) (Version: 5.49.000 - )
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Linkury Smartbar (HKLM\...\{F04C4F83-D9C7-408C-9DEB-D5526E72108C}) (Version: 1.24.22.10764 - Linkury Inc.) <==== ATTENTION
Linkury Smartbar Engine (HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\{4beb1bf6-f4a3-4bb0-9820-54dd42bfad8b}) (Version: 1.24.22.10764 - Linkury Inc.) <==== ATTENTION
Luxor 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}) (Version:  - Oberon Media)
meinHausplaner (HKLM\...\meinHausplaner) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Prime Suspects (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}) (Version:  - Oberon Media)
Mystery Case Files Ravenhearst (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}) (Version:  - Oberon Media)
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM\...\{2217B0B4-35CB-48C6-B640-864DF2F30F99}) (Version: 3.2.9483 - OpenOffice.org)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.7 - Nikon)
Poker Mania (HKLM\...\Poker Mania) (Version:  - )
PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074117(3.7)_Vista_Acer - CyberLink Corporation)
Protect Disc License Helper 1.0.118 (HKLM\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5413 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung)
Sandlot Games Client Services (HKLM\...\Sandlot Games Client Services_is1) (Version:  - Sandlot Games)
Star Defender 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}) (Version:  - Oberon Media)
SweetIM Bundle by SweetPacks (HKLM\...\SweetIM Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION
SweetIM for Messenger 3.7 (Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM\...\{E8889865-31D8-4BE9-8CE4-20AEF81AD85E}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - S.A.D. GmbH)
Toolbar 4.7 by SweetPacks (Version: 4.7.0004 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
Treasures of the Deep (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}) (Version:  - Oberon Media)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
Update Manager for SweetPacks 1.1 (Version: 1.1.0008 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.6.0 - Nikon)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )
Yahoo! Toolbar mit Pop-Up-Blocker (HKLM\...\Yahoo! Companion) (Version:  - )
Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{015C652B-6D65-49E9-9A0F-F9A2E1C4678E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{05F12417-022F-4164-8D3E-5F04C787DE31}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{07B2FFC7-FFF6-471C-AEC2-A93478209B06}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{08C5B872-ECA4-11D4-A7B9-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{23C3C2C4-FA91-11D3-A6DC-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{2CC7C7B2-9B2D-11d3-9099-00A0C9E71419}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CAF-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB1-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB3-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB9-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{377EBDC3-D059-11D4-A7A3-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{38F91081-BA6D-4659-BF13-1712E85C953E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3D4F2CB5-268C-4C2D-A055-6D66D527E44D}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3E5BBAF2-F63A-4EB7-A356-9C4BBD494CA9}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3ECFE218-336F-44C8-8911-BB501477F201}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{401643B8-C6EB-11D4-A79B-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{4126E7DD-2705-458D-9459-9AB8C18CDEA1}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{454CC187-E49D-11D3-9CA2-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{479DDB54-7CD7-11D3-A657-00902771E565}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\tslv.dll ()
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{660ADE75-F449-11D3-A6D2-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{660ADE77-F449-11D3-A6D2-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{771C41D0-CCB4-456B-AE1E-7CBAE6298B40}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{7DE5C439-9CF2-4761-AFFD-C1A053782B30}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{84663529-9F6C-4C15-9F36-5E3F5FFFD1DA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{86C49566-24FD-487F-8D3A-CFBB1CB240E6}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8D7D6A02-D121-11D4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8D7D6A04-D121-11D4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8E205F3C-52CE-4578-AC81-A7089CDD6073}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{948D9136-1C5A-4C1A-B59D-EBAA269B45E0}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{985E4039-F6AE-11D3-9CB4-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{999BCD90-23D9-4890-948B-D0AE7078CF0A}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\saxmlserialize.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9CD5A7CF-1E0F-48CB-A70A-7B188951D04B}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9DFDA656-6083-4330-A8FA-D538ACBBB172}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B350-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B352-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B357-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B359-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A1F5F582-001B-11D4-A6E1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA692-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA69A-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA69C-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A6584661-F925-11D3-A6D8-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A798775F-0C79-4AFD-A972-B5E8AD6C1ADE}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{B7E8605E-329E-11D4-AAA2-00902741F1FC}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\crqe.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C113DA70-E957-11D3-A6C7-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C978FD27-F390-11D3-A6D1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C978FD29-F390-11D3-A6D1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{CFA1F8B3-46F9-444B-AA19-7A284D008A74}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E092-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E09B-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E09F-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A1-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A3-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A5-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A7-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A9-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D97C7D7D-FF5B-4802-BE3F-D8748E986F7B}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{DBA36674-FB63-11D3-9CB6-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{DBA36678-FB63-11D3-9CB6-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E04F5EF0-FF09-4C86-B0EC-A4EC377C4DCF}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\saxmlserialize.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E69D927A-9686-4CE1-800C-FF739EEC7EB3}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E86BB58D-0A87-4DE2-92F7-E74DA7FEBB3F}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{F986A051-D154-11d4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{FA189F65-BFB2-4cb7-BC35-0E97F508011E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions)

