| Axel Freytag | 29.01.2015 16:19 |
Windows7 141861-problem-beim-starten-c-users-benutzer-appdata-roaming-babsolution-shared-enhancednt-dll.html
Weitere Trojaner sind nicht bekannt. Snp.do und webssearchers sind deinstalliert.
Gruß Axel
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by BAAX (administrator) on BAAX-PC on 29-01-2015 14:54:18
Running from C:\Users\BAAX\Downloads\Desktop
Loaded Profiles: BAAX (Available profiles: BAAX)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Windows\PLFSetI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Realtek Semiconductor Corp.) C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [NTRedirect] => C:\Windows\system32\rundll32.exe "C:\Users\BAAX\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-09-12] (Google Inc.)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49319;https=127.0.0.1:49319
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page = News - Service - Shopping bei t-online.de
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387534911&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A791945819458&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
BHO: mySecureSurfer -> {52EA1989-D16E-4560-9021-F0AD247DE4D1} -> C:\Users\BAAX\AppData\LocalLow\mySecureSurfer\IE\mySecureSurfer.dll (Soft-Ware International Ltd.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe v9
FireFox:
========
FF ProfilePath: C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHRHxUfuO14mmzoWKRk-KU3UISmhPmcQRz1wXIZtzYB56P2OyQpZXwkXGJBZMrlgiaMAr5kZF2ksn7drzJaHLLWm4QcjsEqtybZPi6aZv3indIQIgFxI6sUnruaOFcJkUh2oV0RNutXH8h38,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\user.js
FF SearchPlugin: C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\searchplugins\Web Search.xml
FF Extension: Avira Browser Safety - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\abs@avira.com [2015-01-29]
FF Extension: Fast Start - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\faststartff@gmail.com [2015-01-29]
FF Extension: FF Toolbar - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\fftoolbar2014@etech.com [2015-01-29]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\sparpilot@sparpilot.com [2015-01-29]
FF Extension: {e3a58803-7a45-4e48-8964-75dfd6b69cc9} - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\Extensions\{e3a58803-7a45-4e48-8964-75dfd6b69cc9}.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-14]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\BAAX\AppData\Roaming\Mozilla\Firefox\Profiles\227jvlwa.default-1422178544952\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files\LyriXeeker\126.xpi
FF Extension: LyricXeeker - C:\Program Files\LyriXeeker\126.xpi [2013-08-12]
FF HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (Feven 1.5) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-20]
CHR Extension: (YouTube) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (Google Search) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (LyricXeeker) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojlgbehpaeekopencdagbdamnkppci [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Users\BAAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files\LyriXeeker\126.crx [2013-08-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [442368 2009-04-01] (Hauppauge Computer Works) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-21] (Avira Operations GmbH & Co. KG)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [45824 2008-12-11] (Hauppauge Computer Works, Inc.)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 14:54 - 2015-01-29 14:54 - 00000000 ____D () C:\FRST
2015-01-29 11:33 - 2015-01-29 11:33 - 00001287 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-01-29 11:18 - 2015-01-29 11:18 - 00020433 _____ () C:\Windows\WinTV7.LOG
2015-01-29 11:18 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:18 - 00006198 _____ () C:\Windows\HCWPNP.INI
2015-01-29 11:17 - 2015-01-29 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-01-29 11:17 - 2015-01-29 11:17 - 00001039 _____ () C:\Users\Public\Desktop\WinTV 7.lnk
2015-01-29 11:17 - 2015-01-29 11:17 - 00000000 ____D () C:\Users\Public\WinTV
2015-01-29 11:17 - 2009-01-16 01:00 - 00303160 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwpnp32.dll
2015-01-29 11:17 - 2008-09-26 11:18 - 00106552 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\hcwi2c32.dll
2015-01-29 11:17 - 2004-06-08 06:03 - 00036921 _____ (Hauppauge Computer Works) C:\Windows\system32\hcwutl32.dll
2015-01-29 11:05 - 2008-08-21 20:11 - 00070472 _____ () C:\Windows\system32\Drivers\hcw17isd.1b0
2015-01-29 11:05 - 2008-08-21 19:29 - 00085656 _____ () C:\Windows\system32\Drivers\hcw17dvb.1b0
2015-01-29 10:45 - 2015-01-29 11:03 - 00002026 _____ () C:\Windows\PFRO.log
2015-01-28 18:11 - 2015-01-28 22:18 - 00049257 _____ () C:\Windows\IE11_main.log
2015-01-28 17:24 - 2015-01-29 14:25 - 00520257 _____ () C:\Windows\setupact.log
2015-01-28 17:24 - 2015-01-29 14:25 - 00001860 _____ () C:\Windows\error.log
