BOO/TDSS.o Befall - was kann ich tun

Goldberry · 20.10.2014, 00:52

Liebe User,

Mein Laptop (Win7) ist seit heute mit BOO/TDSS.o befallen. Avira hat die Malware zwar erkannt, kann sie aber nicht entfernen.

Ich habe bereits mit Malewarebytes und Kaspary TDSSKill versucht, das Problem zu beseitigen. Es wurden jeweils infizierte Dateinen gefunden, das Entfernen mit den Programmen hat aber leider nicht geholfen. Was kann ich tun?

Viele Grüße,
Goldberry

Bootsektor · 20.10.2014, 01:05

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte poste mir die Logs vom TDSS-Killer, Malwarebytes und von Avira

Schritt 2
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Goldberry · 20.10.2014, 01:21

Hallo Sandra,

erst einmal vielen Dank, dass du mir helfen möchtest.

Wie kann ich Logfiles für Avira, Malwarebytes und TDSS-Killer erstellen?

Bootsektor · 20.10.2014, 01:27

Hallo,

du hast doch mit den entsprechenden Programmen / Tools gescannt

Für Malwarebytes:

Starte Malwarebytes
Gehe nun oben auf Verlauf
links findest du nun die Auswahl Quarantäne und Anwendungsprotokolle
Gehe auf Anwendungsprotokolle
suche hier das letzte Suchlaufsprotokoll und wähle das aus
nun gehe oben auf Ansicht, das Protokoll öffnet sich
unten links steht exportieren, wähle das aus und klicke auf Textdatei
speichere nun das Log unter mbam.txt ab
öffne das Log mit deinem Texteditor
poste mir den Inhalt

TDSS speichert die Logs unter C:\TDSSKiller_version_datum_zeit_log.txt

und bei Avira musst du mal unter den Ereignisprotokollen schauen und dir das Log anzeigen lassen

und nun geh ich erstmal schlafen

Goldberry · 20.10.2014, 01:45

Es gibt auf C:\ nur einen Ordner TDSSKiller_Quarantine, der Ordner mit Datum/Uhrzeit meiner beiden Suchläufe enthält, deren Inhalt sind .ini und .dta Dateien. Was sind davon die Logfiles?

Unter Malwarebytes habe ich das von dir beschriebene Menü leider nicht gefunden, ich benutze Malwarebytes Anti-Rootkit BETA v1.07.0.1012.

Unter Avira gibt es die Möglichkeit, Ereignisse zu exportieren. Ich habe das mal mit einigen der Fehlermeldungen gemacht, die ich von Avira erhalten habe. Falls das die falschen Daten sind oder ich noch mehr hier reinschreiben soll, sag Bescheid!

Code:

ATTFilter

16.10.2014 18:44 [Echtzeit-Scanner] Malware in Bootsektor gefunden
      Im Bootsektor von Laufwerk 'C:' wurde ein Virus oder 
      unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.10.2014 16:15 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\Melanie\Downloads\NotepadPlusPlusPortable_6.5.4.paf-Downloader.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/ShareW.Gen' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.10.2014 16:57 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\Melanie\Downloads\NotepadPlusPlusPortable_6.5.4.paf-Downloader.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/ShareW.Gen' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

Avira hat übrigens zwei Dateien in Quarantäne verschoben und in einem zweiten Suchlauf nichts mehr gefunden. Die Malware ist aber sicher noch da, in meinem Browser kommen immer noch komische Add-Ons und das Suchfeld ist nicht Google, sondern 'Trovi-Search'.

Bootsektor · 20.10.2014, 11:14

Hallo,

der TDSS hat aber nichts mit trovi zu tun, das ist lediglich Adware.

MBAR erstellt eine Logfile in dem Ordner in dem du es installiert hast:
( mbar-log-<Jahr-Monat-Tag>.txt ) . Bitte poste diese hier.

Schritt 1
Mache bitte erneut einen Scan mit dem TDSS-Killer
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Schritt 2
Bitte noch den FRST-Scan machen
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Goldberry · 20.10.2014, 18:24

Hier FRST:

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
Ran by Melanie (administrator) on MELANIE-PC on 20-10-2014 10:17:41
Running from C:\Users\Melanie\Downloads
Loaded Profile: Melanie (Available profiles: Melanie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
() C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Dropbox, Inc.) C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Users\Melanie\Downloads\tdsskiller.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-02] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-02] (Atheros Commnucations)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-10-28] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-03] (Wondershare)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-08-20] (Google Inc.)
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [studNET-Autologin] => C:\Windows\SysWOW64\studnet\studnet.exe /auto
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [Google Update] => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-10-03] (Google Inc.)
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\MountPoints2: {c1cd0502-f020-11e1-9a13-1c7508fe42fb} - E:\LaunchU3.exe -a
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=58&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=58&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho64.dll (home)
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho.dll (home)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 128.95.120.1 128.95.112.1
Tcpip\..\Interfaces\{7004B3CA-E164-4EAC-8FC6-74F9604EA488}: [NameServer] 139.18.25.3,139.18.1.2