==================== Restore Points  =========================

16-11-2014 16:11:19 Windows Update
16-11-2014 16:16:28 Windows Update
26-11-2014 20:45:27 Windows Update
17-12-2014 19:01:32 Windows Update
20-12-2014 18:46:49 Windows Update
15-01-2015 20:35:54 Windows Update
15-01-2015 20:56:42 Windows Update
31-01-2015 10:18:40 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {166C06E1-F91D-4CB8-B3A3-91DD8FC124DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1DBC7DE7-C3B3-42CD-A466-FDA8D0999B43} - System32\Tasks\Microsoft\Windows\RestartManager\{2357A169-3205-4d6d-A548-F79A8EB9ECED} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {814EC4EC-65A3-4C83-AD2D-3BAE05E8E904} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Andreas => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {B2DA1320-4CAA-4C9F-BE59-03B990FD3591} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {D1F3D537-21BC-4FC1-A892-FF6446892A45} - System32\Tasks\{F4D13830-066A-4B6E-81E6-7BE644EDCC8D} => pcalua.exe -a C:\Users\Andreas\AppData\Local\Temp\Temp2_mein_hpl_2008.zip\MEIN_HPL_2008.exe
Task: {E2D74F6A-F7CC-4CB4-A6C3-24F63F25301D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {EF1FDE15-725D-45E7-975B-0A8C0192EE0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {F6FA62FD-07E0-4660-8737-36157ED84369} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-30] (Google)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-08-02 21:43 - 2005-01-06 17:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2007-07-28 11:16 - 2007-01-26 13:24 - 00050688 _____ () C:\Acer\ALaunch\ALaunchSvc.exe
2007-07-28 10:55 - 2006-11-24 11:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe
2007-07-28 10:55 - 2006-10-24 09:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2007-07-28 10:53 - 2007-01-23 14:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2007-09-07 21:24 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2007-09-07 21:24 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2007-07-28 10:38 - 2007-06-28 17:50 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00081920 _____ () C:\Acer\Empowering Technology\eSettings\Service\INT15.dll
2007-04-25 15:30 - 2007-04-25 15:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll
2007-04-25 15:31 - 2007-04-25 15:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll
2007-07-28 10:33 - 2007-02-07 08:25 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2007-07-28 18:01 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00032024 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00051480 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00149784 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00111896 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 01725208 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00078104 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00012568 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00729368 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00081176 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00013592 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00016152 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00019736 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00021272 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00057112 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00013592 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00014104 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00051480 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-06-05 14:01 - 2013-06-05 14:01 - 00047384 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-06-05 14:01 - 2013-06-05 14:01 - 00025368 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00245528 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll
2013-06-05 14:03 - 2013-06-05 14:03 - 00025368 _____ () C:\Users\Andreas\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-12-14 14:36 - 2014-12-14 14:36 - 00193536 _____ () C:\Users\Andreas\AppData\Local\Temp\Shuka\UACGetter.exe
2007-07-28 10:24 - 2007-06-15 15:15 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2007-07-28 10:24 - 2007-06-15 15:47 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2007-07-28 10:39 - 2007-06-11 13:54 - 00106496 _____ () C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
2007-07-28 10:39 - 2007-03-22 10:51 - 00003584 _____ () C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll
2007-07-28 10:35 - 2007-04-11 15:42 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2007-07-28 10:35 - 2007-04-11 14:07 - 00077824 _____ () C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
2007-07-28 10:37 - 2007-05-24 08:53 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2007-07-28 10:37 - 2007-05-24 08:53 - 00106496 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2007-07-28 20:21 - 2007-06-13 15:56 - 00249856 ____R () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Library.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00126976 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.View.resources.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00007680 _____ () C:\Acer\Empowering Technology\eSettings\DXNativeIface.dll
2009-10-20 20:02 - 2010-05-06 20:50 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-06-29 12:57 - 2014-06-29 12:58 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-31 12:03 - 2015-01-31 12:03 - 16844976 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:375A40C3
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-695030953-4224019398-3706738656-500 - Administrator - Disabled)
Andreas (S-1-5-21-695030953-4224019398-3706738656-1000 - Administrator - Enabled) => C:\Users\Andreas
ASPNET (S-1-5-21-695030953-4224019398-3706738656-1002 - Limited - Enabled)
Gast (S-1-5-21-695030953-4224019398-3706738656-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 04:23:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
   bei System.Windows.Media.Composition.DUCE+Channel.SyncFlush()
   bei System.Windows.Media.MediaContext.CompleteRender()
   bei System.Windows.Interop.HwndTarget.OnResize()
   bei System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei System.Windows.Forms.UnsafeNativeMethods.GetMessageW(MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form)
   bei Avira.OE.Systray.Program.Main(System.String[])

Error: (01/31/2015 04:22:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: e34
Anfangszeit: 01d03d67f4e0bef0
Zeitpunkt der Beendigung: 513

Error: (01/31/2015 10:38:14 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Andreas-PC)
Description: 0Avira.OE.ServiceHost.exeAvira Service Host03026216123682343003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530070006500650064007500700043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530065007200760069006300650048006F00730074002E00650078006500000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072004E00610074006900760065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00440072006F00700062006F00780043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C0057006500620053006F0063006B006500740034004E00650074002E0064006C006C00000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D0073007600630070003100320030002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E0043006F006D006D0075006E0069006300610074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00640065002D00440045005C00410076006900720061002E004F0045002E00530065007200760069006300650048006F00730074002E007200650073006F00750072006300650073002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C004E004C006F0067002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004E006100740069007600650043006F00720065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530070006500650064007500700043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C004D0069007800700061006E0065006C002E004E00450054002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00420072006F00770073006500720045007800740065006E00730069006F006E0043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00570069006E0043006F00720065002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C0049006F006E00690063002E005A00690070002E0052006500640075006300650064002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00530065007200760069006300650053007400610063006B002E0054006500780074002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00440072006F00700062006F00780043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00570069006E0043006F00720065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E0043006F006D006D0075006E0069006300610074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00530079007300740065006D002E0044006100740061002E00530051004C006900740065002E0064006C006C00000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D0073007600630072003100320030002E0064006C006C000000

Error: (01/31/2015 10:21:33 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
   bei System.Windows.Media.Composition.DUCE+Channel.SyncFlush()
   bei System.Windows.Media.MediaContext.CompleteRender()
   bei System.Windows.Interop.HwndTarget.OnResize()
   bei System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei System.Windows.Forms.UnsafeNativeMethods.GetMessageW(MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form)
   bei Avira.OE.Systray.Program.Main(System.String[])

Error: (01/31/2015 10:08:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung PackerV2.exe, Version 2.1.1615.1214, Zeitstempel 0x548d9b76, fehlerhaftes Modul PackerV2.exe, Version 2.1.1615.1214, Zeitstempel 0x548d9b76, Ausnahmecode 0xc0000005, Fehleroffset 0x00033793,
Prozess-ID 0xd2c, Anwendungsstartzeit PackerV2.exe0.

Error: (01/31/2015 10:06:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Avira.OE.Setup.Bundle.exe, Version 1.1.27.25527, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2028.0, Zeitstempel 0x5458d5e9, Ausnahmecode 0xc0000005, Fehleroffset 0x00005600,
Prozess-ID 0xa9c, Anwendungsstartzeit Avira.OE.Setup.Bundle.exe0.

Error: (01/15/2015 09:13:29 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (01/15/2015 09:13:28 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/15/2015 05:56:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Avira.OE.Setup.Bundle.exe, Version 1.1.27.25527, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2028.0, Zeitstempel 0x5458d5e9, Ausnahmecode 0xc0000005, Fehleroffset 0x00005600,
Prozess-ID 0xa2c, Anwendungsstartzeit Avira.OE.Setup.Bundle.exe0.