2015-01-28 17:24 - 2015-01-29 14:25 - 00000405 _____ () C:\Windows\errord.log
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-28 17:20 - 2015-01-28 17:22 - 00000000 ____D () C:\Users\BAAX\Documents\Backup Reg
2015-01-27 12:43 - 2015-01-29 11:33 - 00000000 ____D () C:\Users\BAAX\AppData\Local\AviraSpeedup
2015-01-27 12:30 - 2015-01-29 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-01-27 12:22 - 2015-01-27 12:22 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\BAAX\Downloads\avira_de_ulsuse_10969743_v51n5vii8f3tfkqon253_wd.exe
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\MSDOS.SYS
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 __RSH () C:\IO.SYS
2015-01-26 15:20 - 2015-01-26 15:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 14:39 - 2015-01-26 14:39 - 00000000 ____D () C:\ProgramData\d491183000005039
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\Users\BAAX\AppData\Local\F-Secure
2015-01-26 14:34 - 2015-01-26 14:35 - 00000000 ____D () C:\ProgramData\F-Secure
2015-01-26 12:01 - 2015-01-29 14:25 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-01-26 12:01 - 2015-01-26 12:08 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-01-26 12:01 - 2015-01-26 12:01 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\ParetoLogic
2015-01-26 12:01 - 2015-01-26 12:01 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\DriverCure
2015-01-26 12:01 - 2015-01-26 12:01 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2015-01-18 16:22 - 2015-01-27 11:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-31 13:17 - 2015-01-27 17:40 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-31 13:17 - 2015-01-27 17:40 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-31 13:17 - 2015-01-27 11:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-31 13:17 - 2014-12-31 13:18 - 00000000 ____D () C:\Users\BAAX\AppData\Local\Mozilla
2014-12-31 13:17 - 2014-12-31 13:17 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-31 13:15 - 2014-12-31 13:15 - 39441776 _____ () C:\Users\BAAX\Downloads\Firefox Setup 34.0.5.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 14:47 - 2010-02-05 08:59 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 14:34 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 14:34 - 2010-02-05 10:24 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 14:30 - 2010-02-05 10:46 - 01932292 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 14:27 - 2012-08-23 22:13 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Skype
2015-01-29 14:25 - 2013-12-20 11:22 - 00002004 _____ () C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job
2015-01-29 14:25 - 2013-12-20 11:22 - 00001932 _____ () C:\Windows\Tasks\Feven 1.5-chromeinstaller.job
2015-01-29 14:25 - 2013-12-20 11:22 - 00001302 _____ () C:\Windows\Tasks\Feven 1.5-updater.job
2015-01-29 14:25 - 2013-12-20 11:22 - 00001204 _____ () C:\Windows\Tasks\Feven 1.5-codedownloader.job
2015-01-29 14:25 - 2013-12-20 11:22 - 00001104 _____ () C:\Windows\Tasks\Feven 1.5-enabler.job
2015-01-29 14:25 - 2010-02-05 08:59 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 14:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 14:19 - 2009-10-07 12:13 - 00000000 __SHD () C:\Users\BAAX\AppData\Roaming\.#
2015-01-29 14:10 - 2013-12-20 16:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 14:09 - 2013-12-12 10:09 - 00000000 ____D () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2015-01-29 11:18 - 2009-09-11 21:17 - 00000000 ____D () C:\Program Files\WinTV
2015-01-29 11:18 - 2009-09-11 19:12 - 00033169 _____ () C:\Windows\Irremote.ini
2015-01-29 11:17 - 2009-09-11 19:12 - 00000510 _____ () C:\Windows\ODBC.INI
2015-01-29 11:17 - 2009-09-11 19:12 - 00000209 _____ () C:\Windows\ODBCINST.INI
2015-01-29 11:17 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-29 11:02 - 2009-09-11 21:11 - 00263228 _____ () C:\hcwclear.txt
2015-01-29 10:18 - 2010-02-05 10:25 - 00000000 ____D () C:\Users\BAAX
2015-01-29 10:16 - 2009-11-21 15:06 - 00000000 ____D () C:\Program Files\GPS Information
2015-01-28 17:46 - 2013-08-12 16:57 - 00000000 ____D () C:\Program Files\LyriXeeker
2015-01-28 17:17 - 2010-02-05 10:21 - 00000000 ____D () C:\Windows\Panther
2015-01-28 17:17 - 2010-01-29 17:30 - 00000000 ____D () C:\Users\BAAX\Tracing
2015-01-28 17:15 - 2010-02-05 10:55 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-01-28 17:03 - 2010-02-05 08:52 - 00001908 _____ () C:\Windows\diagerr.xml
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-28 16:57 - 2010-02-05 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-28 10:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-27 14:26 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 14:09 - 2009-03-12 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2015-01-27 12:55 - 2013-12-20 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-27 12:42 - 2010-02-05 10:55 - 00081328 _____ () C:\Users\BAAX\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 12:42 - 2009-07-14 05:33 - 00342424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 12:36 - 2014-07-11 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-01-27 12:36 - 2010-03-07 13:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 12:28 - 2013-12-20 17:02 - 00000000 ____D () C:\Program Files\Avira