FireFox:
========
FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV=
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 57737
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.1.5157423\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Melanie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Melanie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Melanie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Melanie\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\Extensions\trash [2014-10-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-24]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV="
CHR Profile: C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03]
CHR Extension: (Google Search) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03]
CHR Extension: (Google Sheets) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (Avira Browser Safety) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-06]
CHR Extension: (Skype Click to Call) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30]
CHR Extension: (Gmail) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-02] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-19] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-19] (globalUpdate) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 Securepoint VPN; C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [40840 2014-02-14] () [File not signed]
S2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-05] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-10-19] (Malwarebytes Corporation)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-27] (Samsung Electronics)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 10:17 - 2014-10-20 10:18 - 00025458 _____ () C:\Users\Melanie\Downloads\FRST.txt
2014-10-20 10:17 - 2014-10-20 10:17 - 00000000 ____D () C:\FRST
2014-10-20 10:16 - 2014-10-20 10:16 - 02111488 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64.exe
2014-10-20 10:09 - 2014-10-20 10:10 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Melanie\Downloads\tdsskiller.exe
2014-10-19 17:36 - 2014-10-19 17:36 - 00000532 _____ () C:\Users\Melanie\Desktop\Ereignisse0.txt
2014-10-19 17:35 - 2014-10-19 17:35 - 00000668 _____ () C:\Users\Melanie\Desktop\Ereignisse3.txt
2014-10-19 17:35 - 2014-10-19 17:35 - 00000668 _____ () C:\Users\Melanie\Desktop\Ereignisse1.txt
2014-10-19 17:35 - 2014-10-19 17:35 - 00000624 _____ () C:\Users\Melanie\Documents\Ereignisse2.txt
2014-10-19 17:34 - 2014-10-19 17:34 - 00000712 _____ () C:\Users\Melanie\Desktop\Ereignisse.txt
2014-10-19 16:02 - 2014-10-19 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-19 16:02 - 2014-10-19 16:42 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 16:02 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 16:01 - 2014-10-19 16:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 16:00 - 2014-10-19 17:17 - 00000000 ____D () C:\Users\Melanie\Desktop\mbar
2014-10-19 15:59 - 2014-10-19 15:59 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Melanie\Downloads\mbar-1.07.0.1012.exe
2014-10-19 15:59 - 2014-10-19 15:59 - 01986072 _____ (SafeInstall, LLC) C:\Users\Melanie\Downloads\7zip_installer.exe
2014-10-19 15:40 - 2014-10-19 15:52 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-19 13:58 - 2014-10-19 13:58 - 00000000 ____D () C:\Users\Melanie\Documents\Optimizer Pro
2014-10-19 13:56 - 2014-10-19 16:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-19 13:56 - 2014-10-19 16:38 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-10-19 13:55 - 2014-10-20 10:05 - 00002444 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5_user.job
2014-10-19 13:55 - 2014-10-20 10:05 - 00002444 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5.job
2014-10-19 13:55 - 2014-10-19 13:55 - 00005474 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5
2014-10-19 13:54 - 2014-10-20 10:05 - 00005182 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11.job
2014-10-19 13:54 - 2014-10-20 10:05 - 00003458 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1.job
2014-10-19 13:54 - 2014-10-20 10:05 - 00002108 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2.job
2014-10-19 13:54 - 2014-10-20 10:05 - 00000896 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-19 13:54 - 2014-10-19 13:59 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-19 13:54 - 2014-10-19 13:55 - 00005138 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2
2014-10-19 13:54 - 2014-10-19 13:55 - 00000000 ____D () C:\Program Files (x86)\TheHDvid-Codec V10
2014-10-19 13:54 - 2014-10-19 13:54 - 00008212 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11
2014-10-19 13:54 - 2014-10-19 13:54 - 00006488 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1
2014-10-19 13:54 - 2014-10-19 13:54 - 00003898 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-10-19 13:54 - 2014-10-19 13:54 - 00003644 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-10-19 13:54 - 2014-10-19 13:54 - 00000000 ____D () C:\Users\Melanie\AppData\Local\globalUpdate
2014-10-19 13:54 - 2014-10-19 13:54 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-10-19 13:53 - 2014-10-19 13:53 - 00074656 _____ () C:\Users\Melanie\Downloads\FLVPlayer-Chrome.exe
2014-10-19 13:53 - 2014-10-19 13:53 - 00074656 _____ () C:\Users\Melanie\Downloads\FLVPlayer-Chrome (1).exe
2014-10-18 14:17 - 2014-10-18 14:17 - 06626832 _____ (TeamViewer GmbH) C:\Users\Melanie\Downloads\TeamViewer_Setup_de.exe
2014-10-18 14:17 - 2014-10-18 14:17 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-18 14:17 - 2014-10-18 14:17 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-18 14:17 - 2014-10-18 14:17 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-10-09 23:02 - 2014-10-09 23:02 - 00000000 ____D () C:\Users\Melanie\Documents\fox-ffv2
2014-10-09 23:01 - 2014-10-09 23:01 - 00000118 _____ () C:\Users\Melanie\mercurial.ini
2014-10-09 23:01 - 2013-10-18 18:04 - 00000236 _____ () C:\Users\Melanie\Documents\gitignore_global.txt
2014-10-09 23:01 - 2013-10-18 18:04 - 00000173 _____ () C:\Users\Melanie\Documents\hgignore_global.txt
2014-10-09 23:00 - 2014-10-09 23:00 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Atlassian
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\ProgramData\Caphyon
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Atlassian
2014-10-09 22:58 - 2014-10-09 23:03 - 00000000 ____D () C:\ProgramData\Atlassian
2014-10-09 22:48 - 2014-10-09 22:48 - 10266464 _____ (Atlassian) C:\Users\Melanie\Downloads\SourceTreeSetup_1.6.5.exe
2014-10-09 21:43 - 2014-10-18 14:28 - 00009166 ____H () C:\Users\Melanie\_viminfo
2014-10-06 21:39 - 2014-10-07 11:22 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Wolfram Research
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\ProgramData\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Program Files\Extras
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-10-06 21:28 - 2014-10-06 21:28 - 00000000 ____D () C:\Program Files\Wolfram Research
2014-10-06 21:03 - 2014-10-06 21:22 - 2034844000 _____ (Wolfram Research, Inc. ) C:\Users\Melanie\Downloads\Mathematica_10.0.1_WIN.exe
2014-10-06 18:05 - 2014-10-06 18:05 - 00918952 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jxpiinstall(2).exe
2014-10-06 09:39 - 2014-10-13 12:03 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-05 09:33 - 2014-10-19 17:43 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA.job
2014-10-05 09:33 - 2014-10-19 09:43 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core.job
2014-10-05 09:33 - 2014-10-19 09:38 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA
2014-10-05 09:33 - 2014-10-19 09:38 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core
2014-10-04 09:16 - 2014-10-04 09:16 - 00000000 ____D () C:\Users\Melanie\.plugman
2014-10-03 21:36 - 2014-10-20 10:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 21:36 - 2014-10-19 17:41 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 21:36 - 2014-10-18 09:47 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-03 21:36 - 2014-10-03 21:36 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-03 21:36 - 2014-10-03 21:36 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-03 21:36 - 2014-10-03 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-03 21:35 - 2014-10-03 21:35 - 00895120 _____ (Google Inc.) C:\Users\Melanie\Downloads\ChromeSetup.exe
2014-10-03 11:24 - 2014-10-03 11:24 - 17824398 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140929(1).exe
2014-10-02 22:00 - 2014-10-02 22:00 - 00000000 __SHD () C:\Users\Melanie\AppData\Local\EmieUserList
2014-10-02 22:00 - 2014-10-02 22:00 - 00000000 __SHD () C:\Users\Melanie\AppData\Local\EmieSiteList
2014-10-02 21:49 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Melanie\Desktop\firstfox
2014-09-30 23:10 - 2014-09-30 23:10 - 00000000 ____D () C:\Users\Melanie\.ionic
2014-09-30 23:06 - 2014-09-30 23:06 - 00000000 ____D () C:\Users\Melanie\.cordova
2014-09-30 22:21 - 2014-09-30 22:24 - 00000000 ____D () C:\Users\Melanie\.ssh
2014-09-30 22:18 - 2014-10-15 22:45 - 00000469 _____ () C:\Users\Melanie\AppData\Roaming\.arcrc
2014-09-30 19:25 - 2014-09-30 19:25 - 00001389 _____ () C:\Users\Melanie\Desktop\Git Bash.lnk
2014-09-30 18:54 - 2014-09-30 18:54 - 17824398 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140929.exe
2014-09-30 18:45 - 2014-09-30 18:45 - 00000000 ____D () C:\Program Files\Arcanist
2014-09-30 18:42 - 2014-10-13 12:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-30 18:41 - 2014-09-30 18:41 - 07188616 _____ (Microsoft Corporation) C:\Users\Melanie\Downloads\vcredist_x64.exe
2014-09-30 18:26 - 2014-09-30 18:31 - 00000000 ____D () C:\Program Files\php
2014-09-30 18:25 - 2014-09-30 18:26 - 20894725 _____ () C:\Users\Melanie\Downloads\php-5.6.0-nts-Win32-VC11-x64.zip
2014-09-30 18:24 - 2014-09-30 18:25 - 19632729 _____ () C:\Users\Melanie\Downloads\php-5.6.0-Win32-VC11-x86.zip
2014-09-29 22:17 - 2014-09-29 22:17 - 00001352 _____ () C:\Users\Melanie\Desktop\eclipse_Android.lnk
2014-09-29 22:07 - 2014-09-29 22:07 - 00000000 ____D () C:\Users\Melanie\workspaceAndroid
2014-09-29 22:03 - 2014-09-29 22:03 - 00000000 ____D () C:\Program Files\Android
2014-09-29 21:55 - 2014-09-29 21:55 - 00000000 ____D () C:\Users\Melanie\Downloads\adt-bundle-windows-x86_64-20140702
2014-09-29 21:46 - 2014-09-29 21:46 - 00000000 ____D () C:\Program Files\apache
2014-09-29 21:44 - 2014-09-29 21:44 - 00000000 ____D () C:\Users\Melanie\Documents\apache-ant-1.9.4-bin-1
2014-09-29 14:11 - 2014-10-17 11:48 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\npm-cache
2014-09-29 14:10 - 2014-10-17 11:48 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\npm
2014-09-29 14:02 - 2014-09-29 14:03 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js
2014-09-29 14:02 - 2014-09-29 14:03 - 00000000 ____D () C:\Program Files\nodejs
2014-09-29 14:01 - 2014-09-29 14:02 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64(2).msi
2014-09-29 13:58 - 2014-09-29 13:58 - 00001317 _____ () C:\Users\Melanie\Desktop\Console.lnk
2014-09-29 13:46 - 2014-09-29 13:46 - 00000000 ____D () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_src
2014-09-29 13:46 - 2014-09-29 13:46 - 00000000 ____D () C:\Program Files\Console2
2014-09-29 13:45 - 2014-09-29 13:45 - 03699684 _____ () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_src.zip
2014-09-29 13:44 - 2014-09-29 13:44 - 01897882 _____ () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_64bit.zip
2014-09-29 13:11 - 2014-09-29 13:13 - 181484960 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jdk-8u20-windows-x64(1).exe
2014-09-29 11:51 - 2014-10-03 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2014-09-29 11:51 - 2014-10-03 11:32 - 00000000 ____D () C:\Program Files (x86)\Git
2014-09-29 11:50 - 2014-09-29 11:50 - 17806885 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140815.exe
2014-09-27 21:22 - 2014-09-27 21:23 - 00000000 ____D () C:\Users\Melanie\Documents\Banking
2014-09-25 08:32 - 2014-09-25 08:37 - 00003190 _____ () C:\Users\Melanie\Wahlergebnisse.html
2014-09-25 08:20 - 2014-09-25 08:28 - 00000936 _____ () C:\Users\Melanie\new  3.html
2014-09-25 08:12 - 2014-09-25 08:12 - 00000800 _____ () C:\Users\Melanie\new.html
2014-09-24 17:22 - 2014-09-24 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 12:33 - 2014-09-23 12:35 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64(1).msi
2014-09-23 11:41 - 2014-09-23 11:41 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64.msi
2014-09-23 11:01 - 2014-09-23 11:03 - 181484960 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jdk-8u20-windows-x64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 10:13 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 10:13 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 10:10 - 2011-04-06 20:18 - 01781994 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 10:08 - 2013-09-11 04:14 - 00000000 ___RD () C:\Users\Melanie\Dropbox
2014-10-20 10:08 - 2013-08-02 13:03 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Dropbox
2014-10-20 10:08 - 2011-07-13 11:20 - 00000000 ____D () C:\ProgramData\clear.fi
2014-10-20 10:05 - 2011-04-06 20:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-10-20 10:05 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 10:04 - 2009-07-13 21:51 - 00145529 _____ () C:\Windows\setupact.log
2014-10-19 17:52 - 2014-09-01 04:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Securepoint SSL VPN
2014-10-19 16:38 - 2011-04-06 20:14 - 00324244 _____ () C:\Windows\PFRO.log
2014-10-19 16:25 - 2011-07-13 10:23 - 00000000 ____D () C:\Users\Melanie
2014-10-19 15:51 - 2011-04-07 06:08 - 00700126 _____ () C:\Windows\system32\perfh007.dat
2014-10-19 15:51 - 2011-04-07 06:08 - 00149976 _____ () C:\Windows\system32\perfc007.dat
2014-10-19 15:51 - 2009-07-13 22:13 - 01622196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 13:56 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-19 13:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-19 08:57 - 2011-07-13 10:23 - 00066104 _____ () C:\Users\Melanie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-19 08:55 - 2009-07-13 21:45 - 00289408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 16:56 - 2011-08-06 12:12 - 00000000 ____D () C:\Users\Melanie\AppData\Local\CrashDumps
2014-10-14 09:28 - 2013-10-21 00:12 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 09:28 - 2013-10-14 04:05 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 09:28 - 2013-10-14 04:05 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-13 12:03 - 2013-10-14 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-13 12:03 - 2013-10-14 04:05 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-10 18:54 - 2013-08-05 03:52 - 00000000 ____D () C:\Users\Melanie\Documents\MATLAB
2014-10-09 22:57 - 2012-03-14 12:34 - 01596476 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-09 14:39 - 2011-07-14 08:49 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Mozilla
2014-10-06 09:39 - 2011-11-28 12:40 - 00000000 ____D () C:\ProgramData\Avira
2014-10-05 19:20 - 2013-10-14 04:05 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-05 09:34 - 2011-07-15 10:43 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Google
2014-10-04 22:13 - 2011-07-15 10:43 - 00000000 ____D () C:\Program Files (x86)\Picasa2
2014-10-03 21:36 - 2011-07-15 10:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-03 14:09 - 2012-03-14 12:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\SoftGrid Client
2014-09-29 22:07 - 2013-04-15 07:15 - 00000000 ____D () C:\Users\Melanie\.eclipse
2014-09-29 13:33 - 2014-01-26 11:22 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-29 13:33 - 2011-10-22 07:39 - 00000000 ____D () C:\Program Files\Java
2014-09-29 13:19 - 2013-10-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-09-29 11:39 - 2014-07-22 11:42 - 00000000 ____D () C:\Users\Melanie\.android
2014-09-29 11:33 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-29 10:28 - 2011-11-03 15:04 - 00002201 _____ () C:\Windows\wininit.ini
2014-09-28 23:15 - 2009-07-13 22:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 20:33 - 2012-04-22 08:16 - 00000000 ____D () C:\Users\Melanie\workspace2
2014-09-25 07:47 - 2012-05-06 13:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-23 11:11 - 2014-01-25 03:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-23 11:08 - 2013-10-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some content of TEMP:
====================
C:\Users\Melanie\AppData\Local\Temp\AskSLib.dll
C:\Users\Melanie\AppData\Local\Temp\avgnt.exe
C:\Users\Melanie\AppData\Local\Temp\dl3darm2.dll
C:\Users\Melanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfppdr9.dll
C:\Users\Melanie\AppData\Local\Temp\i4jdel0.exe
C:\Users\Melanie\AppData\Local\Temp\MSNF05E.exe
C:\Users\Melanie\AppData\Local\Temp\optprosetup.exe
C:\Users\Melanie\AppData\Local\Temp\pyl1C08.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl2DC5.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl3226.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl46DF.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl4826.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl557E.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl5BE5.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl7493.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl8342.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl92BD.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl96F1.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl9B56.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylA727.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylAD6F.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylB115.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylB655.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylC6A8.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylD97C.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylE60A.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylEA9C.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Melanie\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\Melanie\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Melanie\AppData\Local\Temp\_is2F2C.exe
C:\Users\Melanie\AppData\Local\Temp\_is473.exe
C:\Users\Melanie\AppData\Local\Temp\_is6EF9.exe
C:\Users\Melanie\AppData\Local\Temp\_isB598.exe
C:\Users\Melanie\AppData\Local\Temp\_isE6C5.exe
C:\Users\Melanie\AppData\Local\Temp\_isE926.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 08:30