Error: (01/15/2015 05:06:49 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (01/31/2015 04:09:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (01/31/2015 10:36:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (01/31/2015 10:32:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (01/31/2015 10:08:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows-Dienst für Schriftartencache%%1053

Error: (01/31/2015 10:08:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows-Dienst für Schriftartencache

Error: (01/31/2015 10:07:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (01/31/2015 10:06:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Installer%%1053

Error: (01/31/2015 10:06:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Installer

Error: (01/31/2015 10:06:44 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (01/31/2015 10:04:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-52
Percentage of memory in use: 61%
Total physical RAM: 1790.19 MB
Available physical RAM: 688.43 MB
Total Pagefile: 3830.81 MB
Available Pagefile: 1938.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.1 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:17.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:21.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: B5BBB0F3)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=69.8 GB) - (Type=06)
Partition 3: (Not Active) - (Size=69.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Ich hoffe das war richtig so.

Ciao
Andreas

Bootsektor · 31.01.2015, 23:19

Hallo Andreas,

Zitat:

Wie schädlich ist der festgestellte Trojaner?

Wenn dort wirklich EyeStye drauf war ist das eine Infektion die darauf aus ist Bankdaten, sprich PINs oder TANs abzufangen, daher bitte auf jeden Fall Passwörter ändern.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [cmd] => C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe [5165056 2014-12-14] (Packer Framework) <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk
ShortcutTarget: PackerV2.exe.lnk -> C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe (Packer Framework)
C:\Users\Andreas\AppData\Local\Temp\Shuka
Update Manager for SweetPacks 1.1 (Version: 1.1.0008 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:375A40C3
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Bitte deinstalliere folgende Programme (falls vorhanden) :

Java(TM) 6 Update 26
Ask Toolbar
Linkury Smartbar
Linkury Smartbar Engine
SweetIM Bundle by SweetPacks
SweetIM for Messenger 3.7
Toolbar 4.7 by SweetPacks
Update Manager for SweetPacks 1.1
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 3
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 4
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 5
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Hannibal_2 · 01.02.2015, 16:40

Hallo Sandra,

Code:

ATTFilter

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg....

Ich überlege gerade ob ich nicht doch alles formatiere. Z.Zt. habe ich Windows Vista. Eine Betriebssystem CD war nicht dabei. Habe damals nur Datensicherungs CD angelegt.
Müsste mir dann erstmal ein neues Betriebssystem zulegen. Würde dann auf Windows 7 umsteigen. Weiß aber nicht ob der Laptop dafür so gut geeignet ist. Muss ich erstmal prüfen.

Da ich nächste Woche eh nicht zuhause bin, habe ich Zeit mir gedanken zu machen.

Schonmal vielen Dank für die bisherige Hilfe.

Wie kann man sich denn noch effektiver vor Trojanern schützen, bzw. wobei könnte ich mir diesen eingefangen haben?

Ciao
Andreas

Bootsektor · 01.02.2015, 17:56

Hallo Andreas,

das ist deine freie Entscheidung. Ohne Log von Avira kann ich nicht sagen, ob er da drauf war, bis jetzt sehe ich nichts davon. Passwörter ändern ist auf jeden Fall Pflicht ob du nun neu aufsetzt oder nicht.

Schreib mir doch noch mal die Ram-Größe und die Ghz-Zahl des Prozessors, müsste eigentlich Win 7 in der 32 bit Version drauf laufen. Allerdings finde ich die Festplatte recht klein...

Um sich gegen Malwarebefall zu schützen ist zuerst ein aktuelles System Pflicht mit den aktuellesten Updates und Patches, die Programme auf dem System müssen auch auf dem neuesten Stand sein, besonders Adobe Reader, Flashplayer, Shockwaveplayer, Java, alle Browser.

Auch ein Antivirenprogramm mit aktueller Datenbank ist Pflicht!

Dann solltest du sichere Passwörter verwenden:

verwende für jede Anwendung und jeden Account ein anderes Passwort
ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen, und Sonderzeichen
benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name)

Nicht auf alles klicken, was fröhlich rumblinkt oder dich auffordert irgend etwas zu updaten.

Software nur vom Originalhersteller laden

Bei einer Installation eines Programmes alles abwählen, was nicht zum Programm gehört. Keinerlei Startseitenveränderungen zulassen.

Vorsichtig beim Öffnen von Dateianhängen in Emails und Emails mit Auffirderung das Konto zu verifizieren oder Daten zu bestätigen sein. Lieber bei der betreffenden Firma direkt nachfragen, ob die Email legitim ist, wenn du dir nicht sicher bist.

Und ganz wichtig

brain.exe

Hannibal_2 · 05.02.2015, 19:43

Hallo Sandra,

ich bin wieder da.
Habe mich gegen eine Komplettformatierung entschieden.
Werde Morgen mal die von Dir vorgeschlagenen Schritte durchführen.

Code:

ATTFilter

...Ohne Log von Avira kann ich nicht sagen, ob er da drauf war, bis jetzt sehe ich nichts davon....

Das Log habe ich leider nicht. Könnte evtl. als jpg. Bilddatei eine Info von dem Avira Quarantäneansichtsfenter posten. Hilft das? Wie kann man das machen? Als Anhang anhängen?

Viele Grüße
Andreas

Bootsektor · 06.02.2015, 00:12

Hallo Andreas,

gut, poste dann einfach die Ergebnisse, du kannst gerne einen Screenshot von der Quarantäne machen und diesen anhängen.

Hannibal_2 · 06.02.2015, 20:20

Hallo Sandra,

das Bild der Quarantäne hänge ich an.

Ich habe Deine Schritt für Schritt Anleitung durchgeführt.

hier die Logs:

Fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-02-2015
Ran by Andreas at 2015-02-06 17:14:47 Run:1
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available profiles: Andreas)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [cmd] => C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe [5165056 2014-12-14] (Packer Framework) <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk
ShortcutTarget: PackerV2.exe.lnk -> C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe (Packer Framework)
C:\Users\Andreas\AppData\Local\Temp\Shuka
Update Manager for SweetPacks 1.1 (Version: 1.1.0008 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:375A40C3
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164
*****************

HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cmd => value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk => Moved successfully.
C:\Users\Andreas\AppData\Local\Temp\Shuka\PackerV2.exe => Moved successfully.
C:\Users\Andreas\AppData\Local\Temp\Shuka => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}\\SystemComponent => value deleted successfully.
C:\ProgramData\TEMP => ":375A40C3" ADS removed successfully.
C:\ProgramData\TEMP => ":5F64C164" ADS removed successfully.