2015-01-27 12:24 - 2013-05-27 19:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-27 09:10 - 2013-12-20 16:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-27 09:10 - 2013-12-20 16:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-26 14:27 - 2010-02-05 10:55 - 00001637 _____ () C:\Users\BAAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 15:35 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 14:26 - 2014-07-11 10:55 - 00000000 ____D () C:\Program Files\Ahnenblatt
2015-01-15 14:24 - 2014-07-11 10:55 - 00000000 ____D () C:\Users\BAAX\Documents\Ahnenblatt
2015-01-13 21:45 - 2013-09-01 18:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 21:38 - 2011-01-27 15:34 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2009-09-12 08:40 - 2009-10-04 17:02 - 0000088 _____ () C:\Users\BAAX\AppData\Roaming\wklnhst.dat
2011-12-13 13:46 - 2011-12-13 13:51 - 0027136 _____ () C:\Users\BAAX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-27 09:22 - 2011-07-27 09:22 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{68174423-0BEE-4E44-96CE-6F01359AE1A3}
2011-07-27 17:42 - 2011-07-27 17:43 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{901EC024-5227-4AFF-A081-207CF41E03F6}
2011-07-29 15:52 - 2011-07-29 15:52 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{9B7C00CF-E664-4ED2-9A00-FA67C63BC8E4}
2011-06-24 20:21 - 2011-06-24 20:21 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{DD52C373-A691-469D-AB25-1CE36843F8F8}
2011-07-29 16:31 - 2011-07-29 16:32 - 0000000 _____ () C:\Users\BAAX\AppData\Local\{EC25614B-9C4E-4E58-8EFD-3320E6FBF92E}
Some content of TEMP:
====================
C:\Users\BAAX\AppData\Local\Temp\avgnt.exe
C:\Users\BAAX\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 09:57
==================== End Of Log ============================
--- --- ---
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by BAAX at 2015-01-29 14:55:12
Running from C:\Users\BAAX\Downloads\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-PDF Maker Version 1.0.8 (Build 116) (HKLM\...\7-PDF Maker_is1) (Version: 7-PDF Maker - Version 1.0.8 (Build 116) - 7-PDF, Germany - Thorsten Hodes)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.5.6121 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.5.6121 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.58 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.0.7.1 - Suyin Optronics Corp)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3008 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3016 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Ahnenblatt 2.81 (HKLM\...\Ahnenblatt_is1) (Version: 2.81.0.0 - Dirk Böttcher)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Antivirus Pro (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0F01}) (Version: 12.15.1.463 - APN, LLC)
Avira System Speedup 1.6 (HKLM\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Backup Manager Basic (Version: 1.0.0.58 - NewTech Infosystems) Hidden
Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
C:\Program Files\Acer GameZone\GameConsole (HKLM\...\{71C2828F-2678-4675-BDEC-895424861262}_is1) (Version: 2.0.1.6 - Oberon Media, Inc.)
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
Delta toolbar (HKLM\...\delta) (Version: 1.8.22.0 - Delta) <==== ATTENTION
Driver Detective (HKLM\...\{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}) (Version: 7.0.0 - PC Drivers HeadQuarters)
Elevated Installer (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GM(S) - Toolbar (HKLM\...\GM(S) - Toolbar) (Version: - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Großer Reiseplaner 2008/2009 (HKLM\...\{466C2D04-E917-4093-B7DF-080C24A7151F}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Hauppauge Signal Monitor Utility (HKLM\...\Hauppauge Signal Monitor Utility) (Version: - )
Hauppauge Software MPEG-2 Decoder Installer (HKLM\...\Hauppauge Software MPEG-2 Decoder Installer) (Version: - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: - )
Hauppauge WinTV Infrared Remote (HKLM\...\Hauppauge WinTV Infrared Remote) (Version: - )
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{9FAAE06C-DEDD-4299-B88D-1F9AD5E1547F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.10 - Acer Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Access database engine 2007 (German) (HKLM\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.59.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
ServicePack 1 Großer Reiseplaner 2008/2009 (HKLM\...\{283D4576-CBF8-4F65-84D3-7C5DC75F144E}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Storimbo (HKLM\...\Storimbo) (Version: 2013.11.19.213336 - Storimbo) <==== ATTENTION!
Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten (HKLM\...\{B23B43B5-DDDC-41DA-9700-F334744E694E}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zusatzmodul GPS-Pilot GRP09 (HKLM\...\{57C1CE64-FB40-49C2-AFFC-A80691D3F867}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Zusatzmodul GPS-Pilot GRP09 (Version: 12.5 - PTV Planung Transport Verkehr AG) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-01-2015 12:35:42 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 12:52:42 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 13:20:36 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 13:21:42 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 14:38:59 Windows Update
27-01-2015 15:24:46 Windows Update
27-01-2015 16:27:54 Windows 7 Upgrade Advisor wird entfernt
27-01-2015 17:10:04 Erstelle Systemwiederherstellungspunkt bevor Junk-Dateien gelöscht werden
27-01-2015 17:58:45 Windows Update
27-01-2015 19:07:47 Windows Update
27-01-2015 20:18:51 Windows Update
28-01-2015 10:55:31 Windows-Sicherung
28-01-2015 11:18:35 Windows-Sicherung
28-01-2015 18:11:19 Windows Update
28-01-2015 19:54:31 Windows Update
28-01-2015 22:15:30 Windows Update
29-01-2015 10:15:45 Removed GPS Information
29-01-2015 11:32:27 Avira System Speedup 1.6
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D68C154-D1B3-4484-A5C8-B22DD74FD943} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {11846AAD-BE45-4371-9BCA-0B69B85E9EE8} - System32\Tasks\{C2DA5AD3-0EA2-4052-852F-459A6B7E6C11} => pcalua.exe -a "C:\Users\BAAX\Treiber\GPS Information\GPS Information.exe" -d "C:\Users\BAAX\Treiber\GPS Information"
Task: {3A3D4562-53E6-4676-B480-85DFCE8C2F54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {41B4193F-EF4B-4C2B-965B-137B23F2299F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {48F2F8D6-C0ED-4AF0-8A15-64E5CC0679A9} - System32\Tasks\{7FF2796E-85A3-4CB7-B279-4ED302779A1B} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {4D2A64AE-59A6-40C0-A8A4-F7017D9AF965} - System32\Tasks\{AED37218-957B-400F-BAFC-BF3A3D9E7464} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {4E3BD353-CB36-4BC6-92A4-0BD49D084B11} - System32\Tasks\{E0CAC66C-F618-4ABF-8F7B-C9BAA1405B61} => pcalua.exe -a D:\.\Setup.exe -d D:\
Task: {53CFC289-C9DB-4C28-95FD-CF94B79310A4} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-04-20] (Acer)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5E9D4E31-2774-46F7-A99D-F89A86917461} - System32\Tasks\Feven 1.5-updater => C:\Program Files\Feven 1.5\Feven 1.5-updater.exe <==== ATTENTION
Task: {67BFEF44-D40C-41EF-AD85-0EE8DC217644} - System32\Tasks\Feven 1.5-codedownloader => C:\Program Files\Feven 1.5\Feven 1.5-codedownloader.exe <==== ATTENTION
Task: {729DE8D7-5E3A-4C79-BAC9-E31CCFBC153E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7EE49644-2186-40EF-B52A-EB47F85BFCEC} - System32\Tasks\{1DA80BCC-2F5B-4949-8270-7A050CBA9E88} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION
Task: {80731AB5-E8CC-419E-8378-F562D7E497B1} - System32\Tasks\{D69AEA43-0B7E-4081-83F5-671300D0C6F3} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {8721EF6E-2951-490A-8A48-1638DC6BC9B5} - System32\Tasks\Feven 1.5-firefoxinstaller => C:\Program Files\Feven 1.5\Feven 1.5-firefoxinstaller.exe <==== ATTENTION
Task: {98503F1B-08A2-465C-A637-D0A9866236CD} - System32\Tasks\{CDB2DAB7-C30C-475A-832B-518D5266F648} => pcalua.exe -a D:\GPSinfo.exe -d D:\
Task: {A47C46A8-6875-49E9-A1F5-A90A1A47F659} - System32\Tasks\{532390CC-C20D-49B8-9798-A683D83FB72A} => pcalua.exe -a C:\PROGRA~1\WinTV\UNWISE.EXE -c C:\Windows\WinTV7.LOG
Task: {AB9FDC53-BD99-4CE2-8362-291146CCF6C5} - System32\Tasks\{1FF8DCA5-C5FA-409D-BE6C-CDAC783900DA} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {ADAC53CC-E143-40B9-8810-5DDC353EE12C} - System32\Tasks\Feven 1.5-enabler => C:\Program Files\Feven 1.5\Feven 1.5-enabler.exe <==== ATTENTION
Task: {B254EAA7-CA46-448D-83F9-F083C1F5ECFA} - System32\Tasks\{C4668ACF-A7F5-419F-8392-12DF91AF3230} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION
Task: {BCB76EC5-E870-4EF1-8CFE-FA478E249018} - System32\Tasks\{15B00BDB-E278-4510-8251-33C77069B42D} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {C9E0C07B-4EDA-4986-8959-D37A3B3B39D4} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {D23C28E3-CDDE-4549-BB3D-DF86A1EA4C5D} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {D423FE9A-7E9E-4C41-B222-A025684DDC4E} - System32\Tasks\{65BD746E-C32A-40E2-89EA-D6175B963874} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1
Task: {D887F2E8-F7CD-4A66-812A-4B3960DB0ABC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-27] (Adobe Systems Incorporated)
Task: {D9D01430-B367-48CE-A34E-688976EB642E} - System32\Tasks\Feven 1.5-chromeinstaller => C:\Program Files\Feven 1.5\Feven 1.5-chromeinstaller.exe <==== ATTENTION