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014
Ran by Melanie at 2014-10-20 10:19:10
Running from C:\Users\Melanie\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1324 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1324 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0120.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acer USB Charge Manager (HKLM-x32\...\{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}) (Version: 1.00.3000 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3004 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2003385550.48.56.41291122 - Audible, Inc.)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.61 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1229.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1229.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.55 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Git version 1.9.4-preview20140929 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140929 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2287 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.290 - Oracle)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Java-Editor 9.15f, 2010.11.27 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version:  - Gerhard Röhner)
Jpgfdraw version 0.5.6b (HKLM-x32\...\{90F3B25B-35A2-4B97-9879-278E2388898D}}_is1) (Version: 0.5.6b - Nicola L. C. Talbot)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
LingoPad 2.6 (Build 360) (HKLM-x32\...\LingoPad_is1) (Version: 2.6 - Lingo4you)
MATLAB R2011a Student Version (HKLM-x32\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MinGW-Get version 0.5-beta-20120426-1 (HKLM-x32\...\{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1) (Version: 0.5-beta-20120426-1 - MinGW)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.0 (x86 de)) (Version: 24.1.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Node.js (HKLM\...\{2FAE4331-AEA0-4A3D-B4B3-B1E78823BF1A}) (Version: 0.10.32 - Joyent, Inc. and other Node contributors)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
OriginPro 8G (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLabCorporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version:  - Samsung Electronics Co., Ltd.)
Scan Assistant (HKLM-x32\...\{BF6CF460-40C3-49BA-800A-4B934B6498B1}) (Version: 1.01.014 - Samsung Electronics Co., Ltd.)
Securepoint SSL VPN (HKLM-x32\...\{3A903356-AFF9-4CAF-BCEA-78B99427006E}) (Version: 1.0.3 - Securepoint GmbH)
SecureW2 EAP Suite 1.1.3 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version:  - )
SetIP (HKLM-x32\...\{C206015D-DAC5-407C-A54B-6D7776A0881C}) (Version: 1.00.000 - Samsung Electronics CO.,LTD)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.6.5) (Version: 1.6.5 - Atlassian)
SourceTree (x32 Version: 1.6.5 - Atlassian) Hidden
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04-rev266 - Ubuntu)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wolfram Extras 10.0 (5157423) (HKLM\...\A-WIN-Extras 10.0.1 5157423_is1) (Version: 10.0.1 - Wolfram Research, Inc.)
Wolfram Mathematica 10 (M-WIN-L 10.0.1 5157734) (HKLM\...\M-WIN-L 10.0.1 5157734_is1) (Version: 10.0.1 - Wolfram Research, Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