==== End of Fixlog 17:14:50 ====

AdwCleaner(S0).txt

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 17:59:27
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Andreas - ANDREAS-PC
# Gestarted von : C:\Users\Andreas\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Yahoo! Companion
Ordner Gelöscht : C:\ProgramData\Packer
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Common Files\Tobit
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Tobit
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[!] Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[!] Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\torntv@torntv.com.xpi
Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\searchplugins\Web Search.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\and
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F04C4F83-D9C7-408C-9DEB-D5526E72108C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16584

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [SEARCH PAGE]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970"[...]
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledItems", "{8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f}:1.0,helperbar@helperbar.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,[...]
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Country", "Germany");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 23131394);
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", true);
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.UserID", "8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Visibility", true);
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.affid", "111583");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.downloadprovider", "oc");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.installationid", "8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.publisher", "oc");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8da37f89-8891-4f3d-9a2b-7bf5ef8cf41f&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q=");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.10011");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "none");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.newtab.created", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.apps.)?facebook\\.com.*");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.apps.)?facebook\\.com.*");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{45BD610B-5421-4D88-B479-8A1A17FF0E4B}");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={45BD610B-5421-4D88-B479-8A1A17FF0E4B}");
[1jao9sxz.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v40.0.2214.94


*************************

AdwCleaner[R0].txt - [20688 Bytes] - [06/02/2015 17:54:12]
AdwCleaner[S0].txt - [20308 Bytes] - [06/02/2015 17:59:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20368  Bytes] ##########

In dem Ordner von AdwCleaner war noch eine Datei AdwCleaner(R0).txt
brauchst Du die auch?

mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, 
Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, 
Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Update, 06.02.2015 18:19:04, SYSTEM, ANDREAS-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 06.02.2015 18:19:04, SYSTEM, ANDREAS-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, 
Update, 06.02.2015 18:19:21, SYSTEM, ANDREAS-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.6.6, 
Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, 
Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 
Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 06.02.2015 18:20:27, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, 
Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 
Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Stopping, 
Protection, 06.02.2015 18:21:27, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Stopped, 
Update, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, 
Update, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Protection, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, 
Protection, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, 
Protection, 06.02.2015 18:22:09, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.02.2015 18:22:11, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 
Update, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.6.6, 
Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, 
Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, 
Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 
Update, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Scheduler, Malware Database, 2015.2.6.6, 2015.2.6.7, 
Protection, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, 
Protection, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 06.02.2015 18:55:53, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 06.02.2015 18:56:27, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, 
Protection, 06.02.2015 18:56:27, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.02.2015 18:56:30, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 
Protection, 06.02.2015 19:02:51, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, 
Protection, 06.02.2015 19:02:53, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, 
Protection, 06.02.2015 19:02:53, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.02.2015 19:05:40, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 

(end)

frst.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, 
Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, 
Protection, 06.02.2015 18:18:56, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Update, 06.02.2015 18:19:04, SYSTEM, ANDREAS-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 06.02.2015 18:19:04, SYSTEM, ANDREAS-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, 
Update, 06.02.2015 18:19:21, SYSTEM, ANDREAS-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.6.6, 
Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, 
Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 
Protection, 06.02.2015 18:20:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 06.02.2015 18:20:27, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, 
Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.02.2015 18:20:38, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 
Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 06.02.2015 18:21:26, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Stopping, 
Protection, 06.02.2015 18:21:27, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Stopped, 
Update, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, 
Update, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Protection, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, 
Protection, 06.02.2015 18:22:08, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, 
Protection, 06.02.2015 18:22:09, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.02.2015 18:22:11, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 
Update, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.6.6, 
Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, 
Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 06.02.2015 18:22:25, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, 
Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.02.2015 18:22:36, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 
Update, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Scheduler, Malware Database, 2015.2.6.6, 2015.2.6.7, 
Protection, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Protection, Refresh, Starting, 
Protection, 06.02.2015 18:55:52, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 06.02.2015 18:55:53, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 06.02.2015 18:56:27, SYSTEM, ANDREAS-PC, Protection, Refresh, Success, 
Protection, 06.02.2015 18:56:27, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.02.2015 18:56:30, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 
Protection, 06.02.2015 19:02:51, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, 
Protection, 06.02.2015 19:02:53, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, 
Protection, 06.02.2015 19:02:53, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 06.02.2015 19:05:40, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 

(end)

addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015
Ran by Andreas at 2015-02-06 19:18:32
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D-Garten 8.0 (HKLM\...\{554A4E80-0002-2006-0407-11FF59A27A18}) (Version: 8.0 - DiComp)
Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.12.4213 - CyberLink Corporation)
Acer Crystal Eye webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.96.701.07a - Acer Crystal Eye webcam)
Acer Crystal Eye webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.8 - Acer Crystal Eye webcam)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4012 - )
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4008 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4008 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4017 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.20070515 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader 8.1.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.1 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - Alps Electric)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks)
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Big Kahuna Reef 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}) (Version:  - Oberon Media)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Crystal Reports Modules (HKLM\...\{957344B3-FD27-45B5-8026-44FEAB0F340A}) (Version: 1.0.0 - ideYAPI LTD.)
DATA BECKER 3D Garten Designer 9 (HKLM\...\3D Garten Designer 9_is1) (Version: 9.0 - DATA BECKER GmbH & Co. KG)
Denken und Rechnen 2 (HKLM\...\Denken und Rechnen 2) (Version:  - )
DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version:  - )
Dynasty (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}) (Version:  - Oberon Media)
Free Video Dub version 2.0.22.925 (HKLM\...\Free Video Dub_is1) (Version: 2.0.22.925 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.1.42.1212 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Garmin Communicator Plugin (HKLM\...\{86B879A5-927E-4536-B5FC-17CA96B60078}) (Version: 2.6.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
ideCAD Architektur 5 Demo (HKLM\...\{8CE203AB-DD76-4340-A4BA-DBCCA19027B4}) (Version: 5.49.000 - )
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Luxor 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
meinHausplaner (HKLM\...\meinHausplaner) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Prime Suspects (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}) (Version:  - Oberon Media)
Mystery Case Files Ravenhearst (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}) (Version:  - Oberon Media)
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM\...\{2217B0B4-35CB-48C6-B640-864DF2F30F99}) (Version: 3.2.9483 - OpenOffice.org)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.7 - Nikon)
Poker Mania (HKLM\...\Poker Mania) (Version:  - )
PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074117(3.7)_Vista_Acer - CyberLink Corporation)
Protect Disc License Helper 1.0.118 (HKLM\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5413 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung)
Sandlot Games Client Services (HKLM\...\Sandlot Games Client Services_is1) (Version:  - Sandlot Games)
Star Defender 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}) (Version:  - Oberon Media)
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM\...\{E8889865-31D8-4BE9-8CE4-20AEF81AD85E}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - S.A.D. GmbH)
Treasures of the Deep (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}) (Version:  - Oberon Media)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.6.0 - Nikon)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)
Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{015C652B-6D65-49E9-9A0F-F9A2E1C4678E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{05F12417-022F-4164-8D3E-5F04C787DE31}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{07B2FFC7-FFF6-471C-AEC2-A93478209B06}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{08C5B872-ECA4-11D4-A7B9-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{23C3C2C4-FA91-11D3-A6DC-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{2CC7C7B2-9B2D-11d3-9099-00A0C9E71419}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CAF-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB1-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB3-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{343D9CB9-DA8E-11D3-9C9A-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{377EBDC3-D059-11D4-A7A3-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{38F91081-BA6D-4659-BF13-1712E85C953E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3D4F2CB5-268C-4C2D-A055-6D66D527E44D}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3E5BBAF2-F63A-4EB7-A356-9C4BBD494CA9}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{3ECFE218-336F-44C8-8911-BB501477F201}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{401643B8-C6EB-11D4-A79B-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{4126E7DD-2705-458D-9459-9AB8C18CDEA1}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{454CC187-E49D-11D3-9CA2-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{479DDB54-7CD7-11D3-A657-00902771E565}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\tslv.dll ()
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{660ADE75-F449-11D3-A6D2-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{660ADE77-F449-11D3-A6D2-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{771C41D0-CCB4-456B-AE1E-7CBAE6298B40}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{7DE5C439-9CF2-4761-AFFD-C1A053782B30}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{84663529-9F6C-4C15-9F36-5E3F5FFFD1DA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{86C49566-24FD-487F-8D3A-CFBB1CB240E6}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\datadefmodel.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8D7D6A02-D121-11D4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8D7D6A04-D121-11D4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{8E205F3C-52CE-4578-AC81-A7089CDD6073}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{948D9136-1C5A-4C1A-B59D-EBAA269B45E0}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{985E4039-F6AE-11D3-9CB4-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{999BCD90-23D9-4890-948B-D0AE7078CF0A}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\saxmlserialize.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9CD5A7CF-1E0F-48CB-A70A-7B188951D04B}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9DFDA656-6083-4330-A8FA-D538ACBBB172}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B350-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B352-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B357-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{9FB0B359-2265-11D2-BF06-00A0C9B82ABA}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\s2sqlprs.dll (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A1F5F582-001B-11D4-A6E1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA692-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA69A-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A57AA69C-F5E2-11D3-A6D4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A6584661-F925-11D3-A6D8-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{A798775F-0C79-4AFD-A972-B5E8AD6C1ADE}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{B7E8605E-329E-11D4-AAA2-00902741F1FC}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\crqe.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C113DA70-E957-11D3-A6C7-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C978FD27-F390-11D3-A6D1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{C978FD29-F390-11D3-A6D1-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{CFA1F8B3-46F9-444B-AA19-7A284D008A74}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E092-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E09B-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E09F-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A1-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A3-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A5-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A7-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D330E0A9-F158-11D4-A7BE-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{D97C7D7D-FF5B-4802-BE3F-D8748E986F7B}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{DBA36674-FB63-11D3-9CB6-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{DBA36678-FB63-11D3-9CB6-00A0C9C84608}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E04F5EF0-FF09-4C86-B0EC-A4EC377C4DCF}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\saxmlserialize.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E69D927A-9686-4CE1-800C-FF739EEC7EB3}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{E86BB58D-0A87-4DE2-92F7-E74DA7FEBB3F}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\SACommonControls.dll (Crystal Decisions Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{F986A051-D154-11d4-A7A4-00902771FF87}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll (Crystal Decisions, Inc.)
CustomCLSID: HKU\S-1-5-21-695030953-4224019398-3706738656-1000_Classes\CLSID\{FA189F65-BFB2-4cb7-BC35-0E97F508011E}\InprocServer32 -> C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\keycodeV2.dll (Crystal Decisions)

==================== Restore Points  =========================

15-01-2015 20:35:54 Windows Update
15-01-2015 20:56:42 Windows Update
31-01-2015 10:18:40 Windows Update
05-02-2015 19:27:44 Windows Update
06-02-2015 17:21:19 Removed Java(TM) 6 Update 26
06-02-2015 17:25:17 Removed Linkury Smartbar
06-02-2015 17:27:10 Removed Linkury Smartbar
06-02-2015 17:32:57 Removed Java(TM) 6 Update 26
06-02-2015 17:34:34 Removed Linkury Smartbar
06-02-2015 17:41:32 Revo Uninstaller's restore point - Linkury Smartbar
06-02-2015 17:41:51 Removed Linkury Smartbar

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {166C06E1-F91D-4CB8-B3A3-91DD8FC124DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1DBC7DE7-C3B3-42CD-A466-FDA8D0999B43} - System32\Tasks\Microsoft\Windows\RestartManager\{2357A169-3205-4d6d-A548-F79A8EB9ECED} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {6825395E-9EE3-4726-BB58-61CF6B2FABB9} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Andreas => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {B2DA1320-4CAA-4C9F-BE59-03B990FD3591} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {D1F3D537-21BC-4FC1-A892-FF6446892A45} - System32\Tasks\{F4D13830-066A-4B6E-81E6-7BE644EDCC8D} => pcalua.exe -a C:\Users\Andreas\AppData\Local\Temp\Temp2_mein_hpl_2008.zip\MEIN_HPL_2008.exe
Task: {E2D74F6A-F7CC-4CB4-A6C3-24F63F25301D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {EF1FDE15-725D-45E7-975B-0A8C0192EE0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {F6FA62FD-07E0-4660-8737-36157ED84369} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-30] (Google)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2009-08-02 21:43 - 2005-01-06 17:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2007-07-28 11:16 - 2007-01-26 13:24 - 00050688 _____ () C:\Acer\ALaunch\ALaunchSvc.exe
2007-07-28 10:55 - 2006-11-24 11:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe
2007-07-28 10:55 - 2006-10-24 09:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2007-07-28 10:53 - 2007-01-23 14:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2007-09-07 21:24 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2007-09-07 21:24 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2007-07-28 10:38 - 2007-06-28 17:50 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
2007-04-25 15:30 - 2007-04-25 15:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll
2007-04-25 15:31 - 2007-04-25 15:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll
2007-07-28 10:33 - 2007-02-07 08:25 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2007-07-28 10:24 - 2007-06-15 15:15 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2007-07-28 10:24 - 2007-06-15 15:47 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2007-07-28 10:39 - 2007-06-11 13:54 - 00106496 _____ () C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
2007-07-28 10:39 - 2007-03-22 10:51 - 00003584 _____ () C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll
2007-07-28 10:35 - 2007-04-11 15:42 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2007-07-28 10:35 - 2007-04-11 14:07 - 00077824 _____ () C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
2007-07-28 10:37 - 2007-05-24 08:53 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2007-07-28 10:37 - 2007-05-24 08:53 - 00106496 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2007-07-28 20:21 - 2007-06-13 15:56 - 00249856 ____R () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
2007-07-28 10:38 - 2007-06-28 17:50 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
2009-10-20 20:02 - 2010-05-06 20:50 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Control Panel\Desktop\\Wallpaper -> c:\Windows\Web\wallpaper\Acer01.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-695030953-4224019398-3706738656-500 - Administrator - Disabled)
Andreas (S-1-5-21-695030953-4224019398-3706738656-1000 - Administrator - Enabled) => C:\Users\Andreas
ASPNET (S-1-5-21-695030953-4224019398-3706738656-1002 - Limited - Enabled)
Gast (S-1-5-21-695030953-4224019398-3706738656-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 07:02:34 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (02/06/2015 05:41:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {76884a30-9290-4e7b-84cd-d09503961cd0}