Task: {DA99E452-E66D-4D45-9C93-BEBA4975FF4A} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe [2015-01-21] (Avira Operations GmbH & Co. KG)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {E8CEDD43-41FC-46F8-8FA4-F917917BC562} - System32\Tasks\{AB8F4E4F-F176-4E72-B1CC-3523DEFEEE63} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION
Task: {F9037A38-94C7-48CC-B9FF-1D42FE8C10DD} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Program Files\Feven 1.5\Feven 1.5-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files\Feven 1.5\Feven 1.5-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-enabler.job => C:\Program Files\Feven 1.5\Feven 1.5-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Program Files\Feven 1.5\Feven 1.5-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-updater.job => C:\Program Files\Feven 1.5\Feven 1.5-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
==================== Loaded Modules (whitelisted) =============
2009-03-12 04:28 - 2008-12-18 13:51 - 00075048 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2009-02-02 16:33 - 2009-02-02 16:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00872448 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00007680 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2009-08-31 05:52 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2009-08-30 21:17 - 2008-07-29 18:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2015-01-29 11:17 - 2009-04-01 17:55 - 00024064 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2008-09-28 16:55 - 2008-09-28 16:55 - 01076224 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:BF31A799
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2631089936-2126389838-1365947476-500 - Administrator - Disabled)
BAAX (S-1-5-21-2631089936-2126389838-1365947476-1000 - Administrator - Enabled) => C:\Users\BAAX
Gast (S-1-5-21-2631089936-2126389838-1365947476-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2631089936-2126389838-1365947476-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/29/2015 02:27:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0xe14
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
Error: (01/29/2015 02:27:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/29/2015 02:24:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/29/2015 01:52:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x1278
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
Error: (01/29/2015 01:52:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/29/2015 11:57:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x1370
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
Error: (01/29/2015 11:56:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/29/2015 11:32:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x7f8
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
Error: (01/29/2015 11:31:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/29/2015 11:16:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 4.1.3016.0, Zeitstempel: 0x4a409dcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ca46
ID des fehlerhaften Prozesses: 0x94
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
System errors:
=============
Error: (01/29/2015 02:25:36 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/29/2015 02:25:36 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/29/2015 02:22:33 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/29/2015 02:22:33 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/29/2015 01:50:16 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/29/2015 01:50:16 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/29/2015 11:54:55 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/29/2015 11:54:55 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (01/29/2015 11:30:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/29/2015 11:30:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
Microsoft Office Sessions:
=========================
Error: (10/25/2014 11:07:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 398 seconds with 120 seconds of active time. This session ended with a crash.
Error: (07/26/2014 00:14:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/14/2014 01:02:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 126 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/17/2010 06:07:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 342 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 36%
Total physical RAM: 3066.93 MB
Available physical RAM: 1943.74 MB
Total Pagefile: 6132.14 MB
Available Pagefile: 4748.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.72 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:225.71 GB) (Free:145.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:62.62 GB) (Free:62.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A12D36DD)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=225.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=62.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- --- |
FRST 32-Bit | FRST 64-Bit
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
