Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner-Fund "PUP.Optional.OpenCandy.A"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.05.2014, 08:38   #1
BerndB
 
Trojaner-Fund "PUP.Optional.OpenCandy.A" - Standard

Trojaner-Fund "PUP.Optional.OpenCandy.A"



Hallo zusammen,

beim routinemäßigen Scan mit Malwarebytes wurde ein infiziertes Objekt mit dem Namen "PUP.Optional.OpenCandy.A" gemeldet. Das logfile ist angehängt:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.05.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Go :: GO-ACER [Administrator]

12.05.2014 08:36:31
mbam-log-2014-05-12 (08-36-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 247749
Laufzeit: 10 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Go\AppData\Local\Temp\is-69Q5Q.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Dann habe ich gleich noch FRST ausgeführt. Hier die beiden logfiles:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by Go at 2014-05-12 09:03:29
Running from C:\Users\Go\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.2.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0203.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net)
Allway Sync version 12.14.11 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E990BCC2-2FC9-397F-6C1F-D73CCEC0E5AD}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
Avira Antivirus Suite (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AvsP (HKLM-x32\...\AvsP_is1) (Version:  - )
Backup Manager Advance (x32 Version: 2.0.1.60 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2568 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3184 - CDBurnerXP)
Citrix Authentication Manager (x32 Version: 3.0.0.47031 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
Citrix Receiver (USB) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.3.0.17208 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.3.0.17207 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
fotokasten comfort 4.4 (HKLM-x32\...\fotokasten comfort_is1) (Version:  - )
FoxyTunes for Firefox (HKLM-x32\...\FoxyTunesForFirefox) (Version:  - )
Free Audio CD Burner version 1.4.8 (HKLM-x32\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube Download version 3.2.33.424 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.33.424 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.00.1005 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.75 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.75 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version:  - Mobile Connection Manager)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}) (Version: 3.58.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.201.0 - Tracker Software Products Ltd.)
Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.10.115 - Corel Corporation)
Pinnacle Studio 16 - Standard Content Pack (HKLM-x32\...\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}) (Version: 16.0.1 - Corel Corporation)
Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Self-Service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.1 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.1.129 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48 (HKLM-x32\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.48 - eRightSoft)
Sweet Home 3D version 4.2 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9492511E-2CE0-4904-9400-203F44E1DC0D}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9492511E-2CE0-4904-9400-203F44E1DC0D}) (Version:  - Microsoft)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
WebEx (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4300 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.0.2013 - BillP Studios)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WISO Sparbuch 2010 (HKLM-x32\...\{46B70DEB-97B3-4E38-B746-EC16905E6A8F}) (Version: 17.00.6531 - Buhl Data Service GmbH)
Xvid 1.1.3 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)

==================== Restore Points  =========================

21-04-2014 08:40:40 Geplanter Prüfpunkt
02-05-2014 09:42:50 Geplanter Prüfpunkt
09-05-2014 12:38:39 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-06-13 15:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {29F67858-0A83-42B6-8553-C0665B378821} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5CB6EA27-C87E-4A04-8BFF-07B563694E09} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {609D1DA4-30A4-4BFA-81FD-1A64603F8739} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29] (Google Inc.)
Task: {66A6E6C5-8E2C-426A-824D-DCFEA5C90305} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-03-26] (Acer)
Task: {D1D34D11-8220-493D-89A1-01197FB21733} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {E910F88D-C9D7-43CB-BBB1-534A2D37D692} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-12 22:30 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-08-15 18:07 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-09 19:50 - 2013-08-09 19:51 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2010-01-07 14:42 - 2010-01-07 14:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-23 16:43 - 2010-09-23 16:43 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-28 00:01 - 2013-10-31 20:25 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-04-12 04:37 - 2009-12-24 02:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-11-25 21:36 - 2013-07-15 19:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2010-04-12 05:11 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-05-11 12:35 - 2014-05-11 12:35 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-29 21:48 - 2014-04-29 21:48 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2014 08:28:23 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/11/2014 08:24:30 PM) (Source: SideBySide) (User: ) (EventID: 63)
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/11/2014 06:57:27 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 20720864