Error: (02/06/2015 04:55:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung avira_de.exe, Version 1.1.29.22350, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2431.0, Zeitstempel 0x54a3de01, Ausnahmecode 0xc0000005, Fehleroffset 0x00005689,
Prozess-ID 0x1508, Anwendungsstartzeit avira_de.exe0.

Error: (01/31/2015 04:23:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
   bei System.Windows.Media.Composition.DUCE+Channel.SyncFlush()
   bei System.Windows.Media.MediaContext.CompleteRender()
   bei System.Windows.Interop.HwndTarget.OnResize()
   bei System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei System.Windows.Forms.UnsafeNativeMethods.GetMessageW(MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form)
   bei Avira.OE.Systray.Program.Main(System.String[])

Error: (01/31/2015 04:22:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: e34
Anfangszeit: 01d03d67f4e0bef0
Zeitpunkt der Beendigung: 513

Error: (01/31/2015 10:38:14 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Andreas-PC)
Description: 0Avira.OE.ServiceHost.exeAvira Service Host03026216123682343003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530070006500650064007500700043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530065007200760069006300650048006F00730074002E00650078006500000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072004E00610074006900760065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00440072006F00700062006F00780043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C0057006500620053006F0063006B006500740034004E00650074002E0064006C006C00000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D0073007600630070003100320030002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E0043006F006D006D0075006E0069006300610074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00640065002D00440045005C00410076006900720061002E004F0045002E00530065007200760069006300650048006F00730074002E007200650073006F00750072006300650073002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C004E004C006F0067002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004E006100740069007600650043006F00720065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00530070006500650064007500700043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C004D0069007800700061006E0065006C002E004E00450054002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00420072006F00770073006500720045007800740065006E00730069006F006E0043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00570069006E0043006F00720065002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C0049006F006E00690063002E005A00690070002E0052006500640075006300650064002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E004100760043006F006E006E006500630074006F0072002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00530065007200760069006300650053007400610063006B002E0054006500780074002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00440072006F00700062006F00780043006F006E006E006500630074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E00570069006E0043006F00720065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00410076006900720061002E004F0045002E0043006F006D006D0075006E0069006300610074006F0072002E0049006E0074006500720066006100630065002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C00410076006900720061005C004D0079002000410076006900720061005C00530079007300740065006D002E0044006100740061002E00530051004C006900740065002E0064006C006C00000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D0073007600630072003100320030002E0064006C006C000000

Error: (01/31/2015 10:21:33 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
   bei System.Windows.Media.Composition.DUCE+Channel.SyncFlush()
   bei System.Windows.Media.MediaContext.CompleteRender()
   bei System.Windows.Interop.HwndTarget.OnResize()
   bei System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei System.Windows.Forms.UnsafeNativeMethods.GetMessageW(MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application.Run(System.Windows.Forms.Form)
   bei Avira.OE.Systray.Program.Main(System.String[])

Error: (01/31/2015 10:08:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung PackerV2.exe, Version 2.1.1615.1214, Zeitstempel 0x548d9b76, fehlerhaftes Modul PackerV2.exe, Version 2.1.1615.1214, Zeitstempel 0x548d9b76, Ausnahmecode 0xc0000005, Fehleroffset 0x00033793,
Prozess-ID 0xd2c, Anwendungsstartzeit PackerV2.exe0.

Error: (01/31/2015 10:06:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Avira.OE.Setup.Bundle.exe, Version 1.1.27.25527, Zeitstempel 0x52974fc4, fehlerhaftes Modul WixStdBA.dll, Version 3.8.2028.0, Zeitstempel 0x5458d5e9, Ausnahmecode 0xc0000005, Fehleroffset 0x00005600,
Prozess-ID 0xa9c, Anwendungsstartzeit Avira.OE.Setup.Bundle.exe0.

Error: (01/15/2015 09:13:29 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4


System errors:
=============
Error: (02/06/2015 07:06:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (02/06/2015 07:02:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (02/06/2015 06:02:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (02/06/2015 05:59:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Softwarelizenzierung11200001Neustart des Diensts

Error: (02/06/2015 05:59:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Service Host1100001Neustart des Diensts

Error: (02/06/2015 05:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0101Neustart des Diensts

Error: (02/06/2015 05:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts

Error: (02/06/2015 05:59:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ALaunch Service1

Error: (02/06/2015 05:59:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ePower Service1

Error: (02/06/2015 05:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: eSettings Service1600001Neustart des Diensts


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-06 19:18:19.479
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-06 19:18:18.559
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-06 19:18:17.623
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-06 19:18:16.671
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-06 19:18:15.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-06 19:18:14.565
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-06 19:18:13.629
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-06 19:18:12.662
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-06 19:17:28.763
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-06 19:17:27.890
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-52
Percentage of memory in use: 61%
Total physical RAM: 1790.19 MB
Available physical RAM: 692.31 MB
Total Pagefile: 3828.9 MB
Available Pagefile: 2128.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.94 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:18.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:21.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: B5BBB0F3)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=69.8 GB) - (Type=06)
Partition 3: (Not Active) - (Size=69.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Das sind ne Menge Daten. Ich hoffe ich habe nichts vergessen.

Sollte man evtl. mit den Programmen AdwCleaner und Malwarebytes Anti-Malware regelmäßig einen Scan vom dem System machen lassen?

