Hallo
Ich habe das gleiche Problem wie hier im Forum:Komme aber alleine nicht da durch.

http://www.trojaner-board.de/141861-...cednt-dll.html

Die Trojaner "snap.da" und "webssearchers" hatte ich mir mit Firefox Download eingefangen.
Inzwischen werden diese "Suchmaschienen" von Avira Pro geblockt.Den FRST Editor habe ich auf den Destop. Und schon mal durchgescant. Jetzt komme ich nicht weiter.
Gruß Axel

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Weitere Trojaner sind nicht bekannt. Snp.do und webssearchers sind deinstalliert.
Gruß Axel
FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by BAAX (administrator) on BAAX-PC on 29-01-2015 14:54:18
Running from C:\Users\BAAX\Downloads\Desktop
Loaded Profiles: BAAX (Available profiles: BAAX)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Windows\PLFSetI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Realtek Semiconductor Corp.) C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [NTRedirect] => C:\Windows\system32\rundll32.exe  "C:\Users\BAAX\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-09-12] (Google Inc.)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49319;https=127.0.0.1:49319
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page = News - Service - Shopping bei t-online.de
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387534911&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A791945819458&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO: mySecureSurfer -> {52EA1989-D16E-4560-9021-F0AD247DE4D1} -> C:\Users\BAAX\AppData\LocalLow\mySecureSurfer\IE\mySecureSurfer.dll (Soft-Ware International Ltd.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} ->  No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe v9

FireFox:
========
FF ProfilePath: C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\user.js
FF SearchPlugin: C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\searchplugins\Web Search.xml
FF Extension: Avira Browser Safety - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\abs@avira.com [2015-01-29]
FF Extension: Fast Start - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\faststartff@gmail.com [2015-01-29]
FF Extension: FF Toolbar - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\fftoolbar2014@etech.com [2015-01-29]
FF Extension: SparPilot - Gutscheine &amp; mehr... - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\sparpilot@sparpilot.com [2015-01-29]
FF Extension: {e3a58803-7a45-4e48-8964-75dfd6b69cc9} - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\{e3a58803-7a45-4e48-8964-75dfd6b69cc9}.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-14]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files\LyriXeeker\126.xpi
FF Extension: LyricXeeker - C:\Program Files\LyriXeeker\126.xpi [2013-08-12]
FF HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (Feven 1.5) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-20]
CHR Extension: (YouTube) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (Google Search) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (LyricXeeker) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojlgbehpaeekopencdagbdamnkppci [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files\LyriXeeker\126.crx [2013-08-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [442368 2009-04-01] (Hauppauge Computer Works) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-21] (Avira Operations GmbH & Co. KG)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [45824 2008-12-11] (Hauppauge Computer Works, Inc.)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 14:54 - 2015-01-29 14:54 - 00000000 ____D () C:\FRST
2015-01-29 11:33 - 2015-01-29 11:33 - 00001287 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-01-29 11:18 - 2015-01-29 11:18 - 00020433 _____ () C:\Windows\WinTV7.LOG
2015-01-29 11:18 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:18 - 00006198 _____ () C:\Windows\HCWPNP.INI
2015-01-29 11:17 - 2015-01-29 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:17 - 00001039 _____ () C:\Users\Public\Desktop\WinTV 7.lnk
2015-01-29 11:17 - 2015-01-29 11:17 - 00000000 ____D () C:\Users\Public\WinTV
2015-01-29 11:17 - 2009-01-16 01:00 - 00303160 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwpnp32.dll
2015-01-29 11:17 - 2008-09-26 11:18 - 00106552 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\hcwi2c32.dll
2015-01-29 11:17 - 2004-06-08 06:03 - 00036921 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwutl32.dll
2015-01-29 11:05 - 2008-08-21 20:11 - 00070472 _____ () C:\Windows\system32\Drivers\hcw17isd.1b0
2015-01-29 11:05 - 2008-08-21 19:29 - 00085656 _____ () C:\Windows\system32\Drivers\hcw17dvb.1b0
2015-01-29 10:45 - 2015-01-29 11:03 - 00002026 _____ () C:\Windows\PFRO.log
2015-01-28 18:11 - 2015-01-28 22:18 - 00049257 _____ () C:\Windows\IE11_main.log
2015-01-28 17:24 - 2015-01-29 14:25 - 00520257 _____ () C:\Windows\setupact.log
2015-01-28 17:24 - 2015-01-29 14:25 - 00001860 _____ () C:\Windows\error.log
2015-01-28 17:24 - 2015-01-29 14:25 - 00000405 _____ () C:\Windows\errord.log
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-28 17:20 - 2015-01-28 17:22 - 00000000 ____D () C:\Users\BAAX\Documents\Backup Reg
2015-01-27 12:43 - 2015-01-29 11:33 - 00000000 ____D () C:\Users\BAAX\AppData\Local\AviraSpeedup
2015-01-27 12:30 - 2015-01-29 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-01-27 12:22 - 2015-01-27 12:22 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\BAAX\Downloads\avira_de_ulsuse_10969743_v51n5vii8f3tfkqon253_wd.exe
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\MSDOS.SYS
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\IO.SYS
2015-01-26 15:20 - 2015-01-26 15:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 14:39 - 2015-01-26 14:39 - 00000000 ____D () C:\ProgramData\d491183000005039
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\Users\BAAX\AppData\Local\F-Secure
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\ProgramData\F-Secure
2015-01-26 12:01 - 2015-01-29 14:25 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-01-26 12:01 - 2015-01-26 12:08 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-01-26 12:01 - 2015-01-26 12:01 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\ParetoLogic
2015-01-26 12:01 - 2015-01-26 12:01 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\DriverCure
2015-01-26 12:01 - 2015-01-26 12:01 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2015-01-18 16:22 - 2015-01-27 11:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-31 13:17 - 2015-01-27 17:40 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-31 13:17 - 2015-01-27 17:40 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-31 13:17 - 2015-01-27 11:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-31 13:17 - 2014-12-31 13:18 - 00000000 ____D () C:\Users\BAAX\AppData\Local\Mozilla
2014-12-31 13:17 - 2014-12-31 13:17 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-31 13:15 - 2014-12-31 13:15 - 39441776 _____ () C:\Users\BAAX\Downloads\Firefox Setup 34.0.5.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 14:47 - 2010-02-05 08:59 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 14:34 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 14:34 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 14:30 - 2010-02-05 10:46 - 01932292 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 14:27 - 2012-08-23 22:13 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Skype
2015-01-29 14:25 - 2013-12-20 11:22 - 00002004 _____ () C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job
2015-01-29 14:25 - 2013-12-20 11:22 - 00001932 _____ () C:\Windows\Tasks\Feven 1.5-chromeinstaller.job
2015-01-29 14:25 - 2013-12-20 11:22 - 00001302 _____ () C:\Windows\Tasks\Feven 1.5-updater.job
2015-01-29 14:25 - 2013-12-20 11:22 - 00001204 _____ () C:\Windows\Tasks\Feven 1.5-codedownloader.job
2015-01-29 14:25 - 2013-12-20 11:22 - 00001104 _____ () C:\Windows\Tasks\Feven 1.5-enabler.job
2015-01-29 14:25 - 2010-02-05 08:59 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 14:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 14:19 - 2009-10-07 12:13 - 00000000 __SHD () C:\Users\BAAX\AppData\Roaming\.#
2015-01-29 14:10 - 2013-12-20 16:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 14:09 - 2013-12-12 10:09 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2015-01-29 11:18 - 2009-09-11 21:17 - 00000000 ____D () C:\Program Files\WinTV
2015-01-29 11:18 - 2009-09-11 19:12 - 00033169 _____ () C:\Windows\Irremote.ini
2015-01-29 11:17 - 2009-09-11 19:12 - 00000510 _____ () C:\Windows\ODBC.INI
2015-01-29 11:17 - 2009-09-11 19:12 - 00000209 _____ () C:\Windows\ODBCINST.INI
2015-01-29 11:17 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-29 11:02 - 2009-09-11 21:11 - 00263228 _____ () C:\hcwclear.txt
2015-01-29 10:18 - 2010-02-05 10:25 - 00000000 ____D () C:\Users\BAAX
2015-01-29 10:16 - 2009-11-21 15:06 - 00000000 ____D () C:\Program Files\GPS Information
2015-01-28 17:46 - 2013-08-12 16:57 - 00000000 ____D () C:\Program Files\LyriXeeker
2015-01-28 17:17 - 2010-02-05 10:21 - 00000000 ____D () C:\Windows\Panther
2015-01-28 17:17 - 2010-01-29 17:30 - 00000000 ____D () C:\Users\BAAX\Tracing
2015-01-28 17:15 - 2010-02-05 10:55 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagerr.xml
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-28 10:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-27 14:26 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 14:09 - 2009-03-12 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2015-01-27 12:55 - 2013-12-20 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-27 12:42 - 2010-02-05 10:55 - 00081328 _____ () C:\Users\BAAX\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 12:42 - 2009-07-14 05:33 - 00342424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 12:36 - 2014-07-11 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-01-27 12:36 - 2010-03-07 13:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 12:28 - 2013-12-20 17:02 - 00000000 ____D () C:\Program Files\Avira
2015-01-27 12:24 - 2013-05-27 19:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-27 09:10 - 2013-12-20 16:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-27 09:10 - 2013-12-20 16:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-26 14:27 - 2010-02-05 10:55 - 00001637 _____ () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 15:35 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 14:26 - 2014-07-11 10:55 - 00000000 ____D () C:\Program Files\Ahnenblatt
2015-01-15 14:24 - 2014-07-11 10:55 - 00000000 ____D () C:\Users\BAAX\Documents\Ahnenblatt
2015-01-13 21:45 - 2013-09-01 18:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 21:38 - 2011-01-27 15:34 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2009-09-12 08:40 - 2009-10-04 17:02 - 0000088 _____ () C:\Users\BAAX\AppData\Roaming\wklnhst.dat
2011-12-13 13:46 - 2011-12-13 13:51 - 0027136 _____ () C:\Users\BAAX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-27 09:22 - 2011-07-27 09:22 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{68174423-0BEE-4E44-96CE-6F01359AE1A3}
2011-07-27 17:42 - 2011-07-27 17:43 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{901EC024-5227-4AFF-A081-207CF41E03F6}
2011-07-29 15:52 - 2011-07-29 15:52 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{9B7C00CF-E664-4ED2-9A00-FA67C63BC8E4}
2011-06-24 20:21 - 2011-06-24 20:21 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{DD52C373-A691-469D-AB25-1CE36843F8F8}
2011-07-29 16:31 - 2011-07-29 16:32 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{EC25614B-9C4E-4E58-8EFD-3320E6FBF92E}

Some content of TEMP:
====================
C:\Users\BAAX\AppData\Local\Temp\avgnt.exe
C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 09:57