17-10-2014 16:50:42 Geplanter Prüfpunkt
19-10-2014 23:24:51 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B42B3A7-63BC-4BFE-AE7A-8FAD37CA693F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {12AFAABA-CCC4-4C5A-8A8C-8382F18EFD8B} - System32\Tasks\At3 => Firefox.exe /help <==== ATTENTION
Task: {3F14F55B-8072-44ED-90C4-1ABF79D20D48} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-19] (globalUpdate) <==== ATTENTION
Task: {4251F5C0-8EFC-43E2-8D7C-33675B15868B} - System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5 => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-5.exe [2014-10-19] (home) <==== ATTENTION
Task: {42728674-E8BF-4D45-A207-39043D82A333} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {4771BF1F-D238-431E-9866-06627A51A402} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-29] (Acer Incorporated)
Task: {4A4B7594-105A-478A-9211-740AF3421EA1} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-29] (CyberLink)
Task: {4AF28F6E-6F6E-4AE7-9F97-600774AB3347} - System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2 => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-2.exe [2014-10-19] (home) <==== ATTENTION
Task: {4E661215-36D2-482E-95B6-93A5ED72D137} - System32\Tasks\{B2C8AD2D-0B54-4B65-A253-A2F7545FA3C3} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120.259&amp;LastError=12002
Task: {56CC8AA3-755B-449A-AB37-30E4D0C33485} - System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11 => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-11.exe <==== ATTENTION
Task: {633546AE-1258-41DE-80D9-494DB754635D} - System32\Tasks\At2 => Firefox.exe /help <==== ATTENTION
Task: {6B0A9943-504C-4B7B-970C-7A2DF21DE53D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {77FA6B28-B349-45D7-859D-65616427458B} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-29] (CyberLink Corp.)
Task: {91C4966C-B229-4FC0-BDDB-80F89C86B376} - System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5_user => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-5.exe [2014-10-19] (home) <==== ATTENTION
Task: {929A854D-43DB-4779-97CD-174C506475FD} - System32\Tasks\At4 => Firefox.exe /help <==== ATTENTION
Task: {9C5FF017-904F-48F0-B193-F0B69C304D96} - System32\Tasks\At1 => Firefox.exe /help <==== ATTENTION
Task: {A1EA72F8-39F4-46DC-87FA-90B6B421A9AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {AB014C8F-5218-428B-96AB-75C7A8EBCEB2} - System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1 => C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe [2014-10-19] (home) <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {BD3BCC5E-FF42-43F4-A560-5C46B0B18979} - System32\Tasks\{F3AB340F-1D0B-47F4-AAB7-EC8C6A0D53D8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {C434A5D3-6BA7-4AE0-944F-6A415F183005} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-19] (globalUpdate) <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F9094924-98B8-439F-B604-2749C9995B30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1.job => C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11.job => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2.job => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5.job => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5_user.job => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Users\Melanie\AppData\Roaming\firefox.exe
Task: C:\Windows\Tasks\At2.job => C:\Users\Melanie\AppData\Roaming\firefox.exe
Task: C:\Windows\Tasks\At3.job => C:\Users\Melanie\AppData\Roaming\firefox.exe
Task: C:\Windows\Tasks\At4.job => C:\Users\Melanie\AppData\Roaming\firefox.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core.job => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA.job => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-13 17:41 - 2011-04-13 17:41 - 00034304 _____ () C:\Windows\System32\ssb3ml6.dll
2011-01-27 00:32 - 2011-01-27 00:32 - 00027648 _____ () C:\Windows\System32\ssb7mlm.dll
2014-02-14 05:18 - 2014-02-14 05:18 - 00040840 _____ () C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-09-29 11:51 - 2014-09-30 00:15 - 00737986 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2012-06-18 08:24 - 2012-06-18 08:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2011-03-09 05:08 - 2011-01-20 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-17 07:01 - 2010-10-28 03:14 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2011-10-17 07:01 - 2009-11-19 02:15 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-02-12 12:58 - 2014-02-12 12:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 12:58 - 2014-02-12 12:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-15 12:37 - 2011-02-15 12:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-02-15 12:36 - 2011-02-15 12:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-02-15 12:37 - 2011-02-15 12:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-10-20 10:06 - 2014-10-20 10:06 - 00043008 _____ () c:\users\melanie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfppdr9.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Melanie\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 07:19 - 2011-07-15 10:39 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-12-29 05:56 - 2010-12-29 05:56 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-09-07 04:15 - 2014-09-03 04:48 - 01497600 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-07 04:15 - 2014-05-19 08:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-09-24 17:22 - 2014-09-24 17:22 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-13 14:40 - 2014-08-13 14:40 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1e70f9aada009e40c4f131cfdbe52126\IsdiInterop.ni.dll
2011-03-09 05:44 - 2011-01-12 18:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-10-14 03:57 - 2013-10-14 03:57 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\Users\Melanie\Downloads\Appointment_Confirmation.eml:OECustomProperty
AlternateDataStreams: C:\Users\Melanie\Downloads\Fwd_master_applied_mathematics_apllication_requirements.eml:OECustomProperty
AlternateDataStreams: C:\Users\Melanie\Downloads\IS_29_2013_Christliche_Spiritualität_-_Suchen_Entdecken_Erleben_vom_14_-17_06_2013_im_Kloster_Volkenroda.eml:OECustomProperty
AlternateDataStreams: C:\Users\Melanie\Downloads\Termin_Staatskanzlei.eml:OECustomProperty
AlternateDataStreams: C:\Users\Melanie\Downloads\Wolfgang_Wiechert_m_chte_StuSti_Kolleg_2013-15_f_r_Sie_freigeben.eml:OECustomProperty
AlternateDataStreams: C:\Users\Melanie\Downloads\Zusagebenachrichtigung_IS_06.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56198676.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71201959.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56198676.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71201959.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-928299268-3892372864-3771450075-500 - Administrator - Disabled)
Gast (S-1-5-21-928299268-3892372864-3771450075-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-928299268-3892372864-3771450075-1002 - Limited - Enabled)
Melanie (S-1-5-21-928299268-3892372864-3771450075-1000 - Administrator - Enabled) => C:\Users\Melanie