Ich habe noch eine externe Festplatte. Die hängt aber nur sporadisch am Rechner. Sollte man da auch mal suchen lassen?

Viele Grüße
Andreas

Bootsektor · 07.02.2015, 01:57

Hallo Andreas,

bitte schau noch mal in Malwarebytes nach dem Suchlaufsprotokoll, das ist das Schutzprotokoll.
Dann fehlt mir noch die aktuelle FRST.txt und du hattest da tatsächlich mal Spyeye drauf, Der lief aber grad nicht mehr.

Schritt 1

Starte Malwarebytes
Gehe nun oben auf Verlauf
links findest du nun die Auswahl Quarantäne und Anwendungsprotokolle
Gehe auf Anwendungsprotokolle
suche hier das letzte Suchlaufsprotokoll und wähle das aus
nun gehe oben auf Ansicht, das Protokoll öffnet sich
unten links steht exportieren, wähle das aus und klicke auf Textdatei
speichere nun das Log unter mbam.txt ab
öffne das Log mit deinem Texteditor
poste mir den Inhalt

Schritt 2
FRST.txt posten

Schritt 3

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

cmd: dir c:\syscheckrt /s

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Hannibal_2 · 07.02.2015, 17:02

Hallo Sandra,

hier nun die FRSt.txt von gestern.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015
Ran by Andreas (administrator) on ANDREAS-PC on 06-02-2015 19:16:48
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available profiles: Andreas)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Acer\ALaunch\ALaunchSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Realtek Semiconductor Corp.) C:\Users\Andreas\AppData\Local\Temp\RtkBtMnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ALaunch] => C:\Acer\ALaunch\AlaunchClient.exe
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4468736 2007-05-18] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-03-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acer Tour] => [X]
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [752136 2007-06-27] (Dritek System Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [SetPanel] => C:\Acer\APanel\APanel.cmd
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371712 2009-07-15] (shbox.de)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [Acer Tour Reminder] => [X]
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-06-23] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKU\S-1-5-21-695030953-4224019398-3706738656-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll (HiTRUST)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-695030953-4224019398-3706738656-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default
FF NewTab: about:blank
FF DefaultSearchUrl: 
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @protectdisc.com/NPPDLicenseHelper -> C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\abs@avira.com [2015-02-05]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-28]

Chrome: 
=======
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-29]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-29]
CHR Extension: (Google-Suche) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-29]
CHR Extension: (Avira Browserschutz) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-29]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Extension: (Google Mail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-01-08] (DATA BECKER GmbH & Co KG) [File not signed]
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) [File not signed]
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [767664 2007-05-28] (Bison Electronics. Inc. )
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-28] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 19:15 - 2015-02-06 19:15 - 00004207 _____ () C:\Users\Andreas\Desktop\mbam.txt
2015-02-06 18:18 - 2015-02-06 19:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 18:18 - 2015-02-06 18:21 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-06 18:18 - 2015-02-06 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-06 18:18 - 2015-02-06 18:21 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-06 18:18 - 2015-02-06 18:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 18:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 18:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 18:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 18:15 - 2015-02-06 18:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-06 18:08 - 2015-02-06 18:08 - 00020449 _____ () C:\Users\Andreas\Desktop\AdwCleaner[S0].txt
2015-02-06 18:07 - 2015-02-06 18:07 - 00001006 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-06 17:51 - 2015-02-06 17:59 - 00000000 ____D () C:\AdwCleaner
2015-02-06 17:51 - 2015-02-06 17:51 - 02112512 _____ () C:\Users\Andreas\Downloads\AdwCleaner_4.110.exe
2015-02-06 17:39 - 2015-02-06 17:39 - 00001061 _____ () C:\Users\Andreas\Desktop\Revo Uninstaller.lnk
2015-02-06 17:39 - 2015-02-06 17:39 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-06 17:38 - 2015-02-06 17:38 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andreas\Downloads\revosetup95.exe
2015-02-06 17:14 - 2015-02-06 17:14 - 00000000 ____D () C:\Users\Andreas\Desktop\FRST-OlderVersion
2015-02-05 19:24 - 2015-02-06 17:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-31 17:19 - 2015-01-31 17:21 - 00055491 _____ () C:\Users\Andreas\Desktop\Addition.txt
2015-01-31 17:17 - 2015-02-06 19:17 - 00018861 _____ () C:\Users\Andreas\Desktop\FRST.txt
2015-01-31 17:14 - 2015-02-06 19:16 - 00000000 ____D () C:\FRST
2015-01-31 17:13 - 2015-02-06 17:14 - 01123328 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2015-01-31 16:30 - 2015-01-31 16:30 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2015-01-31 16:29 - 2015-01-31 16:30 - 00050477 _____ () C:\Users\Andreas\Downloads\Defogger.exe
2015-01-15 17:52 - 2015-01-15 17:52 - 138300268 _____ () C:\Windows\MEMORY.DMP
2015-01-15 17:52 - 2015-01-15 17:52 - 00138096 _____ () C:\Windows\Minidump\Mini011515-01.dmp
2015-01-15 17:52 - 2015-01-15 17:52 - 00000000 ____D () C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 19:13 - 2007-09-07 21:13 - 01652674 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 19:07 - 2009-05-02 21:20 - 00262133 _____ () C:\ProgramData\nvModes.001
2015-02-06 19:03 - 2010-04-27 16:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 19:02 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 19:02 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 19:02 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 19:01 - 2007-07-28 11:05 - 00233674 _____ () C:\Windows\PFRO.log
2015-02-06 19:00 - 2006-11-02 14:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 18:56 - 2010-04-27 16:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 18:07 - 2014-08-20 10:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-06 18:07 - 2012-12-23 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-06 18:06 - 2012-12-23 15:13 - 00000000 ____D () C:\Program Files\Avira
2015-02-06 18:02 - 2012-09-26 16:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 18:01 - 2013-12-24 12:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-06 17:59 - 2013-01-07 13:25 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-06 17:30 - 2007-07-28 10:52 - 00000000 ____D () C:\Program Files\Acer Arcade Deluxe
2015-02-06 17:30 - 2007-07-28 09:32 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-06 17:06 - 2012-09-13 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 17:06 - 2012-09-13 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-31 17:39 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-31 16:59 - 2014-10-29 12:33 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-31 12:19 - 2011-01-12 20:59 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-16 02:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-01-15 21:13 - 2013-09-01 17:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 20:57 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-15 20:53 - 2008-11-10 10:14 - 00000000 ____D () C:\DVDVideoSoft
2015-01-15 20:53 - 2008-11-10 10:10 - 00000000 ____D () C:\Users\Andreas\Documents\DVDVideoSoft
2015-01-15 18:33 - 2007-10-17 21:05 - 00074240 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 18:06 - 2006-11-02 11:33 - 01643124 _____ () C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2014-03-04 18:55 - 2014-03-04 18:55 - 49940480 _____ () C:\Program Files\GUTAD6E.tmp
2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Galaxy Swirl
2012-11-03 22:54 - 2012-11-03 22:54 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Gems
2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Generic
2012-11-03 22:50 - 2012-11-03 22:50 - 0000268 ___RH () C:\Users\Andreas\AppData\Roaming\Hip Hop
2007-10-17 21:49 - 2009-05-02 21:14 - 0027525 _____ () C:\Users\Andreas\AppData\Roaming\nvModes.001
2007-10-17 21:46 - 2008-11-10 18:07 - 0027525 _____ () C:\Users\Andreas\AppData\Roaming\nvModes.dat
2007-10-17 20:22 - 2013-12-20 20:20 - 0004180 _____ () C:\Users\Andreas\AppData\Roaming\wklnhst.dat
2007-10-22 20:35 - 2012-02-22 20:41 - 0000680 _____ () C:\Users\Andreas\AppData\Local\d3d9caps.dat
2007-10-17 21:05 - 2015-01-15 18:33 - 0074240 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-17 14:00 - 2008-08-17 14:00 - 0000095 _____ () C:\Users\Andreas\AppData\Local\fusioncache.dat
2007-11-06 20:40 - 2007-11-06 20:40 - 0000305 _____ () C:\ProgramData\addr_file.html
2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\ProgramData\Grapher
2012-11-03 22:54 - 2012-11-03 22:54 - 0000268 ___RH () C:\ProgramData\Graphics
2012-11-03 22:52 - 2012-11-03 22:52 - 0000268 ___RH () C:\ProgramData\Guides
2012-11-03 22:50 - 2012-11-03 22:50 - 0000268 ___RH () C:\ProgramData\Horns
2009-05-02 21:20 - 2015-02-06 19:07 - 0262133 _____ () C:\ProgramData\nvModes.001
2009-05-02 21:20 - 2014-12-20 20:15 - 0262133 _____ () C:\ProgramData\nvModes.dat
2012-11-03 22:50 - 2012-11-03 22:51 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2012-11-03 22:54 - 2014-11-04 22:36 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2012-11-03 22:52 - 2014-11-16 21:40 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2012-11-03 22:52 - 2012-11-03 23:23 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\PicasaUpdater_3904.exe
C:\Users\Andreas\AppData\Local\Temp\PicasaUpdater_6e78.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll
C:\Users\Andreas\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 19:11