==================== End Of Log ============================
         

--- --- ---

--- --- ---
FRST Additions Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by BAAX at 2015-01-29 14:55:12
Running from C:\Users\BAAX\Downloads\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Maker Version 1.0.8 (Build 116) (HKLM\...\7-PDF Maker_is1) (Version: 7-PDF Maker - Version 1.0.8 (Build 116) - 7-PDF, Germany - Thorsten Hodes)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.5.6121 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.5.6121 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.58 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.0.7.1 - Suyin Optronics Corp)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3008 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3016 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Ahnenblatt 2.81 (HKLM\...\Ahnenblatt_is1) (Version: 2.81.0.0 - Dirk Böttcher)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Antivirus Pro (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0F01}) (Version: 12.15.1.463 - APN, LLC)
Avira System Speedup 1.6 (HKLM\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Backup Manager Basic (Version: 1.0.0.58 - NewTech Infosystems) Hidden
Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
C:\Program Files\Acer GameZone\GameConsole (HKLM\...\{71C2828F-2678-4675-BDEC-895424861262}_is1) (Version: 2.0.1.6 - Oberon Media, Inc.)
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Delta toolbar   (HKLM\...\delta) (Version: 1.8.22.0 - Delta) <==== ATTENTION
Driver Detective (HKLM\...\{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}) (Version: 7.0.0 - PC Drivers HeadQuarters)
Elevated Installer (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GM(S) - Toolbar (HKLM\...\GM(S) - Toolbar) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Großer Reiseplaner 2008/2009 (HKLM\...\{466C2D04-E917-4093-B7DF-080C24A7151F}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Hauppauge Signal Monitor Utility (HKLM\...\Hauppauge Signal Monitor Utility) (Version:  - )
Hauppauge Software MPEG-2 Decoder Installer (HKLM\...\Hauppauge Software MPEG-2 Decoder Installer) (Version:  - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version:  - )
Hauppauge WinTV Infrared Remote (HKLM\...\Hauppauge WinTV Infrared Remote) (Version:  - )
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{9FAAE06C-DEDD-4299-B88D-1F9AD5E1547F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.10 - Acer Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Access database engine 2007 (German) (HKLM\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.59.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
ServicePack 1 Großer Reiseplaner 2008/2009 (HKLM\...\{283D4576-CBF8-4F65-84D3-7C5DC75F144E}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Storimbo (HKLM\...\Storimbo) (Version: 2013.11.19.213336 - Storimbo) <==== ATTENTION!
Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten (HKLM\...\{B23B43B5-DDDC-41DA-9700-F334744E694E}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zusatzmodul GPS-Pilot GRP09 (HKLM\...\{57C1CE64-FB40-49C2-AFFC-A80691D3F867}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Zusatzmodul GPS-Pilot GRP09 (Version: 12.5 - PTV Planung Transport Verkehr AG) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-01-2015 12:35:42 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 12:52:42 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 13:20:36 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 13:21:42 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 14:38:59 Windows Update
27-01-2015 15:24:46 Windows Update
27-01-2015 16:27:54 Windows 7 Upgrade Advisor wird entfernt
27-01-2015 17:10:04 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 17:58:45 Windows Update
27-01-2015 19:07:47 Windows Update
27-01-2015 20:18:51 Windows Update
28-01-2015 10:55:31 Windows-Sicherung
28-01-2015 11:18:35 Windows-Sicherung
28-01-2015 18:11:19 Windows Update
28-01-2015 19:54:31 Windows Update
28-01-2015 22:15:30 Windows Update
29-01-2015 10:15:45 Removed GPS Information
29-01-2015 11:32:27 Avira System Speedup 1.6

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D68C154-D1B3-4484-A5C8-B22DD74FD943} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {11846AAD-BE45-4371-9BCA-0B69B85E9EE8} - System32\Tasks\{C2DA5AD3-0EA2-4052-852F-459A6B7E6C11} => pcalua.exe -a "C:\Users\BAAX\Treiber\GPS Information\GPS Information.exe" -d "C:\Users\BAAX\Treiber\GPS Information"
Task: {3A3D4562-53E6-4676-B480-85DFCE8C2F54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {41B4193F-EF4B-4C2B-965B-137B23F2299F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {48F2F8D6-C0ED-4AF0-8A15-64E5CC0679A9} - System32\Tasks\{7FF2796E-85A3-4CB7-B279-4ED302779A1B} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {4D2A64AE-59A6-40C0-A8A4-F7017D9AF965} - System32\Tasks\{AED37218-957B-400F-BAFC-BF3A3D9E7464} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {4E3BD353-CB36-4BC6-92A4-0BD49D084B11} - System32\Tasks\{E0CAC66C-F618-4ABF-8F7B-C9BAA1405B61} => pcalua.exe -a D:\.\Setup.exe -d D:\
Task: {53CFC289-C9DB-4C28-95FD-CF94B79310A4} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-04-20] (Acer)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5E9D4E31-2774-46F7-A99D-F89A86917461} - System32\Tasks\Feven 1.5-updater => C:\Program Files\Feven 1.5\Feven 1.5-updater.exe <==== ATTENTION
Task: {67BFEF44-D40C-41EF-AD85-0EE8DC217644} - System32\Tasks\Feven 1.5-codedownloader => C:\Program Files\Feven 1.5\Feven 1.5-codedownloader.exe <==== ATTENTION
Task: {729DE8D7-5E3A-4C79-BAC9-E31CCFBC153E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7EE49644-2186-40EF-B52A-EB47F85BFCEC} - System32\Tasks\{1DA80BCC-2F5B-4949-8270-7A050CBA9E88} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {80731AB5-E8CC-419E-8378-F562D7E497B1} - System32\Tasks\{D69AEA43-0B7E-4081-83F5-671300D0C6F3} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {8721EF6E-2951-490A-8A48-1638DC6BC9B5} - System32\Tasks\Feven 1.5-firefoxinstaller => C:\Program Files\Feven 1.5\Feven 1.5-firefoxinstaller.exe <==== ATTENTION
Task: {98503F1B-08A2-465C-A637-D0A9866236CD} - System32\Tasks\{CDB2DAB7-C30C-475A-832B-518D5266F648} => pcalua.exe -a D:\GPSinfo.exe -d D:\
Task: {A47C46A8-6875-49E9-A1F5-A90A1A47F659} - System32\Tasks\{532390CC-C20D-49B8-9798-A683D83FB72A} => pcalua.exe -a C:\PROGRA~1\WinTV\UNWISE.EXE -c C:\Windows\WinTV7.LOG
Task: {AB9FDC53-BD99-4CE2-8362-291146CCF6C5} - System32\Tasks\{1FF8DCA5-C5FA-409D-BE6C-CDAC783900DA} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {ADAC53CC-E143-40B9-8810-5DDC353EE12C} - System32\Tasks\Feven 1.5-enabler => C:\Program Files\Feven 1.5\Feven 1.5-enabler.exe <==== ATTENTION
Task: {B254EAA7-CA46-448D-83F9-F083C1F5ECFA} - System32\Tasks\{C4668ACF-A7F5-419F-8392-12DF91AF3230} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {BCB76EC5-E870-4EF1-8CFE-FA478E249018} - System32\Tasks\{15B00BDB-E278-4510-8251-33C77069B42D} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {C9E0C07B-4EDA-4986-8959-D37A3B3B39D4} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {D23C28E3-CDDE-4549-BB3D-DF86A1EA4C5D} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {D423FE9A-7E9E-4C41-B222-A025684DDC4E} - System32\Tasks\{65BD746E-C32A-40E2-89EA-D6175B963874} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {D887F2E8-F7CD-4A66-812A-4B3960DB0ABC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-27] (Adobe Systems Incorporated)
Task: {D9D01430-B367-48CE-A34E-688976EB642E} - System32\Tasks\Feven 1.5-chromeinstaller => C:\Program Files\Feven 1.5\Feven 1.5-chromeinstaller.exe <==== ATTENTION
Task: {DA99E452-E66D-4D45-9C93-BEBA4975FF4A} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe [2015-01-21] (Avira Operations GmbH & Co. KG)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {E8CEDD43-41FC-46F8-8FA4-F917917BC562} - System32\Tasks\{AB8F4E4F-F176-4E72-B1CC-3523DEFEEE63} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {F9037A38-94C7-48CC-B9FF-1D42FE8C10DD} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Program Files\Feven 1.5\Feven 1.5-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files\Feven 1.5\Feven 1.5-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-enabler.job => C:\Program Files\Feven 1.5\Feven 1.5-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Program Files\Feven 1.5\Feven 1.5-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-updater.job => C:\Program Files\Feven 1.5\Feven 1.5-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (whitelisted) =============

2009-03-12 04:28 - 2008-12-18 13:51 - 00075048 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2009-02-02 16:33 - 2009-02-02 16:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00872448 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00007680 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2009-08-31 05:52 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2009-08-30 21:17 - 2008-07-29 18:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2015-01-29 11:17 - 2009-04-01 17:55 - 00024064 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2008-09-28 16:55 - 2008-09-28 16:55 - 01076224 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:BF31A799
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2631089936-2126389838-1365947476-500 - Administrator - Disabled)
BAAX (S-1-5-21-2631089936-2126389838-1365947476-1000 - Administrator - Enabled) => C:\Users\BAAX
Gast (S-1-5-21-2631089936-2126389838-1365947476-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2631089936-2126389838-1365947476-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2015 02:27:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0xe14
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (01/29/2015 02:27:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 02:24:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 01:52:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x1278
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (01/29/2015 01:52:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 11:57:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x1370
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (01/29/2015 11:56:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 11:32:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x7f8
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (01/29/2015 11:31:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 11:16:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x94
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3


System errors:
=============
Error: (01/29/2015 02:25:36 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/29/2015 02:25:36 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/29/2015 02:22:33 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/29/2015 02:22:33 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/29/2015 01:50:16 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/29/2015 01:50:16 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/29/2015 11:54:55 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/29/2015 11:54:55 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/29/2015 11:30:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/29/2015 11:30:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.


Microsoft Office Sessions:
=========================
Error: (10/25/2014 11:07:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 398 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/26/2014 00:14:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/14/2014 01:02:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 126 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/17/2010 06:07:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 342 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 36%
Total physical RAM: 3066.93 MB
Available physical RAM: 1943.74 MB
Total Pagefile: 6132.14 MB
Available Pagefile: 4748.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.72 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:225.71 GB) (Free:145.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:62.62 GB) (Free:62.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A12D36DD)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=225.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=62.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

--- --- ---

Zukünftig bitte beachten:

Zitat:

Running from C:\Users\BAAX\Downloads\Desktop

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.


Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Hallo Cosinus
Ich fange nocheimal in Ruhe an und hoffe das es jetzt besser läuft. Im Forum ist bei mir alles neu und "learing by doing" ist angesagt. Deinen Link werde ich mir jetzt mal ansehen.
Gruß Axel

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by BAAX at 2015-01-29 14:55:12
Running from C:\Users\BAAX\Downloads\Desktop
Boot Mode: Normal
==========================================================

 
==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Maker Version 1.0.8 (Build 116) (HKLM\...\7-PDF Maker_is1) (Version: 7-PDF Maker - Version 1.0.8 (Build 116) - 7-PDF, Germany - Thorsten Hodes)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.5.6121 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.5.6121 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.58 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.0.7.1 - Suyin Optronics Corp)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3008 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3016 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Ahnenblatt 2.81 (HKLM\...\Ahnenblatt_is1) (Version: 2.81.0.0 - Dirk Böttcher)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Antivirus Pro (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0F01}) (Version: 12.15.1.463 - APN, LLC)
Avira System Speedup 1.6 (HKLM\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Backup Manager Basic (Version: 1.0.0.58 - NewTech Infosystems) Hidden
Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
C:\Program Files\Acer GameZone\GameConsole (HKLM\...\{71C2828F-2678-4675-BDEC-895424861262}_is1) (Version: 2.0.1.6 - Oberon Media, Inc.)
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Delta toolbar   (HKLM\...\delta) (Version: 1.8.22.0 - Delta) <==== ATTENTION
Driver Detective (HKLM\...\{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}) (Version: 7.0.0 - PC Drivers HeadQuarters)
Elevated Installer (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GM(S) - Toolbar (HKLM\...\GM(S) - Toolbar) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Großer Reiseplaner 2008/2009 (HKLM\...\{466C2D04-E917-4093-B7DF-080C24A7151F}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Hauppauge Signal Monitor Utility (HKLM\...\Hauppauge Signal Monitor Utility) (Version:  - )
Hauppauge Software MPEG-2 Decoder Installer (HKLM\...\Hauppauge Software MPEG-2 Decoder Installer) (Version:  - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version:  - )
Hauppauge WinTV Infrared Remote (HKLM\...\Hauppauge WinTV Infrared Remote) (Version:  - )
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{9FAAE06C-DEDD-4299-B88D-1F9AD5E1547F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.10 - Acer Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Access database engine 2007 (German) (HKLM\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.59.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
ServicePack 1 Großer Reiseplaner 2008/2009 (HKLM\...\{283D4576-CBF8-4F65-84D3-7C5DC75F144E}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Storimbo (HKLM\...\Storimbo) (Version: 2013.11.19.213336 - Storimbo) <==== ATTENTION!
Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten (HKLM\...\{B23B43B5-DDDC-41DA-9700-F334744E694E}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zusatzmodul GPS-Pilot GRP09 (HKLM\...\{57C1CE64-FB40-49C2-AFFC-A80691D3F867}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Zusatzmodul GPS-Pilot GRP09 (Version: 12.5 - PTV Planung Transport Verkehr AG) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-01-2015 12:35:42 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 12:52:42 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 13:20:36 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 13:21:42 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 14:38:59 Windows Update
27-01-2015 15:24:46 Windows Update
27-01-2015 16:27:54 Windows 7 Upgrade Advisor wird entfernt
27-01-2015 17:10:04 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 17:58:45 Windows Update
27-01-2015 19:07:47 Windows Update
27-01-2015 20:18:51 Windows Update
28-01-2015 10:55:31 Windows-Sicherung
28-01-2015 11:18:35 Windows-Sicherung
28-01-2015 18:11:19 Windows Update
28-01-2015 19:54:31 Windows Update
28-01-2015 22:15:30 Windows Update
29-01-2015 10:15:45 Removed GPS Information
29-01-2015 11:32:27 Avira System Speedup 1.6

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D68C154-D1B3-4484-A5C8-B22DD74FD943} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {11846AAD-BE45-4371-9BCA-0B69B85E9EE8} - System32\Tasks\{C2DA5AD3-0EA2-4052-852F-459A6B7E6C11} => pcalua.exe -a "C:\Users\BAAX\Treiber\GPS Information\GPS Information.exe" -d "C:\Users\BAAX\Treiber\GPS Information"
Task: {3A3D4562-53E6-4676-B480-85DFCE8C2F54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {41B4193F-EF4B-4C2B-965B-137B23F2299F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {48F2F8D6-C0ED-4AF0-8A15-64E5CC0679A9} - System32\Tasks\{7FF2796E-85A3-4CB7-B279-4ED302779A1B} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {4D2A64AE-59A6-40C0-A8A4-F7017D9AF965} - System32\Tasks\{AED37218-957B-400F-BAFC-BF3A3D9E7464} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {4E3BD353-CB36-4BC6-92A4-0BD49D084B11} - System32\Tasks\{E0CAC66C-F618-4ABF-8F7B-C9BAA1405B61} => pcalua.exe -a D:\.\Setup.exe -d D:\
Task: {53CFC289-C9DB-4C28-95FD-CF94B79310A4} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-04-20] (Acer)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5E9D4E31-2774-46F7-A99D-F89A86917461} - System32\Tasks\Feven 1.5-updater => C:\Program Files\Feven 1.5\Feven 1.5-updater.exe <==== ATTENTION
Task: {67BFEF44-D40C-41EF-AD85-0EE8DC217644} - System32\Tasks\Feven 1.5-codedownloader => C:\Program Files\Feven 1.5\Feven 1.5-codedownloader.exe <==== ATTENTION
Task: {729DE8D7-5E3A-4C79-BAC9-E31CCFBC153E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7EE49644-2186-40EF-B52A-EB47F85BFCEC} - System32\Tasks\{1DA80BCC-2F5B-4949-8270-7A050CBA9E88} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {80731AB5-E8CC-419E-8378-F562D7E497B1} - System32\Tasks\{D69AEA43-0B7E-4081-83F5-671300D0C6F3} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {8721EF6E-2951-490A-8A48-1638DC6BC9B5} - System32\Tasks\Feven 1.5-firefoxinstaller => C:\Program Files\Feven 1.5\Feven 1.5-firefoxinstaller.exe <==== ATTENTION
Task: {98503F1B-08A2-465C-A637-D0A9866236CD} - System32\Tasks\{CDB2DAB7-C30C-475A-832B-518D5266F648} => pcalua.exe -a D:\GPSinfo.exe -d D:\
Task: {A47C46A8-6875-49E9-A1F5-A90A1A47F659} - System32\Tasks\{532390CC-C20D-49B8-9798-A683D83FB72A} => pcalua.exe -a C:\PROGRA~1\WinTV\UNWISE.EXE -c C:\Windows\WinTV7.LOG
Task: {AB9FDC53-BD99-4CE2-8362-291146CCF6C5} - System32\Tasks\{1FF8DCA5-C5FA-409D-BE6C-CDAC783900DA} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {ADAC53CC-E143-40B9-8810-5DDC353EE12C} - System32\Tasks\Feven 1.5-enabler => C:\Program Files\Feven 1.5\Feven 1.5-enabler.exe <==== ATTENTION
Task: {B254EAA7-CA46-448D-83F9-F083C1F5ECFA} - System32\Tasks\{C4668ACF-A7F5-419F-8392-12DF91AF3230} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {BCB76EC5-E870-4EF1-8CFE-FA478E249018} - System32\Tasks\{15B00BDB-E278-4510-8251-33C77069B42D} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {C9E0C07B-4EDA-4986-8959-D37A3B3B39D4} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {D23C28E3-CDDE-4549-BB3D-DF86A1EA4C5D} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {D423FE9A-7E9E-4C41-B222-A025684DDC4E} - System32\Tasks\{65BD746E-C32A-40E2-89EA-D6175B963874} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {D887F2E8-F7CD-4A66-812A-4B3960DB0ABC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-27] (Adobe Systems Incorporated)
Task: {D9D01430-B367-48CE-A34E-688976EB642E} - System32\Tasks\Feven 1.5-chromeinstaller => C:\Program Files\Feven 1.5\Feven 1.5-chromeinstaller.exe <==== ATTENTION
Task: {DA99E452-E66D-4D45-9C93-BEBA4975FF4A} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe [2015-01-21] (Avira Operations GmbH & Co. KG)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {E8CEDD43-41FC-46F8-8FA4-F917917BC562} - System32\Tasks\{AB8F4E4F-F176-4E72-B1CC-3523DEFEEE63} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {F9037A38-94C7-48CC-B9FF-1D42FE8C10DD} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Program Files\Feven 1.5\Feven 1.5-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files\Feven 1.5\Feven 1.5-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-enabler.job => C:\Program Files\Feven 1.5\Feven 1.5-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Program Files\Feven 1.5\Feven 1.5-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-updater.job => C:\Program Files\Feven 1.5\Feven 1.5-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (whitelisted) =============

2009-03-12 04:28 - 2008-12-18 13:51 - 00075048 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2009-02-02 16:33 - 2009-02-02 16:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00872448 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00007680 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2009-08-31 05:52 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2009-08-30 21:17 - 2008-07-29 18:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2015-01-29 11:17 - 2009-04-01 17:55 - 00024064 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2008-09-28 16:55 - 2008-09-28 16:55 - 01076224 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:BF31A799
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2631089936-2126389838-1365947476-500 - Administrator - Disabled)
BAAX (S-1-5-21-2631089936-2126389838-1365947476-1000 - Administrator - Enabled) => C:\Users\BAAX
Gast (S-1-5-21-2631089936-2126389838-1365947476-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2631089936-2126389838-1365947476-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2015 02:27:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0xe14
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (01/29/2015 02:27:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 02:24:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 01:52:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x1278
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (01/29/2015 01:52:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 11:57:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x1370
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (01/29/2015 11:56:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 11:32:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x7f8
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (01/29/2015 11:31:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 11:16:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x94
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3


System errors:
=============
Error: (01/29/2015 02:25:36 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/29/2015 02:25:36 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/29/2015 02:22:33 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/29/2015 02:22:33 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/29/2015 01:50:16 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/29/2015 01:50:16 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/29/2015 11:54:55 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/29/2015 11:54:55 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/29/2015 11:30:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/29/2015 11:30:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.


Microsoft Office Sessions:
=========================
Error: (10/25/2014 11:07:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 398 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/26/2014 00:14:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/14/2014 01:02:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 126 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/17/2010 06:07:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 342 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 36%
Total physical RAM: 3066.93 MB
Available physical RAM: 1943.74 MB
Total Pagefile: 6132.14 MB
Available Pagefile: 4748.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.72 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:225.71 GB) (Free:145.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:62.62 GB) (Free:62.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A12D36DD)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=225.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=62.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Zitat:

Running from C:\Users\BAAX\Downloads\Desktop

Ist immer noch nicht der Ort, den wir in den Anleitungen meinen. Der Desktop ist die Arbeitsfläche selbst...die die du siehst wenn alle Programme minimiert sind.

Hallo Cosinus
Ich habe mit Malwarebytes Anti-Rootkit gescant. Ergebniss: No malware found!
Zu den Thema:
"Ist immer noch nicht der Ort, den wir in den Anleitungen meinen." Desktop weis ich! Es ist Alles auf den Desktop gespeichert
Warscheinlich habe ich ein Problem mit den Begriff : Logfile= Symbol auf Desktop ?
Mit rechter Maustaste rauf ; kopieren?
Dann in Editor speichern: das klappt jetzt! Mache ich am Anfang etwas falsch ?