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2903069

Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2903069

Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2014 02:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 96690

Error: (10/19/2014 02:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 96690

Error: (10/19/2014 02:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2014 01:54:57 PM) (Source: MsiInstaller) (EventID: 11309) (User: Melanie-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (10/19/2014 11:42:02 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/19/2014 11:40:28 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/19/2014 11:39:31 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.


System errors:
=============
Error: (10/20/2014 10:05:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/20/2014 10:05:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CxAudMsg" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/19/2014 08:11:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/19/2014 08:11:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CxAudMsg" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/19/2014 04:39:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/19/2014 04:39:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CxAudMsg" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/19/2014 04:28:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/19/2014 04:28:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CxAudMsg" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/19/2014 03:45:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IconMan_R" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/19/2014 03:45:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst IconMan_R erreicht.


Microsoft Office Sessions:
=========================
Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2903069

Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2903069

Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2014 02:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 96690

Error: (10/19/2014 02:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 96690

Error: (10/19/2014 02:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2014 01:54:57 PM) (Source: MsiInstaller) (EventID: 11309) (User: Melanie-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/19/2014 11:42:02 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/19/2014 11:40:28 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-3.0.1\Tcl\bin64\tk85.dllc:\program files\R\r-3.0.1\Tcl\bin64\tk85.dll9

Error: (10/19/2014 11:39:31 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 45%
Total physical RAM: 3947.86 MB
Available physical RAM: 2170.97 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5848.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:330.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4D16EF9)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

Ich sollte vielleicht noch erwähnen, dass TDSS-Killer beim ersten Suchlauf infizierte Dateien gefunden hat. Ich habe 'Cure' gewählt und den Computer neu gestartet, beim zweiten Suchlauf wurde nichts mehr gefunden.

mbar hat dann nochmal vier infizierte Dateien beim ersten und keine weiteren beim zweiten Suchlauf gefunden.

Inzwischen findet Avira BOO/TDSS.o nicht mehr, heißt das, er ist weg?
Wie kann ich die trovi-Adware entfernen?

Vielen, vielen Dank für deine Mühe!

Bootsektor · 20.10.2014, 22:33

Hallo,

Zitat:

Ich sollte vielleicht noch erwähnen, dass TDSS-Killer beim ersten Suchlauf infizierte Dateien gefunden hat. Ich habe 'Cure' gewählt und den Computer neu gestartet, beim zweiten Suchlauf wurde nichts mehr gefunden.

Ok, danke

Zitat:

Inzwischen findet Avira BOO/TDSS.o nicht mehr, heißt das, er ist weg?

Ja, den wird dann der TDSS-Killer erlegt haben

Zitat:

Wie kann ich die trovi-Adware entfernen?

Machen wir jetzt

Zuerst war es wichtig, dass wir der Bootsektoreninfektion nachgehen.

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :

Java 7 Update 40
Java 7 Update 51
Java(TM) 6 Update 29

Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 4
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Goldberry · 21.10.2014, 02:13

Hallo,

Freut mich, dass der Boo/TDSs.o jetzt weg ist

, vielen Dank!

Zur trovi-Entfernung:

Schritt 1: ist erledigt.

Schritt 2: Wenn ich dem Link folge und die .exe herunterlade, kommt die Meldung, dass die version veraltet ist und es öffnet sich automatisch im Browser eine Downloadseite für die neuste Version (v4.001). Wenn ich diese downloade, kommt die Fehlermeldung "Systemressourcen nicht ausreichend", Avira meldet, dass ein als Virus eingestuftes Programm versucht, auf awdCleaner zu zugreifen.

Was kann ich machen?

Bootsektor · 21.10.2014, 11:37

Hallo,

dann bitte vorübergehend das Antivirus ausschalten, downloaden, ausführen und Antivirus anschalten.

Goldberry · 21.10.2014, 17:35

Hallo,

ich habe beide Schritte ausgeführt, die trovi-Adware ist aber weder in Firefox noch Google-Chrome verschwunden.