==================== End Of Log ============================

--- --- ---

In Malwarebytes sind jetzt 2 Protokolle. Das letzte ist von Heute. Wird jetzt täglich gescant?

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 07.02.2015 16:06:12, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, 
Protection, 07.02.2015 16:06:12, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, 
Protection, 07.02.2015 16:06:12, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 07.02.2015 16:09:07, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 

(end)

Hier nochmal Fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-02-2015
Ran by Andreas at 2015-02-07 16:42:47 Run:2
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available profiles: Andreas)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: dir c:\syscheckrt /s
         
*****************


=========  dir c:\syscheckrt /s =========

 Datentr�ger in Laufwerk C: ist ACER
 Volumeseriennummer: 382D-A49E
Datei nicht gefunden

========= End of CMD: =========


==== End of Fixlog 16:49:08 ====

Ich hoffe die Daten sind vollständig.

Bootsektor · 07.02.2015, 23:13

Hallo,

der Ordner ist leer, war also wirklich nur ein Überbleibsel einer früheren Infektion.

Können wir löschen.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

c:\syscheckrt

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Bitte schau nochmal bei Malwarebytes nach dem Log, dieses ist das Schutzprotokoll, Ich brauch das Suchlaufsprotokoll. Du hast jetzt halt nen Echtzeitscanner, da ist das normal, dass der im Hintergrund vor sich hinwerkelt.

Starte Malwarebytes
Gehe nun oben auf Verlauf
links findest du nun die Auswahl Quarantäne und Anwendungsprotokolle
Gehe auf Anwendungsprotokolle
suche hier das letzte Suchlaufsprotokoll und wähle das aus
nun gehe oben auf Ansicht, das Protokoll öffnet sich
unten links steht exportieren, wähle das aus und klicke auf Textdatei
speichere nun das Log unter mbam.txt ab
öffne das Log mit deinem Texteditor
poste mir den Inhalt

Hannibal_2 · 08.02.2015, 13:44

Hallo Sandra,

hier die Logs

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-02-2015
Ran by Andreas at 2015-02-08 13:27:21 Run:3
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available profiles: Andreas)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
c:\syscheckrt
*****************

"c:\syscheckrt" => File/Directory not found.

==== End of Fixlog 13:27:21 ====

Bei mbam bin ich mir nicht sicher, ob das immer das richtige ist. Da steht Schutzprotokoll nicht Suchlaufsprotokoll (s. Anhang)

mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 08.02.2015 13:04:50, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Starting, 
Protection, 08.02.2015 13:04:50, SYSTEM, ANDREAS-PC, Protection, Malware Protection, Started, 
Protection, 08.02.2015 13:04:50, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 08.02.2015 13:07:27, SYSTEM, ANDREAS-PC, Protection, Malicious Website Protection, Started, 

(end)

Ciao
Andreas

Bootsektor · 09.02.2015, 22:46

Hallo,

gut, die ist anscheinend von AVira schon beseitigt worden.

Ja das Malwarebyteslog ist das Schutzlog, kannst du nochmal einen Scan nach der Anleitung machen und schauen, ob du nun ein Log bekommst?

Schritt 1
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Hannibal_2 · 10.02.2015, 18:12

Hallo Sandra,

hier das Suchlaufsprotokoll.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.02.2015
Suchlauf-Zeit: 17:02:45
Logdatei: mbam Suchlauflog 10_02.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.10.09
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Andreas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 313436
Verstrichene Zeit: 25 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.SweetPacks.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\SweetPacksToolbarData, , [6a67d646b2d877bf1862d8ab1be8df21], 
PUP.Optional.SweetPacks.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1jao9sxz.default\SweetPacksToolbarData\logs, , [6a67d646b2d877bf1862d8ab1be8df21], 

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Ich habe einiges in Quarantäne (s. Anhang). Soll ich das Löschen?

Ciao Andreas