Wie gesagt learing by doing Danke für die Geduld Gruß Axel

Falsch: Running from C:\Users\BAAX\Downloads\Desktop
Richtig: Running from C:\Users\BAAX\Desktop



Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo Cosinus
Ich bin deinen Anweisungen gefolgt.Die lästige Meldung beim Start ist weg.Wenn jetzt alles gut ist bedanke ich mich sehr und empfehle Euch weiter. Meinen Firefox werde ich deinstallieren. Hier sind noch die Inhalte der 5 Dateien:


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by BAAX (administrator) on BAAX-PC on 30-01-2015 15:01:49
Running from C:\Users\BAAX\Downloads\Desktop
Loaded Profiles: BAAX (Available profiles: BAAX)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Windows\PLFSetI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Realtek Semiconductor Corp.) C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-09-12] (Google Inc.)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49319;https=127.0.0.1:49319
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\abs@avira.com [2015-01-29]
FF Extension: html5 converter - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\{27fca76e-6082-452f-ad98-94b3e64778f3}.xpi [2015-01-29]
FF Extension: {e3a58803-7a45-4e48-8964-75dfd6b69cc9} - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\{e3a58803-7a45-4e48-8964-75dfd6b69cc9}.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-14]
FF HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (YouTube) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (Google Search) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [442368 2009-04-01] (Hauppauge Computer Works) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-21] (Avira Operations GmbH & Co. KG)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [45824 2008-12-11] (Hauppauge Computer Works, Inc.)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 14:54 - 2015-01-30 14:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 14:30 - 2015-01-30 15:00 - 00000000 ____D () C:\AdwCleaner
2015-01-30 12:08 - 2015-01-30 12:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 12:08 - 2015-01-30 12:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 12:05 - 2015-01-30 12:05 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 14:54 - 2015-01-30 15:01 - 00000000 ____D () C:\FRST
2015-01-29 11:33 - 2015-01-29 11:33 - 00001287 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-01-29 11:18 - 2015-01-29 11:18 - 00020433 _____ () C:\Windows\WinTV7.LOG
2015-01-29 11:18 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:18 - 00006198 _____ () C:\Windows\HCWPNP.INI
2015-01-29 11:17 - 2015-01-29 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:17 - 00001039 _____ () C:\Users\Public\Desktop\WinTV 7.lnk
2015-01-29 11:17 - 2015-01-29 11:17 - 00000000 ____D () C:\Users\Public\WinTV
2015-01-29 11:17 - 2009-01-16 01:00 - 00303160 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwpnp32.dll
2015-01-29 11:17 - 2008-09-26 11:18 - 00106552 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\hcwi2c32.dll
2015-01-29 11:17 - 2004-06-08 06:03 - 00036921 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwutl32.dll
2015-01-29 11:05 - 2008-08-21 20:11 - 00070472 _____ () C:\Windows\system32\Drivers\hcw17isd.1b0
2015-01-29 11:05 - 2008-08-21 19:29 - 00085656 _____ () C:\Windows\system32\Drivers\hcw17dvb.1b0
2015-01-29 10:45 - 2015-01-30 14:38 - 00002340 _____ () C:\Windows\PFRO.log
2015-01-28 18:11 - 2015-01-30 11:12 - 00076622 _____ () C:\Windows\IE11_main.log
2015-01-28 17:24 - 2015-01-30 14:38 - 00593673 _____ () C:\Windows\setupact.log
2015-01-28 17:24 - 2015-01-30 14:38 - 00002728 _____ () C:\Windows\error.log
2015-01-28 17:24 - 2015-01-30 14:38 - 00000594 _____ () C:\Windows\errord.log
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-28 17:20 - 2015-01-28 17:22 - 00000000 ____D () C:\Users\BAAX\Documents\Backup Reg
2015-01-27 12:43 - 2015-01-29 11:33 - 00000000 ____D () C:\Users\BAAX\AppData\Local\AviraSpeedup
2015-01-27 12:30 - 2015-01-29 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-01-27 12:22 - 2015-01-27 12:22 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\BAAX\Downloads\avira_de_ulsuse_10969743_v51n5vii8f3tfkqon253_wd.exe
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\MSDOS.SYS
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\IO.SYS
2015-01-26 15:20 - 2015-01-30 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\Users\BAAX\AppData\Local\F-Secure
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\ProgramData\F-Secure
2015-01-26 12:01 - 2015-01-30 14:39 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-01-18 16:22 - 2015-01-27 11:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-31 13:17 - 2015-01-27 17:40 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-31 13:17 - 2015-01-27 17:40 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-31 13:17 - 2015-01-27 11:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-31 13:17 - 2014-12-31 13:18 - 00000000 ____D () C:\Users\BAAX\AppData\Local\Mozilla
2014-12-31 13:17 - 2014-12-31 13:17 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-31 13:15 - 2014-12-31 13:15 - 39441776 _____ () C:\Users\BAAX\Downloads\Firefox Setup 34.0.5.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 14:47 - 2010-02-05 08:59 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 14:46 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 14:46 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 14:43 - 2010-02-05 10:46 - 01128294 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 14:40 - 2012-08-23 22:13 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Skype
2015-01-30 14:39 - 2010-02-05 08:59 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 14:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 14:32 - 2010-02-05 10:55 - 00001142 _____ () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-30 14:10 - 2013-12-20 16:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 13:10 - 2010-02-05 10:55 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 14:19 - 2009-10-07 12:13 - 00000000 __SHD () C:\Users\BAAX\AppData\Roaming\.#
2015-01-29 11:18 - 2009-09-11 21:17 - 00000000 ____D () C:\Program Files\WinTV
2015-01-29 11:18 - 2009-09-11 19:12 - 00033169 _____ () C:\Windows\Irremote.ini
2015-01-29 11:17 - 2009-09-11 19:12 - 00000510 _____ () C:\Windows\ODBC.INI
2015-01-29 11:17 - 2009-09-11 19:12 - 00000209 _____ () C:\Windows\ODBCINST.INI
2015-01-29 11:17 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-29 11:02 - 2009-09-11 21:11 - 00263228 _____ () C:\hcwclear.txt
2015-01-29 10:18 - 2010-02-05 10:25 - 00000000 ____D () C:\Users\BAAX
2015-01-29 10:16 - 2009-11-21 15:06 - 00000000 ____D () C:\Program Files\GPS Information
2015-01-28 17:17 - 2010-02-05 10:21 - 00000000 ____D () C:\Windows\Panther
2015-01-28 17:17 - 2010-01-29 17:30 - 00000000 ____D () C:\Users\BAAX\Tracing
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagerr.xml
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-28 10:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-27 14:26 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 14:09 - 2009-03-12 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2015-01-27 12:55 - 2013-12-20 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-27 12:42 - 2010-02-05 10:55 - 00081328 _____ () C:\Users\BAAX\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 12:42 - 2009-07-14 05:33 - 00342424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 12:36 - 2014-07-11 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-01-27 12:36 - 2010-03-07 13:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 12:28 - 2013-12-20 17:02 - 00000000 ____D () C:\Program Files\Avira
2015-01-27 12:24 - 2013-05-27 19:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-27 09:10 - 2013-12-20 16:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-27 09:10 - 2013-12-20 16:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 15:35 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 14:26 - 2014-07-11 10:55 - 00000000 ____D () C:\Program Files\Ahnenblatt
2015-01-15 14:24 - 2014-07-11 10:55 - 00000000 ____D () C:\Users\BAAX\Documents\Ahnenblatt
2015-01-13 21:45 - 2013-09-01 18:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 21:38 - 2011-01-27 15:34 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2009-09-12 08:40 - 2009-10-04 17:02 - 0000088 _____ () C:\Users\BAAX\AppData\Roaming\wklnhst.dat
2011-12-13 13:46 - 2011-12-13 13:51 - 0027136 _____ () C:\Users\BAAX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-27 09:22 - 2011-07-27 09:22 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{68174423-0BEE-4E44-96CE-6F01359AE1A3}
2011-07-27 17:42 - 2011-07-27 17:43 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{901EC024-5227-4AFF-A081-207CF41E03F6}
2011-07-29 15:52 - 2011-07-29 15:52 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{9B7C00CF-E664-4ED2-9A00-FA67C63BC8E4}
2011-06-24 20:21 - 2011-06-24 20:21 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{DD52C373-A691-469D-AB25-1CE36843F8F8}
2011-07-29 16:31 - 2011-07-29 16:32 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{EC25614B-9C4E-4E58-8EFD-3320E6FBF92E}

Some content of TEMP:
====================
C:\Users\BAAX\AppData\Local\Temp\avgnt.exe
C:\Users\BAAX\AppData\Local\Temp\Quarantine.exe
C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\BAAX\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 09:57