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.001 - Bericht erstellt am 21/10/2014 um 09:16:56
# DB v2014-10-20.3
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Melanie - MELANIE-PC
# Gestartet von : C:\Users\Melanie\Downloads\adwcleaner_4.001(1).exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Melanie\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Users\Melanie\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Melanie\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Melanie\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Melanie\Documents\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\TheHDvid-Codec V10
Ordner Gelöscht : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Datei Gelöscht : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\searchplugins\trovi-search.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir(1)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir(1)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_data-crow_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_data-crow_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_dev-c_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_dev-c_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_oxygenoffice-professional_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_oxygenoffice-professional_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332215}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336615}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644334415}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332215}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335515}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336615}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TheHDvid-Codec V10
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AdvertisingSupport
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Browser Champion
Schlüssel Gelöscht : HKLM\SOFTWARE\TheHDvid-Codec V10
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v32.0.3 (x86 de)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [17458 octets] - [21/10/2014 09:13:54]
AdwCleaner[S0].txt - [16105 octets] - [21/10/2014 09:16:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16166 octets] ##########

--- --- ---

[/CODE]

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.001 - Bericht erstellt am 21/10/2014 um 09:27:37
# DB v2014-10-20.3
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Melanie - MELANIE-PC
# Gestartet von : C:\Users\Melanie\Downloads\adwcleaner_4.001.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v32.0.3 (x86 de)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [17458 octets] - [21/10/2014 09:13:54]
AdwCleaner[R1].txt - [1455 octets] - [21/10/2014 09:25:20]
AdwCleaner[S0].txt - [16351 octets] - [21/10/2014 09:16:56]
AdwCleaner[S1].txt - [982 octets] - [21/10/2014 09:27:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1041 octets] ##########

--- --- ---

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Melanie (administrator) on MELANIE-PC on 21-10-2014 09:21:51
Running from C:\Users\Melanie\Downloads
Loaded Profile: Melanie (Available profiles: Melanie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
() C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dropbox, Inc.) C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-02] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-02] (Atheros Commnucations)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-10-28] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-03] (Wondershare)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-08-20] (Google Inc.)
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [studNET-Autologin] => C:\Windows\SysWOW64\studnet\studnet.exe /auto
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [Google Update] => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-10-03] (Google Inc.)
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-20] (Avira)
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\MountPoints2: {c1cd0502-f020-11e1-9a13-1c7508fe42fb} - E:\LaunchU3.exe -a
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-20] (Avira)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 128.95.120.1 128.95.112.1
Tcpip\..\Interfaces\{7004B3CA-E164-4EAC-8FC6-74F9604EA488}: [NameServer] 139.18.25.3,139.18.1.2