Error: (05/11/2014 06:57:27 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 20720864

Error: (05/11/2014 06:57:27 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/11/2014 11:43:23 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 59184626

Error: (05/11/2014 11:43:23 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 59184626

Error: (05/11/2014 11:43:23 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/09/2014 02:34:05 PM) (Source: SideBySide) (User: ) (EventID: 63)
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/09/2014 11:33:29 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 4397403


System errors:
=============
Error: (05/12/2014 08:53:33 AM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/10/2014 01:40:42 PM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (05/02/2014 07:31:06 PM) (Source: Disk) (User: ) (EventID: 11)
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (05/02/2014 07:31:06 PM) (Source: Disk) (User: ) (EventID: 11)
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (05/02/2014 07:31:05 PM) (Source: Disk) (User: ) (EventID: 11)
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (05/02/2014 07:31:05 PM) (Source: Disk) (User: ) (EventID: 11)
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/27/2014 09:41:49 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/27/2014 09:41:49 AM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht.

Error: (04/27/2014 09:41:10 AM) (Source: EventLog) (User: ) (EventID: 6008)
Description: Das System wurde zuvor am ‎27.‎04.‎2014 um 09:38:47 unerwartet heruntergefahren.

Error: (04/26/2014 08:31:33 AM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}


Microsoft Office Sessions:
=========================
Error: (10/24/2013 08:06:39 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-06-13 15:08:26.105
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-06-13 15:08:26.089
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 3958.71 MB
Available physical RAM: 2206.97 MB
Total Pagefile: 7915.61 MB
Available Pagefile: 5841.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:583.07 GB) (Free:109.2 GB) NTFS
Drive d: (Pinnacle Studio) (CDROM) (Total:3.77 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 3F133209)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=583 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by Go (administrator) on GO-ACER on 12-05-2014 09:02:01
Running from C:\Users\Go\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3285046180-1601246429-4061178265-1003\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-08-09] ()
HKU\S-1-5-21-3285046180-1601246429-4061178265-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [456768 2013-10-19] (BillP Studios)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740g&r=27360411n545l0484z1h5x4742m20r
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740g&r=27360411n545l0484z1h5x4742m20r
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740g&r=27360411n545l0484z1h5x4742m20r
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Go\AppData\Roaming\Mozilla\Firefox\Profiles\bb5wl85e.default-1385584680719
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Go\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Go\AppData\Roaming\Mozilla\Firefox\Profiles\bb5wl85e.default-1385584680719\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-28]
FF Extension: Adblock Plus - C:\Users\Go\AppData\Roaming\Mozilla\Firefox\Profiles\bb5wl85e.default-1385584680719\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-28]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-01]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-01]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-23] (Avira Operations GmbH & Co. KG)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-12 09:02 - 2014-05-12 09:02 - 00022267 _____ () C:\Users\Go\Desktop\FRST.txt
2014-05-12 09:01 - 2014-05-12 09:02 - 00000000 ____D () C:\FRST
2014-05-12 08:52 - 2014-05-12 08:52 - 02066944 _____ (Farbar) C:\Users\Go\Desktop\FRST64.exe
2014-05-12 08:30 - 2014-05-12 08:30 - 00001444 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-05-12 08:28 - 2014-05-12 08:28 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\Go\Downloads\FreeYouTubeDownload-3.2.33.424.exe
2014-05-11 12:35 - 2014-05-11 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-02 17:44 - 2014-05-03 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-02 09:13 - 2014-05-02 10:29 - 01839947 _____ () C:\Users\Go\Desktop\Präsentation_ADHS_neu1 ppt.pptx
2014-04-25 06:46 - 2014-04-25 06:46 - 00061240 _____ () C:\Users\Go\Documents\Hochzeitsspiele.pptx
2014-04-21 08:51 - 2014-04-21 08:53 - 00000000 ____D () C:\Users\Go\Documents\Weber_Bücher
2014-04-20 10:04 - 2014-04-20 10:04 - 00001237 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-04-20 10:04 - 2014-04-20 10:04 - 00000000 ____D () C:\Users\Go\AppData\Roaming\elsterformular
2014-04-20 10:04 - 2014-04-20 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-04-20 10:04 - 2014-04-20 10:04 - 00000000 ____D () C:\ProgramData\elsterformular
2014-04-20 10:04 - 2014-04-20 10:04 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-04-20 10:01 - 2014-04-20 10:02 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Go\Downloads\ElsterFormular-15.2.20140326p.exe
2014-04-18 17:14 - 2014-04-18 17:14 - 00000000 ____D () C:\Users\Go\AppData\Roaming\dvdcss
2014-04-18 16:42 - 2014-04-18 16:44 - 142602520 _____ (Microsoft Corporation) C:\Users\Go\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-04-18 15:20 - 2014-04-18 15:20 - 00000000 ____D () C:\MAGIX
2014-04-18 15:10 - 2014-04-18 15:10 - 00613200 _____ (Chip Digital GmbH) C:\Users\Go\Downloads\Magix Video Deluxe - CHIP-Downloader.exe