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by BAAX at 2015-01-30 15:03:15
Running from C:\Users\BAAX\Downloads\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Maker Version 1.0.8 (Build 116) (HKLM\...\7-PDF Maker_is1) (Version: 7-PDF Maker - Version 1.0.8 (Build 116) - 7-PDF, Germany - Thorsten Hodes)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.5.6121 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.5.6121 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.58 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.0.7.1 - Suyin Optronics Corp)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3008 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3016 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Ahnenblatt 2.81 (HKLM\...\Ahnenblatt_is1) (Version: 2.81.0.0 - Dirk Böttcher)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Antivirus Pro (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0F01}) (Version: 12.15.1.463 - APN, LLC)
Avira System Speedup 1.6 (HKLM\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Backup Manager Basic (Version: 1.0.0.58 - NewTech Infosystems) Hidden
Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
C:\Program Files\Acer GameZone\GameConsole (HKLM\...\{71C2828F-2678-4675-BDEC-895424861262}_is1) (Version: 2.0.1.6 - Oberon Media, Inc.)
Driver Detective (HKLM\...\{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}) (Version: 7.0.0 - PC Drivers HeadQuarters)
Elevated Installer (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GM(S) - Toolbar (HKLM\...\GM(S) - Toolbar) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Großer Reiseplaner 2008/2009 (HKLM\...\{466C2D04-E917-4093-B7DF-080C24A7151F}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Hauppauge Signal Monitor Utility (HKLM\...\Hauppauge Signal Monitor Utility) (Version:  - )
Hauppauge Software MPEG-2 Decoder Installer (HKLM\...\Hauppauge Software MPEG-2 Decoder Installer) (Version:  - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version:  - )
Hauppauge WinTV Infrared Remote (HKLM\...\Hauppauge WinTV Infrared Remote) (Version:  - )
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{9FAAE06C-DEDD-4299-B88D-1F9AD5E1547F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.10 - Acer Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Access database engine 2007 (German) (HKLM\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.59.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
ServicePack 1 Großer Reiseplaner 2008/2009 (HKLM\...\{283D4576-CBF8-4F65-84D3-7C5DC75F144E}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten (HKLM\...\{B23B43B5-DDDC-41DA-9700-F334744E694E}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zusatzmodul GPS-Pilot GRP09 (HKLM\...\{57C1CE64-FB40-49C2-AFFC-A80691D3F867}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Zusatzmodul GPS-Pilot GRP09 (Version: 12.5 - PTV Planung Transport Verkehr AG) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-01-2015 13:20:36 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 13:21:42 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 14:38:59 Windows Update
27-01-2015 15:24:46 Windows Update
27-01-2015 16:27:54 Windows 7 Upgrade Advisor wird entfernt
27-01-2015 17:10:04 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 17:58:45 Windows Update
27-01-2015 19:07:47 Windows Update
27-01-2015 20:18:51 Windows Update
28-01-2015 10:55:31 Windows-Sicherung
28-01-2015 11:18:35 Windows-Sicherung
28-01-2015 18:11:19 Windows Update
28-01-2015 19:54:31 Windows Update
28-01-2015 22:15:30 Windows Update
29-01-2015 10:15:45 Removed GPS Information
29-01-2015 11:32:27 Avira System Speedup 1.6
29-01-2015 16:42:44 Windows Update
30-01-2015 11:08:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D68C154-D1B3-4484-A5C8-B22DD74FD943} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {11846AAD-BE45-4371-9BCA-0B69B85E9EE8} - System32\Tasks\{C2DA5AD3-0EA2-4052-852F-459A6B7E6C11} => pcalua.exe -a "C:\Users\BAAX\Treiber\GPS Information\GPS Information.exe" -d "C:\Users\BAAX\Treiber\GPS Information"
Task: {3A3D4562-53E6-4676-B480-85DFCE8C2F54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {41B4193F-EF4B-4C2B-965B-137B23F2299F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {48F2F8D6-C0ED-4AF0-8A15-64E5CC0679A9} - System32\Tasks\{7FF2796E-85A3-4CB7-B279-4ED302779A1B} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {4D2A64AE-59A6-40C0-A8A4-F7017D9AF965} - System32\Tasks\{AED37218-957B-400F-BAFC-BF3A3D9E7464} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {4E3BD353-CB36-4BC6-92A4-0BD49D084B11} - System32\Tasks\{E0CAC66C-F618-4ABF-8F7B-C9BAA1405B61} => pcalua.exe -a D:\.\Setup.exe -d D:\
Task: {53CFC289-C9DB-4C28-95FD-CF94B79310A4} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-04-20] (Acer)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {729DE8D7-5E3A-4C79-BAC9-E31CCFBC153E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7EE49644-2186-40EF-B52A-EB47F85BFCEC} - System32\Tasks\{1DA80BCC-2F5B-4949-8270-7A050CBA9E88} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {80731AB5-E8CC-419E-8378-F562D7E497B1} - System32\Tasks\{D69AEA43-0B7E-4081-83F5-671300D0C6F3} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {98503F1B-08A2-465C-A637-D0A9866236CD} - System32\Tasks\{CDB2DAB7-C30C-475A-832B-518D5266F648} => pcalua.exe -a D:\GPSinfo.exe -d D:\
Task: {A47C46A8-6875-49E9-A1F5-A90A1A47F659} - System32\Tasks\{532390CC-C20D-49B8-9798-A683D83FB72A} => pcalua.exe -a C:\PROGRA~1\WinTV\UNWISE.EXE -c C:\Windows\WinTV7.LOG
Task: {AB9FDC53-BD99-4CE2-8362-291146CCF6C5} - System32\Tasks\{1FF8DCA5-C5FA-409D-BE6C-CDAC783900DA} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {B254EAA7-CA46-448D-83F9-F083C1F5ECFA} - System32\Tasks\{C4668ACF-A7F5-419F-8392-12DF91AF3230} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {BCB76EC5-E870-4EF1-8CFE-FA478E249018} - System32\Tasks\{15B00BDB-E278-4510-8251-33C77069B42D} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {D23C28E3-CDDE-4549-BB3D-DF86A1EA4C5D} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {D423FE9A-7E9E-4C41-B222-A025684DDC4E} - System32\Tasks\{65BD746E-C32A-40E2-89EA-D6175B963874} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {D887F2E8-F7CD-4A66-812A-4B3960DB0ABC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-27] (Adobe Systems Incorporated)
Task: {DA99E452-E66D-4D45-9C93-BEBA4975FF4A} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe [2015-01-21] (Avira Operations GmbH & Co. KG)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {E8CEDD43-41FC-46F8-8FA4-F917917BC562} - System32\Tasks\{AB8F4E4F-F176-4E72-B1CC-3523DEFEEE63} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {F9037A38-94C7-48CC-B9FF-1D42FE8C10DD} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (whitelisted) =============

2009-03-12 04:28 - 2008-12-18 13:51 - 00075048 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2015-01-29 11:17 - 2009-04-01 17:55 - 00024064 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2009-02-02 16:33 - 2009-02-02 16:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-28 16:55 - 2008-09-28 16:55 - 01076224 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00872448 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00007680 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2009-08-31 05:52 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2009-08-30 21:17 - 2008-07-29 18:29 - 00200704 _____ () C:\Windows\PLFSetI.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:BF31A799
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2631089936-2126389838-1365947476-500 - Administrator - Disabled)
BAAX (S-1-5-21-2631089936-2126389838-1365947476-1000 - Administrator - Enabled) => C:\Users\BAAX
Gast (S-1-5-21-2631089936-2126389838-1365947476-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2631089936-2126389838-1365947476-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (10/25/2014 11:07:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 398 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/26/2014 00:14:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/14/2014 01:02:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 126 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/17/2010 06:07:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 342 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 3066.93 MB
Available physical RAM: 2031.58 MB
Total Pagefile: 6132.14 MB
Available Pagefile: 4705.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.02 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:225.71 GB) (Free:146.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:62.62 GB) (Free:62.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A12D36DD)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=225.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=62.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 30/01/2015 um 14:32:52
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : BAAX - BAAX-PC
# Gestartet von : C:\Users\BAAX\Downloads\Desktop\AdwCleaner09.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\PC Drivers HeadQuarters
Ordner Gelöscht : C:\ProgramData\d491183000005039
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
Ordner Gelöscht : C:\Program Files\LyriXeeker
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\PC Drivers HeadQuarters
Ordner Gelöscht : C:\Program Files\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\BAAX\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\BAAX\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\BAAX\AppData\LocalLow\Feven 1.5
Ordner Gelöscht : C:\Users\BAAX\AppData\LocalLow\mySecureSurfer
Ordner Gelöscht : C:\Users\BAAX\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\BAAX\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\BAAX\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\BAAX\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\BAAX\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\BAAX\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\faststartff@gmail.com
Ordner Gelöscht : C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\fftoolbar2014@etech.com
Ordner Gelöscht : C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg
Ordner Gelöscht : C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojlgbehpaeekopencdagbdamnkppci
[/!\] Nicht Gelöscht ( Junction ) : C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\user.js

***** [ Tasks ] *****

Task Gelöscht : BitGuard

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\BAAX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\BAAX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [lyrix@lyrixeeker.co]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKCU\Software\52558cdfe13ae543
Schlüssel Gelöscht : HKLM\SOFTWARE\52558cdfe13ae543
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322852232}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355855532}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366856632}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{24F1B05F-D97E-4934-91C3-10C08F8E4E74}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344854432}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Storimbo
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Feven 1.5
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Feven 1.5
Schlüssel Gelöscht : HKLM\SOFTWARE\nationzoomSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\webssearchesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Storimbo
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16599

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[227jvlwa.default-1422178544952\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[227jvlwa.default-1422178544952\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
[227jvlwa.default-1422178544952\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "webssearches");
[227jvlwa.default-1422178544952\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://istart.webssearches.com/favicon.ico");
[227jvlwa.default-1422178544952\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "webssearches");
[227jvlwa.default-1422178544952\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://istart.webssearches.com/web/?type=ds&ts=1422278824&from=cvs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A791945819458&q={searchTerms}");
[227jvlwa.default-1422178544952\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[227jvlwa.default-1422178544952\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[227jvlwa.default-1422178544952\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[227jvlwa.default-1422178544952\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3ind[...]

-\\ Google Chrome v

[C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [18624 octets] - [30/01/2015 14:30:41]
AdwCleaner[S0].txt - [17411 octets] - [30/01/2015 14:32:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17472 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 30/01/2015 um 14:30:41
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : BAAX - BAAX-PC
# Gestartet von : C:\Users\BAAX\Downloads\Desktop\AdwCleaner09.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\user.js
Datei Gefunden : C:\Windows\system32\roboot.exe
Ordner Gefunden : C:\Program Files\Common Files\ParetoLogic
Ordner Gefunden : C:\Program Files\LyriXeeker
Ordner Gefunden : C:\Program Files\MyPC Backup
Ordner Gefunden : C:\Program Files\PC Drivers HeadQuarters
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\d491183000005039
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
Ordner Gefunden : C:\ProgramData\ParetoLogic
Ordner Gefunden : C:\ProgramData\PC Drivers HeadQuarters
Ordner Gefunden : C:\Users\BAAX\AppData\Local\AskPartnerNetwork
Ordner Gefunden : C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg
Ordner Gefunden : C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg
Ordner Gefunden : C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojlgbehpaeekopencdagbdamnkppci
Ordner Gefunden : C:\Users\BAAX\AppData\Local\lollipop
Ordner Gefunden : C:\Users\BAAX\AppData\LocalLow\Feven 1.5
Ordner Gefunden : C:\Users\BAAX\AppData\LocalLow\mySecureSurfer
Ordner Gefunden : C:\Users\BAAX\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\BAAX\AppData\Roaming\DriverCure
Ordner Gefunden : C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gefunden : C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\faststartff@gmail.com
Ordner Gefunden : C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\fftoolbar2014@etech.com
Ordner Gefunden : C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\sparpilot@sparpilot.com
Ordner Gefunden : C:\Users\BAAX\AppData\Roaming\ParetoLogic
Ordner Gefunden : C:\Users\BAAX\AppData\Roaming\Systweak
Ordner Gefunden : C:\Users\BAAX\AppData\Roaming\webssearches
Ordner Gefunden : C:\Users\BAAX\Documents\Optimizer Pro

***** [ Tasks ] *****

Task Gefunden : BitGuard

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1387534911&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A791945819458
Schlüssel Gefunden : HKCU\Software\52558cdfe13ae543
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Feven 1.5
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\lollipop
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\ParetoLogic
Schlüssel Gefunden : HKCU\Software\Storimbo
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\52558cdfe13ae543
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322852232}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\d
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355855532}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366856632}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{24F1B05F-D97E-4934-91C3-10C08F8E4E74}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344854432}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Schlüssel Gefunden : HKLM\SOFTWARE\Feven 1.5
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Storimbo
Schlüssel Gefunden : HKLM\SOFTWARE\nationzoomSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gefunden : HKLM\SOFTWARE\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\webssearchesSoftware
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [lyrix@lyrixeeker.co]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16599

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1422278824&from=cvs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A791945819458
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nationzoom.com/web/?type=ds&ts=1387534911&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A791945819458&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}

-\\ Mozilla Firefox v35.0.1 (x86 de)

[227jvlwa.default-1422178544952] - Zeile gefunden : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[227jvlwa.default-1422178544952] - Zeile gefunden : user_pref("browser.search.defaultenginename", "Web Search");
[227jvlwa.default-1422178544952] - Zeile gefunden : user_pref("browser.search.searchengine.alias", "webssearches");
[227jvlwa.default-1422178544952] - Zeile gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://istart.webssearches.com/favicon.ico");
[227jvlwa.default-1422178544952] - Zeile gefunden : user_pref("browser.search.searchengine.name", "webssearches");
[227jvlwa.default-1422178544952] - Zeile gefunden : user_pref("browser.search.searchengine.url", "hxxp://istart.webssearches.com/web/?type=ds&ts=1422278824&from=cvs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A791945819458&q={searchTerms}");
[227jvlwa.default-1422178544952] - Zeile gefunden : user_pref("browser.search.selectedEngine", "Web Search");
[227jvlwa.default-1422178544952] - Zeile gefunden : user_pref("extensions.quick_start.enable_search1", false);
[227jvlwa.default-1422178544952] - Zeile gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[227jvlwa.default-1422178544952] - Zeile gefunden : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3ind[...]