FireFox:
========
FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV=
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 57737
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.1.5157423\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Melanie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Melanie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Melanie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Melanie\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\Extensions\trash [2014-10-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-24]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV="
CHR Profile: C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03]
CHR Extension: (Google Search) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03]
CHR Extension: (Google Sheets) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (Avira Browser Safety) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-06]
CHR Extension: (No Name) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30]
CHR Extension: (Gmail) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-02] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 Securepoint VPN; C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [40840 2014-02-14] () [File not signed]
S2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-05] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-10-19] (Malwarebytes Corporation)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-27] (Samsung Electronics)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 09:21 - 2014-10-21 09:21 - 00000000 ____D () C:\Users\Melanie\Downloads\FRST-OlderVersion
2014-10-21 09:19 - 2014-10-21 09:19 - 00016351 _____ () C:\Users\Melanie\Desktop\AdwCleaner[S0].txt
2014-10-21 09:12 - 2014-10-21 09:16 - 00000000 ____D () C:\AdwCleaner
2014-10-20 18:06 - 2014-10-20 18:06 - 00001207 _____ () C:\Users\Melanie\Desktop\Avira System Speedup.lnk
2014-10-20 18:06 - 2014-10-20 18:06 - 00000000 ____D () C:\Users\Melanie\AppData\Local\AviraSpeedup
2014-10-20 18:04 - 2014-10-20 18:06 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2014-10-20 18:04 - 2014-10-20 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-10-20 18:00 - 2014-10-20 18:01 - 01962496 _____ () C:\Users\Melanie\Downloads\adwcleaner_4.001(2).exe
2014-10-20 17:58 - 2014-10-20 17:58 - 01976320 _____ () C:\Users\Melanie\Downloads\AdwCleaner_4.000.exe
2014-10-20 17:55 - 2014-10-20 17:56 - 01962496 _____ () C:\Users\Melanie\Downloads\adwcleaner_4.001(1).exe
2014-10-20 17:50 - 2014-10-20 17:50 - 01962496 _____ () C:\Users\Melanie\Downloads\adwcleaner_4.001.exe
2014-10-20 10:19 - 2014-10-20 10:19 - 00042262 _____ () C:\Users\Melanie\Downloads\Addition.txt
2014-10-20 10:17 - 2014-10-21 09:22 - 00000000 ____D () C:\FRST
2014-10-20 10:17 - 2014-10-21 09:21 - 00022998 _____ () C:\Users\Melanie\Downloads\FRST.txt
2014-10-20 10:16 - 2014-10-21 09:21 - 02110976 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64.exe
2014-10-20 10:09 - 2014-10-20 10:10 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Melanie\Downloads\tdsskiller.exe
2014-10-19 17:35 - 2014-10-19 17:35 - 00000624 _____ () C:\Users\Melanie\Documents\Ereignisse2.txt
2014-10-19 16:02 - 2014-10-19 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-19 16:02 - 2014-10-19 16:42 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 16:02 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 16:01 - 2014-10-19 16:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 16:00 - 2014-10-19 17:17 - 00000000 ____D () C:\Users\Melanie\Desktop\mbar
2014-10-19 15:59 - 2014-10-19 15:59 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Melanie\Downloads\mbar-1.07.0.1012.exe
2014-10-19 15:59 - 2014-10-19 15:59 - 01986072 _____ (SafeInstall, LLC) C:\Users\Melanie\Downloads\7zip_installer.exe
2014-10-19 15:40 - 2014-10-19 15:52 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-19 13:56 - 2014-10-21 09:18 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-19 13:55 - 2014-10-21 09:18 - 00002444 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5_user.job
2014-10-19 13:55 - 2014-10-21 09:18 - 00002444 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5.job
2014-10-19 13:55 - 2014-10-19 13:55 - 00005474 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5
2014-10-19 13:54 - 2014-10-21 09:18 - 00005182 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11.job
2014-10-19 13:54 - 2014-10-21 09:18 - 00003458 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1.job
2014-10-19 13:54 - 2014-10-21 09:18 - 00002108 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2.job
2014-10-19 13:54 - 2014-10-21 09:18 - 00000896 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-19 13:54 - 2014-10-20 19:59 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-19 13:54 - 2014-10-19 13:55 - 00005138 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2
2014-10-19 13:54 - 2014-10-19 13:54 - 00008212 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11
2014-10-19 13:54 - 2014-10-19 13:54 - 00006488 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1
2014-10-19 13:54 - 2014-10-19 13:54 - 00003898 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-10-19 13:54 - 2014-10-19 13:54 - 00003644 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-10-19 13:53 - 2014-10-19 13:53 - 00074656 _____ () C:\Users\Melanie\Downloads\FLVPlayer-Chrome.exe
2014-10-19 13:53 - 2014-10-19 13:53 - 00074656 _____ () C:\Users\Melanie\Downloads\FLVPlayer-Chrome (1).exe
2014-10-18 14:17 - 2014-10-18 14:17 - 06626832 _____ (TeamViewer GmbH) C:\Users\Melanie\Downloads\TeamViewer_Setup_de.exe
2014-10-18 14:17 - 2014-10-18 14:17 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-18 14:17 - 2014-10-18 14:17 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-18 14:17 - 2014-10-18 14:17 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-10-09 23:02 - 2014-10-09 23:02 - 00000000 ____D () C:\Users\Melanie\Documents\fox-ffv2
2014-10-09 23:01 - 2014-10-09 23:01 - 00000118 _____ () C:\Users\Melanie\mercurial.ini
2014-10-09 23:01 - 2013-10-18 18:04 - 00000236 _____ () C:\Users\Melanie\Documents\gitignore_global.txt
2014-10-09 23:01 - 2013-10-18 18:04 - 00000173 _____ () C:\Users\Melanie\Documents\hgignore_global.txt
2014-10-09 23:00 - 2014-10-09 23:00 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Atlassian
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\ProgramData\Caphyon
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Atlassian
2014-10-09 22:58 - 2014-10-09 23:03 - 00000000 ____D () C:\ProgramData\Atlassian
2014-10-09 22:48 - 2014-10-09 22:48 - 10266464 _____ (Atlassian) C:\Users\Melanie\Downloads\SourceTreeSetup_1.6.5.exe
2014-10-09 21:43 - 2014-10-18 14:28 - 00009166 ____H () C:\Users\Melanie\_viminfo
2014-10-06 21:39 - 2014-10-07 11:22 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Wolfram Research
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\ProgramData\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Program Files\Extras
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-10-06 21:28 - 2014-10-06 21:28 - 00000000 ____D () C:\Program Files\Wolfram Research
2014-10-06 21:03 - 2014-10-06 21:22 - 2034844000 _____ (Wolfram Research, Inc. ) C:\Users\Melanie\Downloads\Mathematica_10.0.1_WIN.exe
2014-10-06 18:05 - 2014-10-06 18:05 - 00918952 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jxpiinstall(2).exe
2014-10-06 09:39 - 2014-10-13 12:03 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-05 09:33 - 2014-10-20 23:43 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA.job
2014-10-05 09:33 - 2014-10-19 09:43 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core.job
2014-10-05 09:33 - 2014-10-19 09:38 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA
2014-10-05 09:33 - 2014-10-19 09:38 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core
2014-10-04 09:16 - 2014-10-04 09:16 - 00000000 ____D () C:\Users\Melanie\.plugman
2014-10-03 21:36 - 2014-10-21 09:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 21:36 - 2014-10-20 23:41 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 21:36 - 2014-10-18 09:47 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-03 21:36 - 2014-10-03 21:36 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-03 21:36 - 2014-10-03 21:36 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-03 21:36 - 2014-10-03 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-03 21:35 - 2014-10-03 21:35 - 00895120 _____ (Google Inc.) C:\Users\Melanie\Downloads\ChromeSetup.exe
2014-10-03 11:24 - 2014-10-03 11:24 - 17824398 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140929(1).exe
2014-10-02 22:00 - 2014-10-02 22:00 - 00000000 __SHD () C:\Users\Melanie\AppData\Local\EmieUserList
2014-10-02 22:00 - 2014-10-02 22:00 - 00000000 __SHD () C:\Users\Melanie\AppData\Local\EmieSiteList
2014-10-02 21:49 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Melanie\Desktop\firstfox
2014-09-30 23:10 - 2014-09-30 23:10 - 00000000 ____D () C:\Users\Melanie\.ionic
2014-09-30 23:06 - 2014-09-30 23:06 - 00000000 ____D () C:\Users\Melanie\.cordova
2014-09-30 22:21 - 2014-09-30 22:24 - 00000000 ____D () C:\Users\Melanie\.ssh
2014-09-30 22:18 - 2014-10-15 22:45 - 00000469 _____ () C:\Users\Melanie\AppData\Roaming\.arcrc
2014-09-30 19:25 - 2014-09-30 19:25 - 00001389 _____ () C:\Users\Melanie\Desktop\Git Bash.lnk
2014-09-30 18:54 - 2014-09-30 18:54 - 17824398 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140929.exe
2014-09-30 18:45 - 2014-09-30 18:45 - 00000000 ____D () C:\Program Files\Arcanist
2014-09-30 18:42 - 2014-10-13 12:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-30 18:41 - 2014-09-30 18:41 - 07188616 _____ (Microsoft Corporation) C:\Users\Melanie\Downloads\vcredist_x64.exe
2014-09-30 18:26 - 2014-09-30 18:31 - 00000000 ____D () C:\Program Files\php
2014-09-30 18:25 - 2014-09-30 18:26 - 20894725 _____ () C:\Users\Melanie\Downloads\php-5.6.0-nts-Win32-VC11-x64.zip
2014-09-30 18:24 - 2014-09-30 18:25 - 19632729 _____ () C:\Users\Melanie\Downloads\php-5.6.0-Win32-VC11-x86.zip
2014-09-29 22:17 - 2014-09-29 22:17 - 00001352 _____ () C:\Users\Melanie\Desktop\eclipse_Android.lnk
2014-09-29 22:07 - 2014-09-29 22:07 - 00000000 ____D () C:\Users\Melanie\workspaceAndroid
2014-09-29 22:03 - 2014-09-29 22:03 - 00000000 ____D () C:\Program Files\Android
2014-09-29 21:55 - 2014-09-29 21:55 - 00000000 ____D () C:\Users\Melanie\Downloads\adt-bundle-windows-x86_64-20140702
2014-09-29 21:46 - 2014-09-29 21:46 - 00000000 ____D () C:\Program Files\apache
2014-09-29 21:44 - 2014-09-29 21:44 - 00000000 ____D () C:\Users\Melanie\Documents\apache-ant-1.9.4-bin-1
2014-09-29 14:11 - 2014-10-17 11:48 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\npm-cache
2014-09-29 14:10 - 2014-10-17 11:48 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\npm
2014-09-29 14:02 - 2014-09-29 14:03 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js
2014-09-29 14:02 - 2014-09-29 14:03 - 00000000 ____D () C:\Program Files\nodejs
2014-09-29 14:01 - 2014-09-29 14:02 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64(2).msi
2014-09-29 13:58 - 2014-09-29 13:58 - 00001317 _____ () C:\Users\Melanie\Desktop\Console.lnk
2014-09-29 13:46 - 2014-09-29 13:46 - 00000000 ____D () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_src
2014-09-29 13:46 - 2014-09-29 13:46 - 00000000 ____D () C:\Program Files\Console2
2014-09-29 13:45 - 2014-09-29 13:45 - 03699684 _____ () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_src.zip
2014-09-29 13:44 - 2014-09-29 13:44 - 01897882 _____ () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_64bit.zip
2014-09-29 13:11 - 2014-09-29 13:13 - 181484960 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jdk-8u20-windows-x64(1).exe
2014-09-29 11:51 - 2014-10-03 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2014-09-29 11:51 - 2014-10-03 11:32 - 00000000 ____D () C:\Program Files (x86)\Git
2014-09-29 11:50 - 2014-09-29 11:50 - 17806885 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140815.exe
2014-09-27 21:22 - 2014-09-27 21:23 - 00000000 ____D () C:\Users\Melanie\Documents\Banking
2014-09-25 08:32 - 2014-09-25 08:37 - 00003190 _____ () C:\Users\Melanie\Wahlergebnisse.html
2014-09-25 08:20 - 2014-09-25 08:28 - 00000936 _____ () C:\Users\Melanie\new  3.html
2014-09-25 08:12 - 2014-09-25 08:12 - 00000800 _____ () C:\Users\Melanie\new.html
2014-09-24 17:22 - 2014-09-24 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 12:33 - 2014-09-23 12:35 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64(1).msi
2014-09-23 11:41 - 2014-09-23 11:41 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64.msi
2014-09-23 11:01 - 2014-09-23 11:03 - 181484960 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jdk-8u20-windows-x64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 09:21 - 2013-09-11 04:14 - 00000000 ___RD () C:\Users\Melanie\Dropbox
2014-10-21 09:21 - 2013-08-02 13:03 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Dropbox
2014-10-21 09:20 - 2011-07-13 11:20 - 00000000 ____D () C:\ProgramData\clear.fi
2014-10-21 09:19 - 2011-04-06 20:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-10-21 09:18 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 09:17 - 2011-04-06 20:18 - 01798360 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 09:17 - 2011-04-06 20:14 - 00324558 _____ () C:\Windows\PFRO.log
2014-10-21 09:17 - 2009-07-13 21:51 - 00145753 _____ () C:\Windows\setupact.log
2014-10-21 09:16 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 09:16 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 18:04 - 2013-10-14 04:05 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-20 17:48 - 2011-07-15 10:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-19 17:52 - 2014-09-01 04:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Securepoint SSL VPN
2014-10-19 16:25 - 2011-07-13 10:23 - 00000000 ____D () C:\Users\Melanie
2014-10-19 15:51 - 2011-04-07 06:08 - 00700126 _____ () C:\Windows\system32\perfh007.dat
2014-10-19 15:51 - 2011-04-07 06:08 - 00149976 _____ () C:\Windows\system32\perfc007.dat
2014-10-19 15:51 - 2009-07-13 22:13 - 01622196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 13:56 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-19 13:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-19 08:57 - 2011-07-13 10:23 - 00066104 _____ () C:\Users\Melanie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-19 08:55 - 2009-07-13 21:45 - 00289408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 16:56 - 2011-08-06 12:12 - 00000000 ____D () C:\Users\Melanie\AppData\Local\CrashDumps
2014-10-14 09:28 - 2013-10-21 00:12 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 09:28 - 2013-10-14 04:05 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 09:28 - 2013-10-14 04:05 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-13 12:03 - 2013-10-14 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-10 18:54 - 2013-08-05 03:52 - 00000000 ____D () C:\Users\Melanie\Documents\MATLAB
2014-10-09 22:57 - 2012-03-14 12:34 - 01596476 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-09 14:39 - 2011-07-14 08:49 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Mozilla
2014-10-06 09:39 - 2011-11-28 12:40 - 00000000 ____D () C:\ProgramData\Avira
2014-10-05 19:20 - 2013-10-14 04:05 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-05 09:34 - 2011-07-15 10:43 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Google
2014-10-04 22:13 - 2011-07-15 10:43 - 00000000 ____D () C:\Program Files (x86)\Picasa2
2014-10-03 21:36 - 2011-07-15 10:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-03 14:09 - 2012-03-14 12:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\SoftGrid Client
2014-09-29 22:07 - 2013-04-15 07:15 - 00000000 ____D () C:\Users\Melanie\.eclipse
2014-09-29 13:33 - 2014-01-26 11:22 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-29 13:33 - 2014-01-26 11:22 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-29 13:33 - 2014-01-26 11:22 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-29 13:33 - 2014-01-26 11:22 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-29 13:33 - 2011-10-22 07:39 - 00000000 ____D () C:\Program Files\Java
2014-09-29 13:19 - 2013-10-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-09-29 11:39 - 2014-07-22 11:42 - 00000000 ____D () C:\Users\Melanie\.android
2014-09-29 11:33 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-29 10:28 - 2011-11-03 15:04 - 00002201 _____ () C:\Windows\wininit.ini
2014-09-28 23:15 - 2009-07-13 22:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 20:33 - 2012-04-22 08:16 - 00000000 ____D () C:\Users\Melanie\workspace2
2014-09-25 07:47 - 2012-05-06 13:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-23 11:11 - 2014-01-25 03:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-23 11:08 - 2013-10-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some content of TEMP:
====================
C:\Users\Melanie\AppData\Local\Temp\AskSLib.dll
C:\Users\Melanie\AppData\Local\Temp\avgnt.exe
C:\Users\Melanie\AppData\Local\Temp\AviraSetup1701721.exe
C:\Users\Melanie\AppData\Local\Temp\dl3darm2.dll
C:\Users\Melanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaxpx7w.dll
C:\Users\Melanie\AppData\Local\Temp\i4jdel0.exe
C:\Users\Melanie\AppData\Local\Temp\MSNF05E.exe
C:\Users\Melanie\AppData\Local\Temp\optprosetup.exe
C:\Users\Melanie\AppData\Local\Temp\pyl1C08.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl2DC5.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl3226.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl46DF.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl4826.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl557E.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl5BE5.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl7493.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl8342.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl92BD.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl96F1.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl9B56.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylA727.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylAD6F.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylB115.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylB655.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylC6A8.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylD97C.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylE60A.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylEA9C.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\Quarantine.exe
C:\Users\Melanie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Melanie\AppData\Local\Temp\sqlite3.dll
C:\Users\Melanie\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\Melanie\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Melanie\AppData\Local\Temp\_is2F2C.exe
C:\Users\Melanie\AppData\Local\Temp\_is473.exe
C:\Users\Melanie\AppData\Local\Temp\_is6EF9.exe
C:\Users\Melanie\AppData\Local\Temp\_isB598.exe
C:\Users\Melanie\AppData\Local\Temp\_isE6C5.exe
C:\Users\Melanie\AppData\Local\Temp\_isE926.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 08:30