==================== One Month Modified Files and Folders =======

2014-05-12 09:03 - 2013-08-09 19:51 - 00000000 ____D () C:\Users\Go\AppData\Local\PMB Files
2014-05-12 09:02 - 2014-05-12 09:02 - 00022267 _____ () C:\Users\Go\Desktop\FRST.txt
2014-05-12 09:02 - 2014-05-12 09:01 - 00000000 ____D () C:\FRST
2014-05-12 09:00 - 2010-09-23 16:43 - 01922766 _____ () C:\Windows\WindowsUpdate.log
2014-05-12 08:55 - 2011-04-29 18:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 08:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 08:55 - 2009-07-14 06:51 - 00145071 _____ () C:\Windows\setupact.log
2014-05-12 08:54 - 2012-05-19 14:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 08:54 - 2010-09-23 16:39 - 00605466 _____ () C:\Windows\PFRO.log
2014-05-12 08:52 - 2014-05-12 08:52 - 02066944 _____ (Farbar) C:\Users\Go\Desktop\FRST64.exe
2014-05-12 08:46 - 2013-03-02 16:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 08:32 - 2011-08-08 18:55 - 00000000 ____D () C:\Users\Go\AppData\Roaming\DVDVideoSoft
2014-05-12 08:30 - 2014-05-12 08:30 - 00001444 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-05-12 08:30 - 2011-05-12 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-12 08:30 - 2011-05-12 21:24 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-12 08:28 - 2014-05-12 08:28 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\Go\Downloads\FreeYouTubeDownload-3.2.33.424.exe
2014-05-12 08:22 - 2011-04-29 18:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 12:36 - 2014-05-11 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 13:45 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 13:45 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 07:01 - 2011-04-29 18:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 07:01 - 2011-04-29 18:00 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 06:40 - 2010-09-24 02:34 - 00754052 _____ () C:\Windows\system32\perfh007.dat
2014-05-09 06:40 - 2010-09-24 02:34 - 00171872 _____ () C:\Windows\system32\perfc007.dat
2014-05-09 06:40 - 2009-07-14 07:13 - 01760780 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 21:52 - 2011-10-16 14:07 - 00000000 ____D () C:\Users\Go\Documents\Steuer
2014-05-04 20:07 - 2013-08-09 21:48 - 00000787 _____ () C:\Users\Go\AppData\Roaming\__AvidCloudManager.log
2014-05-04 16:36 - 2013-08-09 21:48 - 00000000 ____D () C:\Users\Go\AppData\Local\Avid
2014-05-04 16:36 - 2013-08-09 19:49 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-05-04 10:38 - 2013-08-09 21:48 - 00001013 _____ () C:\Users\Go\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-05-04 09:42 - 2013-08-09 21:48 - 00003684 _____ () C:\Users\Go\AppData\Roaming\GO-ACER.MTBF.txt
2014-05-03 10:45 - 2014-05-02 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-02 18:12 - 2012-04-01 17:17 - 00000000 ____D () C:\Users\Go\Documents\Haus_RiederWeg
2014-05-02 16:40 - 2012-11-08 18:36 - 00001646 _____ () C:\Users\Go\Desktop\alles_mögliche.txt.txt