-\\ Google Chrome v

[C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [18482 octets] - [30/01/2015 14:30:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18543 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by BAAX on 30.01.2015 at 14:54:40,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update storimbo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util storimbo



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Feven 1.5-chromeinstaller
Successfully deleted: [File] C:\Windows\System32\Tasks\Feven 1.5-codedownloader
Successfully deleted: [File] C:\Windows\System32\Tasks\Feven 1.5-enabler
Successfully deleted: [File] C:\Windows\System32\Tasks\Feven 1.5-firefoxinstaller
Successfully deleted: [File] C:\Windows\System32\Tasks\Feven 1.5-updater
Successfully deleted: [File] C:\Windows\Tasks\Feven 1.5-chromeinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Feven 1.5-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Feven 1.5-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Feven 1.5-updater.job



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\BAAX\AppData\Roaming\mozilla\firefox\profiles\227jvlwa.default-1422178544952\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "cvs");
user_pref("browser.search.searchengine.uid", "WDCXWD3200BEVT-22ZCT0_WD-WXB0A791945819458");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.01.2015 at 14:57:03,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49319;https=127.0.0.1:49319
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
Toolbar: HKLM - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
Task: {48F2F8D6-C0ED-4AF0-8A15-64E5CC0679A9} - System32\Tasks\{7FF2796E-85A3-4CB7-B279-4ED302779A1B} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {4D2A64AE-59A6-40C0-A8A4-F7017D9AF965} - System32\Tasks\{AED37218-957B-400F-BAFC-BF3A3D9E7464} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {7EE49644-2186-40EF-B52A-EB47F85BFCEC} - System32\Tasks\{1DA80BCC-2F5B-4949-8270-7A050CBA9E88} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {80731AB5-E8CC-419E-8378-F562D7E497B1} - System32\Tasks\{D69AEA43-0B7E-4081-83F5-671300D0C6F3} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {AB9FDC53-BD99-4CE2-8362-291146CCF6C5} - System32\Tasks\{1FF8DCA5-C5FA-409D-BE6C-CDAC783900DA} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {B254EAA7-CA46-448D-83F9-F083C1F5ECFA} - System32\Tasks\{C4668ACF-A7F5-419F-8392-12DF91AF3230} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {D423FE9A-7E9E-4C41-B222-A025684DDC4E} - System32\Tasks\{65BD746E-C32A-40E2-89EA-D6175B963874} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {E8CEDD43-41FC-46F8-8FA4-F917917BC562} - System32\Tasks\{AB8F4E4F-F176-4E72-B1CC-3523DEFEEE63} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:BF31A799
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
C:\Users\BAAX\AppData\Roaming\webssearches
C:\Program Files\Feven 1.5
C:\Users\BAAX\AppData\Roaming\Gutscheinmieze
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Hallo Cosinus
Ich habe Windowstaste +R gedrückt und notepad hineingeschrieben.
Dann auf OK geklickt und sehe ein leeres Feld (unbenannt Editor). Habe ich etwas falsch gemacht?
Darauf habe ich FRSTneu gestartet und anschließend den Fix Button angeklickt.
Der Inhalt ist anbei.

Außerdem ist mir aufgefallen, das auf den Desktop ein Dateiordner ist:
"mbar Dateiordner 30 MB 30.01.2015 12:05 Uhr". Wie soll ich damit umgehen?

Gruß Axel


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by BAAX (administrator) on BAAX-PC on 31-01-2015 13:50:06
Running from C:\Users\BAAX\Downloads\Desktop
Loaded Profiles: BAAX (Available profiles: BAAX)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Windows\PLFSetI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor Corp.) C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-09-12] (Google Inc.)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49319;https=127.0.0.1:49319
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\abs@avira.com [2015-01-29]
FF Extension: html5 converter - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\{27fca76e-6082-452f-ad98-94b3e64778f3}.xpi [2015-01-29]
FF Extension: {e3a58803-7a45-4e48-8964-75dfd6b69cc9} - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\{e3a58803-7a45-4e48-8964-75dfd6b69cc9}.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-14]
FF HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (YouTube) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (Google Search) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [442368 2009-04-01] (Hauppauge Computer Works) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-21] (Avira Operations GmbH & Co. KG)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [45824 2008-12-11] (Hauppauge Computer Works, Inc.)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 15:03 - 2015-01-30 15:03 - 00025687 _____ () C:\Users\BAAX\Desktop\Addition.txt
2015-01-30 15:01 - 2015-01-30 15:03 - 00029421 _____ () C:\Users\BAAX\Desktop\FRST.txt
2015-01-30 14:57 - 2015-01-30 14:57 - 00002041 _____ () C:\Users\BAAX\Desktop\JRT.txt
2015-01-30 14:54 - 2015-01-30 14:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 14:47 - 2015-01-30 14:47 - 01707939 _____ (Thisisu) C:\Users\BAAX\Desktop\JRT641.exe
2015-01-30 14:32 - 2015-01-30 14:33 - 00017553 _____ () C:\Users\BAAX\Desktop\AdwCleaner[S0].txt
2015-01-30 14:30 - 2015-01-30 15:00 - 00000000 ____D () C:\AdwCleaner
2015-01-30 14:30 - 2015-01-30 14:32 - 00018624 _____ () C:\Users\BAAX\Desktop\AdwCleaner[R0].txt
2015-01-30 14:27 - 2015-01-30 14:27 - 02194432 _____ () C:\Users\BAAX\Desktop\AdwCleaner09.exe
2015-01-30 12:08 - 2015-01-30 12:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 12:08 - 2015-01-30 12:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 12:05 - 2015-01-30 12:05 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 12:03 - 2015-01-30 12:03 - 16466552 _____ (Malwarebytes Corp.) C:\Users\BAAX\Desktop\mbar-1.08.3.1004.exe
2015-01-29 14:54 - 2015-01-31 13:50 - 00000000 ____D () C:\FRST
2015-01-29 11:33 - 2015-01-29 11:33 - 00001287 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-01-29 11:18 - 2015-01-29 11:18 - 00020433 _____ () C:\Windows\WinTV7.LOG
2015-01-29 11:18 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:18 - 00006198 _____ () C:\Windows\HCWPNP.INI
2015-01-29 11:17 - 2015-01-29 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:17 - 00001039 _____ () C:\Users\Public\Desktop\WinTV 7.lnk
2015-01-29 11:17 - 2015-01-29 11:17 - 00000000 ____D () C:\Users\Public\WinTV
2015-01-29 11:17 - 2009-01-16 01:00 - 00303160 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwpnp32.dll
2015-01-29 11:17 - 2008-09-26 11:18 - 00106552 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\hcwi2c32.dll
2015-01-29 11:17 - 2004-06-08 06:03 - 00036921 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwutl32.dll
2015-01-29 11:05 - 2008-08-21 20:11 - 00070472 _____ () C:\Windows\system32\Drivers\hcw17isd.1b0
2015-01-29 11:05 - 2008-08-21 19:29 - 00085656 _____ () C:\Windows\system32\Drivers\hcw17dvb.1b0
2015-01-29 10:45 - 2015-01-30 14:38 - 00002340 _____ () C:\Windows\PFRO.log
2015-01-28 18:11 - 2015-01-31 11:47 - 00125617 _____ () C:\Windows\IE11_main.log
2015-01-28 17:24 - 2015-01-31 13:40 - 00656601 _____ () C:\Windows\setupact.log
2015-01-28 17:24 - 2015-01-31 13:40 - 00003472 _____ () C:\Windows\error.log
2015-01-28 17:24 - 2015-01-31 13:40 - 00000756 _____ () C:\Windows\errord.log
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-28 17:20 - 2015-01-28 17:22 - 00000000 ____D () C:\Users\BAAX\Documents\Backup Reg
2015-01-27 12:43 - 2015-01-29 11:33 - 00000000 ____D () C:\Users\BAAX\AppData\Local\AviraSpeedup
2015-01-27 12:30 - 2015-01-29 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-01-27 12:22 - 2015-01-27 12:22 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\BAAX\Downloads\avira_de_ulsuse_10969743_v51n5vii8f3tfkqon253_wd.exe
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\MSDOS.SYS
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\IO.SYS
2015-01-26 15:20 - 2015-01-30 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\Users\BAAX\AppData\Local\F-Secure
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\ProgramData\F-Secure
2015-01-26 12:01 - 2015-01-31 13:40 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-01-18 16:22 - 2015-01-27 11:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 13:49 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 13:49 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 13:47 - 2010-02-05 10:46 - 01475257 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 13:47 - 2010-02-05 08:59 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 13:42 - 2012-08-23 22:13 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Skype
2015-01-31 13:40 - 2010-02-05 08:59 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 13:40 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 18:10 - 2013-12-20 16:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 15:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 14:32 - 2010-02-05 10:55 - 00001142 _____ () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-30 13:10 - 2010-02-05 10:55 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 14:19 - 2009-10-07 12:13 - 00000000 __SHD () C:\Users\BAAX\AppData\Roaming\.#
2015-01-29 11:18 - 2009-09-11 21:17 - 00000000 ____D () C:\Program Files\WinTV
2015-01-29 11:18 - 2009-09-11 19:12 - 00033169 _____ () C:\Windows\Irremote.ini
2015-01-29 11:17 - 2009-09-11 19:12 - 00000510 _____ () C:\Windows\ODBC.INI
2015-01-29 11:17 - 2009-09-11 19:12 - 00000209 _____ () C:\Windows\ODBCINST.INI
2015-01-29 11:17 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-29 11:02 - 2009-09-11 21:11 - 00263228 _____ () C:\hcwclear.txt
2015-01-29 10:18 - 2010-02-05 10:25 - 00000000 ____D () C:\Users\BAAX
2015-01-29 10:16 - 2009-11-21 15:06 - 00000000 ____D () C:\Program Files\GPS Information
2015-01-28 17:17 - 2010-02-05 10:21 - 00000000 ____D () C:\Windows\Panther
2015-01-28 17:17 - 2010-01-29 17:30 - 00000000 ____D () C:\Users\BAAX\Tracing
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagerr.xml
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-28 10:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-27 17:40 - 2014-12-31 13:17 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-27 17:40 - 2014-12-31 13:17 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-27 14:26 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 14:09 - 2009-03-12 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2015-01-27 12:55 - 2013-12-20 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-27 12:42 - 2010-02-05 10:55 - 00081328 _____ () C:\Users\BAAX\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 12:42 - 2009-07-14 05:33 - 00342424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 12:36 - 2014-07-11 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-01-27 12:36 - 2010-03-07 13:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 12:28 - 2013-12-20 17:02 - 00000000 ____D () C:\Program Files\Avira
2015-01-27 12:24 - 2013-05-27 19:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-27 11:57 - 2014-12-31 13:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 09:10 - 2013-12-20 16:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-27 09:10 - 2013-12-20 16:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 15:35 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 14:26 - 2014-07-11 10:55 - 00000000 ____D () C:\Program Files\Ahnenblatt
2015-01-15 14:24 - 2014-07-11 10:55 - 00000000 ____D () C:\Users\BAAX\Documents\Ahnenblatt
2015-01-13 21:45 - 2013-09-01 18:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 21:38 - 2011-01-27 15:34 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2009-09-12 08:40 - 2009-10-04 17:02 - 0000088 _____ () C:\Users\BAAX\AppData\Roaming\wklnhst.dat
2011-12-13 13:46 - 2011-12-13 13:51 - 0027136 _____ () C:\Users\BAAX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-27 09:22 - 2011-07-27 09:22 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{68174423-0BEE-4E44-96CE-6F01359AE1A3}
2011-07-27 17:42 - 2011-07-27 17:43 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{901EC024-5227-4AFF-A081-207CF41E03F6}
2011-07-29 15:52 - 2011-07-29 15:52 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{9B7C00CF-E664-4ED2-9A00-FA67C63BC8E4}
2011-06-24 20:21 - 2011-06-24 20:21 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{DD52C373-A691-469D-AB25-1CE36843F8F8}
2011-07-29 16:31 - 2011-07-29 16:32 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{EC25614B-9C4E-4E58-8EFD-3320E6FBF92E}