==================== End Of Log ============================

--- --- ---

Bootsektor · 21.10.2014, 23:26

Hallo,

Zitat:

ich habe beide Schritte ausgeführt, die trovi-Adware ist aber weder in Firefox noch Google-Chrome verschwunden.

Dafür aber jede Menge anderer Kram

Trovi machen wir jetzt. Was ist mit dem Port im Firefox, hast du den gesetzt?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV=

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
In deinem Chrome Browser ist trovi als Startseite eingetragen
Stelle nach dieser Anleitung deine Startseite neu ein.

Schritt 3
Bitte noch Schritt 3 aus meinem vorherigen Post (Fix mit FRST) ausführen, fixlog posten.

Schritt 4
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 5
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 6
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

21.10.2014, 11:37	#10
Bootsektor Ruhe in Frieden † 2019	BOO/TDSS.o Befall - was kann ich tun Hallo, dann bitte vorübergehend das Antivirus ausschalten, downloaden, ausführen und Antivirus anschalten. __________________ Grüße stolzes Mitglied von UNITE Du hast Lob oder Verbesserungsvorschläge? Du findest unsere Arbeit gut und möchtest uns finanziell unterstützen? -> Spende

BOO/TDSS.o Befall - was kann ich tun

Plagegeister aller Art und deren Bekämpfung: BOO/TDSS.o Befall - was kann ich tun