Some content of TEMP:
====================
C:\Users\BAAX\AppData\Local\Temp\avgnt.exe
C:\Users\BAAX\AppData\Local\Temp\Quarantine.exe
C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\BAAX\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 09:57

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Lies doch bitte die Instruktionen zum Fix richtig

Hallo Cosinus
Ist das so OK? FRST starten, Scan klicken, nach Scan Fix klicken. Und den Inhalt posten.
Gruß Axel


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by BAAX (administrator) on BAAX-PC on 31-01-2015 19:53:25
Running from C:\Users\BAAX\Downloads\Desktop
Loaded Profiles: BAAX (Available profiles: BAAX)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Windows\PLFSetI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Realtek Semiconductor Corp.) C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-09-12] (Google Inc.)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49319;https=127.0.0.1:49319
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\abs@avira.com [2015-01-29]
FF Extension: html5 converter - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\{27fca76e-6082-452f-ad98-94b3e64778f3}.xpi [2015-01-29]
FF Extension: {e3a58803-7a45-4e48-8964-75dfd6b69cc9} - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\{e3a58803-7a45-4e48-8964-75dfd6b69cc9}.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-14]
FF HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (YouTube) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (Google Search) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [442368 2009-04-01] (Hauppauge Computer Works) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-21] (Avira Operations GmbH & Co. KG)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [45824 2008-12-11] (Hauppauge Computer Works, Inc.)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 15:03 - 2015-01-30 15:03 - 00025687 _____ () C:\Users\BAAX\Desktop\Addition.txt
2015-01-30 15:01 - 2015-01-30 15:03 - 00029421 _____ () C:\Users\BAAX\Desktop\FRST.txt
2015-01-30 14:57 - 2015-01-30 14:57 - 00002041 _____ () C:\Users\BAAX\Desktop\JRT.txt
2015-01-30 14:54 - 2015-01-30 14:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 14:47 - 2015-01-30 14:47 - 01707939 _____ (Thisisu) C:\Users\BAAX\Desktop\JRT641.exe
2015-01-30 14:32 - 2015-01-30 14:33 - 00017553 _____ () C:\Users\BAAX\Desktop\AdwCleaner[S0].txt
2015-01-30 14:30 - 2015-01-30 15:00 - 00000000 ____D () C:\AdwCleaner
2015-01-30 14:30 - 2015-01-30 14:32 - 00018624 _____ () C:\Users\BAAX\Desktop\AdwCleaner[R0].txt
2015-01-30 14:27 - 2015-01-30 14:27 - 02194432 _____ () C:\Users\BAAX\Desktop\AdwCleaner09.exe
2015-01-30 12:08 - 2015-01-30 12:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 12:08 - 2015-01-30 12:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 12:05 - 2015-01-30 12:05 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 12:03 - 2015-01-30 12:03 - 16466552 _____ (Malwarebytes Corp.) C:\Users\BAAX\Desktop\mbar-1.08.3.1004.exe
2015-01-29 14:54 - 2015-01-31 19:53 - 00000000 ____D () C:\FRST
2015-01-29 11:33 - 2015-01-29 11:33 - 00001287 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-01-29 11:18 - 2015-01-29 11:18 - 00020433 _____ () C:\Windows\WinTV7.LOG
2015-01-29 11:18 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:18 - 00006198 _____ () C:\Windows\HCWPNP.INI
2015-01-29 11:17 - 2015-01-29 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:17 - 00001039 _____ () C:\Users\Public\Desktop\WinTV 7.lnk
2015-01-29 11:17 - 2015-01-29 11:17 - 00000000 ____D () C:\Users\Public\WinTV
2015-01-29 11:17 - 2009-01-16 01:00 - 00303160 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwpnp32.dll
2015-01-29 11:17 - 2008-09-26 11:18 - 00106552 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\hcwi2c32.dll
2015-01-29 11:17 - 2004-06-08 06:03 - 00036921 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwutl32.dll
2015-01-29 11:05 - 2008-08-21 20:11 - 00070472 _____ () C:\Windows\system32\Drivers\hcw17isd.1b0
2015-01-29 11:05 - 2008-08-21 19:29 - 00085656 _____ () C:\Windows\system32\Drivers\hcw17dvb.1b0
2015-01-29 10:45 - 2015-01-30 14:38 - 00002340 _____ () C:\Windows\PFRO.log
2015-01-28 18:11 - 2015-01-31 14:29 - 00142645 _____ () C:\Windows\IE11_main.log
2015-01-28 17:24 - 2015-01-31 19:39 - 00667089 _____ () C:\Windows\setupact.log
2015-01-28 17:24 - 2015-01-31 19:39 - 00003596 _____ () C:\Windows\error.log
2015-01-28 17:24 - 2015-01-31 19:39 - 00000783 _____ () C:\Windows\errord.log
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-28 17:20 - 2015-01-28 17:22 - 00000000 ____D () C:\Users\BAAX\Documents\Backup Reg
2015-01-27 12:43 - 2015-01-29 11:33 - 00000000 ____D () C:\Users\BAAX\AppData\Local\AviraSpeedup
2015-01-27 12:30 - 2015-01-29 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-01-27 12:22 - 2015-01-27 12:22 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\BAAX\Downloads\avira_de_ulsuse_10969743_v51n5vii8f3tfkqon253_wd.exe
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\MSDOS.SYS
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\IO.SYS
2015-01-26 15:20 - 2015-01-30 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\Users\BAAX\AppData\Local\F-Secure
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\ProgramData\F-Secure
2015-01-26 12:01 - 2015-01-31 19:40 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-01-18 16:22 - 2015-01-27 11:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 19:48 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 19:48 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 19:47 - 2010-02-05 10:46 - 01563888 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 19:47 - 2010-02-05 08:59 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 19:41 - 2012-08-23 22:13 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Skype
2015-01-31 19:40 - 2010-02-05 08:59 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 19:39 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 14:10 - 2013-12-20 16:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 15:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 14:32 - 2010-02-05 10:55 - 00001142 _____ () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-30 13:10 - 2010-02-05 10:55 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 14:19 - 2009-10-07 12:13 - 00000000 __SHD () C:\Users\BAAX\AppData\Roaming\.#
2015-01-29 11:18 - 2009-09-11 21:17 - 00000000 ____D () C:\Program Files\WinTV
2015-01-29 11:18 - 2009-09-11 19:12 - 00033169 _____ () C:\Windows\Irremote.ini
2015-01-29 11:17 - 2009-09-11 19:12 - 00000510 _____ () C:\Windows\ODBC.INI
2015-01-29 11:17 - 2009-09-11 19:12 - 00000209 _____ () C:\Windows\ODBCINST.INI
2015-01-29 11:17 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-29 11:02 - 2009-09-11 21:11 - 00263228 _____ () C:\hcwclear.txt
2015-01-29 10:18 - 2010-02-05 10:25 - 00000000 ____D () C:\Users\BAAX
2015-01-29 10:16 - 2009-11-21 15:06 - 00000000 ____D () C:\Program Files\GPS Information
2015-01-28 17:17 - 2010-02-05 10:21 - 00000000 ____D () C:\Windows\Panther
2015-01-28 17:17 - 2010-01-29 17:30 - 00000000 ____D () C:\Users\BAAX\Tracing
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagerr.xml
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-28 10:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-27 17:40 - 2014-12-31 13:17 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-27 17:40 - 2014-12-31 13:17 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-27 14:26 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 14:09 - 2009-03-12 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2015-01-27 12:55 - 2013-12-20 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-27 12:42 - 2010-02-05 10:55 - 00081328 _____ () C:\Users\BAAX\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 12:42 - 2009-07-14 05:33 - 00342424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 12:36 - 2014-07-11 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-01-27 12:36 - 2010-03-07 13:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 12:28 - 2013-12-20 17:02 - 00000000 ____D () C:\Program Files\Avira
2015-01-27 12:24 - 2013-05-27 19:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-27 11:57 - 2014-12-31 13:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 09:10 - 2013-12-20 16:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-27 09:10 - 2013-12-20 16:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 15:35 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 14:26 - 2014-07-11 10:55 - 00000000 ____D () C:\Program Files\Ahnenblatt
2015-01-15 14:24 - 2014-07-11 10:55 - 00000000 ____D () C:\Users\BAAX\Documents\Ahnenblatt
2015-01-13 21:45 - 2013-09-01 18:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 21:38 - 2011-01-27 15:34 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2009-09-12 08:40 - 2009-10-04 17:02 - 0000088 _____ () C:\Users\BAAX\AppData\Roaming\wklnhst.dat
2011-12-13 13:46 - 2011-12-13 13:51 - 0027136 _____ () C:\Users\BAAX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-27 09:22 - 2011-07-27 09:22 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{68174423-0BEE-4E44-96CE-6F01359AE1A3}
2011-07-27 17:42 - 2011-07-27 17:43 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{901EC024-5227-4AFF-A081-207CF41E03F6}
2011-07-29 15:52 - 2011-07-29 15:52 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{9B7C00CF-E664-4ED2-9A00-FA67C63BC8E4}
2011-06-24 20:21 - 2011-06-24 20:21 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{DD52C373-A691-469D-AB25-1CE36843F8F8}
2011-07-29 16:31 - 2011-07-29 16:32 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{EC25614B-9C4E-4E58-8EFD-3320E6FBF92E}

Some content of TEMP:
====================
C:\Users\BAAX\AppData\Local\Temp\avgnt.exe
C:\Users\BAAX\AppData\Local\Temp\Quarantine.exe
C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\BAAX\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 09:57

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Nun lies doch bitte richtig! Noch einfacher als in diesen beiden Zeilen kann man es nicht erklären

Hallo Cosinus
Hoffentlich haben wir es zu zweit jetzt richtig gemacht.
Gruß Axel


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by BAAX (administrator) on BAAX-PC on 31-01-2015 23:00:13
Running from C:\Users\BAAX\Downloads\Desktop
Loaded Profiles: BAAX (Available profiles: BAAX)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Windows\PLFSetI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Realtek Semiconductor Corp.) C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-09-12] (Google Inc.)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49319;https=127.0.0.1:49319
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\abs@avira.com [2015-01-29]
FF Extension: html5 converter - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\{27fca76e-6082-452f-ad98-94b3e64778f3}.xpi [2015-01-29]
FF Extension: {e3a58803-7a45-4e48-8964-75dfd6b69cc9} - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\{e3a58803-7a45-4e48-8964-75dfd6b69cc9}.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-14]
FF HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (YouTube) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (Google Search) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [442368 2009-04-01] (Hauppauge Computer Works) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-21] (Avira Operations GmbH & Co. KG)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [45824 2008-12-11] (Hauppauge Computer Works, Inc.)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 15:03 - 2015-01-30 15:03 - 00025687 _____ () C:\Users\BAAX\Desktop\Addition.txt
2015-01-30 15:01 - 2015-01-30 15:03 - 00029421 _____ () C:\Users\BAAX\Desktop\FRST.txt
2015-01-30 14:57 - 2015-01-30 14:57 - 00002041 _____ () C:\Users\BAAX\Desktop\JRT.txt
2015-01-30 14:54 - 2015-01-30 14:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 14:47 - 2015-01-30 14:47 - 01707939 _____ (Thisisu) C:\Users\BAAX\Desktop\JRT641.exe
2015-01-30 14:32 - 2015-01-30 14:33 - 00017553 _____ () C:\Users\BAAX\Desktop\AdwCleaner[S0].txt
2015-01-30 14:30 - 2015-01-30 15:00 - 00000000 ____D () C:\AdwCleaner
2015-01-30 14:30 - 2015-01-30 14:32 - 00018624 _____ () C:\Users\BAAX\Desktop\AdwCleaner[R0].txt
2015-01-30 14:27 - 2015-01-30 14:27 - 02194432 _____ () C:\Users\BAAX\Desktop\AdwCleaner09.exe
2015-01-30 12:08 - 2015-01-30 12:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 12:08 - 2015-01-30 12:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 12:05 - 2015-01-30 12:05 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 12:03 - 2015-01-30 12:03 - 16466552 _____ (Malwarebytes Corp.) C:\Users\BAAX\Desktop\mbar-1.08.3.1004.exe
2015-01-29 14:54 - 2015-01-31 23:00 - 00000000 ____D () C:\FRST
2015-01-29 11:33 - 2015-01-29 11:33 - 00001287 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-01-29 11:18 - 2015-01-29 11:18 - 00020433 _____ () C:\Windows\WinTV7.LOG
2015-01-29 11:18 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:18 - 00006198 _____ () C:\Windows\HCWPNP.INI
2015-01-29 11:17 - 2015-01-29 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:17 - 00001039 _____ () C:\Users\Public\Desktop\WinTV 7.lnk
2015-01-29 11:17 - 2015-01-29 11:17 - 00000000 ____D () C:\Users\Public\WinTV
2015-01-29 11:17 - 2009-01-16 01:00 - 00303160 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwpnp32.dll
2015-01-29 11:17 - 2008-09-26 11:18 - 00106552 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\hcwi2c32.dll
2015-01-29 11:17 - 2004-06-08 06:03 - 00036921 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwutl32.dll
2015-01-29 11:05 - 2008-08-21 20:11 - 00070472 _____ () C:\Windows\system32\Drivers\hcw17isd.1b0
2015-01-29 11:05 - 2008-08-21 19:29 - 00085656 _____ () C:\Windows\system32\Drivers\hcw17dvb.1b0
2015-01-29 10:45 - 2015-01-30 14:38 - 00002340 _____ () C:\Windows\PFRO.log
2015-01-28 18:11 - 2015-01-31 22:51 - 00176701 _____ () C:\Windows\IE11_main.log
2015-01-28 17:24 - 2015-01-31 22:52 - 00698553 _____ () C:\Windows\setupact.log
2015-01-28 17:24 - 2015-01-31 22:52 - 00003968 _____ () C:\Windows\error.log
2015-01-28 17:24 - 2015-01-31 22:52 - 00000864 _____ () C:\Windows\errord.log
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-28 17:20 - 2015-01-28 17:22 - 00000000 ____D () C:\Users\BAAX\Documents\Backup Reg
2015-01-27 12:43 - 2015-01-29 11:33 - 00000000 ____D () C:\Users\BAAX\AppData\Local\AviraSpeedup
2015-01-27 12:30 - 2015-01-29 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-01-27 12:22 - 2015-01-27 12:22 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\BAAX\Downloads\avira_de_ulsuse_10969743_v51n5vii8f3tfkqon253_wd.exe
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\MSDOS.SYS
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\IO.SYS
2015-01-26 15:20 - 2015-01-30 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\Users\BAAX\AppData\Local\F-Secure
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\ProgramData\F-Secure
2015-01-26 12:01 - 2015-01-31 22:52 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-01-18 16:22 - 2015-01-27 11:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 22:59 - 2010-02-05 10:46 - 01755630 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 22:54 - 2012-08-23 22:13 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Skype
2015-01-31 22:53 - 2010-02-05 08:59 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 22:52 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 22:47 - 2010-02-05 08:59 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 22:41 - 2009-02-11 21:03 - 00000000 ____D () C:\Acer
2015-01-31 22:10 - 2013-12-20 16:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 22:08 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 22:08 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 15:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 14:32 - 2010-02-05 10:55 - 00001142 _____ () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-30 13:10 - 2010-02-05 10:55 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 14:19 - 2009-10-07 12:13 - 00000000 __SHD () C:\Users\BAAX\AppData\Roaming\.#
2015-01-29 11:18 - 2009-09-11 21:17 - 00000000 ____D () C:\Program Files\WinTV
2015-01-29 11:18 - 2009-09-11 19:12 - 00033169 _____ () C:\Windows\Irremote.ini
2015-01-29 11:17 - 2009-09-11 19:12 - 00000510 _____ () C:\Windows\ODBC.INI
2015-01-29 11:17 - 2009-09-11 19:12 - 00000209 _____ () C:\Windows\ODBCINST.INI
2015-01-29 11:17 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-29 11:02 - 2009-09-11 21:11 - 00263228 _____ () C:\hcwclear.txt
2015-01-29 10:18 - 2010-02-05 10:25 - 00000000 ____D () C:\Users\BAAX
2015-01-29 10:16 - 2009-11-21 15:06 - 00000000 ____D () C:\Program Files\GPS Information
2015-01-28 17:17 - 2010-02-05 10:21 - 00000000 ____D () C:\Windows\Panther
2015-01-28 17:17 - 2010-01-29 17:30 - 00000000 ____D () C:\Users\BAAX\Tracing
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagerr.xml
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-28 10:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-27 17:40 - 2014-12-31 13:17 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-27 17:40 - 2014-12-31 13:17 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-27 14:26 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 14:09 - 2009-03-12 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2015-01-27 12:55 - 2013-12-20 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-27 12:42 - 2010-02-05 10:55 - 00081328 _____ () C:\Users\BAAX\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 12:42 - 2009-07-14 05:33 - 00342424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 12:36 - 2014-07-11 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-01-27 12:36 - 2010-03-07 13:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 12:28 - 2013-12-20 17:02 - 00000000 ____D () C:\Program Files\Avira
2015-01-27 12:24 - 2013-05-27 19:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-27 11:57 - 2014-12-31 13:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 09:10 - 2013-12-20 16:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-27 09:10 - 2013-12-20 16:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 15:35 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 14:26 - 2014-07-11 10:55 - 00000000 ____D () C:\Program Files\Ahnenblatt
2015-01-15 14:24 - 2014-07-11 10:55 - 00000000 ____D () C:\Users\BAAX\Documents\Ahnenblatt
2015-01-13 21:45 - 2013-09-01 18:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 21:38 - 2011-01-27 15:34 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2009-09-12 08:40 - 2009-10-04 17:02 - 0000088 _____ () C:\Users\BAAX\AppData\Roaming\wklnhst.dat
2011-12-13 13:46 - 2011-12-13 13:51 - 0027136 _____ () C:\Users\BAAX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-27 09:22 - 2011-07-27 09:22 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{68174423-0BEE-4E44-96CE-6F01359AE1A3}
2011-07-27 17:42 - 2011-07-27 17:43 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{901EC024-5227-4AFF-A081-207CF41E03F6}
2011-07-29 15:52 - 2011-07-29 15:52 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{9B7C00CF-E664-4ED2-9A00-FA67C63BC8E4}
2011-06-24 20:21 - 2011-06-24 20:21 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{DD52C373-A691-469D-AB25-1CE36843F8F8}
2011-07-29 16:31 - 2011-07-29 16:32 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{EC25614B-9C4E-4E58-8EFD-3320E6FBF92E}

Some content of TEMP:
====================
C:\Users\BAAX\AppData\Local\Temp\avgnt.exe
C:\Users\BAAX\AppData\Local\Temp\Quarantine.exe
C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\BAAX\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 09:57

==================== End Of Log ============================
         

--- --- ---

--- --- ---