2014-05-02 16:39 - 2011-11-22 18:14 - 00000000 ____D () C:\Users\Go\Documents\Word_und_Excel
2014-05-02 10:29 - 2014-05-02 09:13 - 01839947 _____ () C:\Users\Go\Desktop\Präsentation_ADHS_neu1 ppt.pptx
2014-04-29 21:48 - 2013-03-02 16:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 21:48 - 2012-04-24 15:15 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 21:48 - 2012-04-24 15:15 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-25 06:46 - 2014-04-25 06:46 - 00061240 _____ () C:\Users\Go\Documents\Hochzeitsspiele.pptx
2014-04-23 20:20 - 2013-08-09 19:48 - 00000000 ____D () C:\Users\Go\AppData\Local\Pinnacle
2014-04-22 19:29 - 2009-07-14 06:45 - 00616536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 08:53 - 2014-04-21 08:51 - 00000000 ____D () C:\Users\Go\Documents\Weber_Bücher
2014-04-20 16:46 - 2012-04-25 14:23 - 00000000 ____D () C:\ProgramData\tmp
2014-04-20 16:43 - 2011-09-06 16:00 - 00000000 ____D () C:\Users\Go\Documents\Kathi
2014-04-20 10:04 - 2014-04-20 10:04 - 00001237 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-04-20 10:04 - 2014-04-20 10:04 - 00000000 ____D () C:\Users\Go\AppData\Roaming\elsterformular
2014-04-20 10:04 - 2014-04-20 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-04-20 10:04 - 2014-04-20 10:04 - 00000000 ____D () C:\ProgramData\elsterformular
2014-04-20 10:04 - 2014-04-20 10:04 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-04-20 10:02 - 2014-04-20 10:01 - 77405552 _____ (Landesfinanzdirektion Thüringen) C:\Users\Go\Downloads\ElsterFormular-15.2.20140326p.exe
2014-04-20 09:45 - 2011-08-26 18:04 - 00000000 ____D () C:\Users\Go\Documents\Eigene Scans
2014-04-18 17:15 - 2012-01-07 19:28 - 00000000 ____D () C:\ProgramData\MAGIX
2014-04-18 17:15 - 2012-01-07 19:28 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-04-18 17:14 - 2014-04-18 17:14 - 00000000 ____D () C:\Users\Go\AppData\Roaming\dvdcss
2014-04-18 17:14 - 2011-08-28 13:20 - 00000000 ____D () C:\Users\Go\AppData\Roaming\vlc
2014-04-18 16:44 - 2014-04-18 16:42 - 142602520 _____ (Microsoft Corporation) C:\Users\Go\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-04-18 16:37 - 2011-04-29 18:16 - 00000000 ____D () C:\Users\Go\Documents\Backup_Mozilla
2014-04-18 16:25 - 2011-04-29 17:15 - 00192872 _____ () C:\Users\Go\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-18 15:23 - 2012-01-07 19:06 - 00000000 ____D () C:\Users\Go\AppData\Roaming\MAGIX
2014-04-18 15:20 - 2014-04-18 15:20 - 00000000 ____D () C:\MAGIX
2014-04-18 15:20 - 2011-05-01 16:47 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-04-18 15:18 - 2011-04-29 19:46 - 00000000 ____D () C:\backup
2014-04-18 15:10 - 2014-04-18 15:10 - 00613200 _____ (Chip Digital GmbH) C:\Users\Go\Downloads\Magix Video Deluxe - CHIP-Downloader.exe

Files to move or delete:
====================
C:\Users\Go\CTX.DAT


Some content of TEMP:
====================
C:\Users\Go\AppData\Local\Temp\avgnt.exe
C:\Users\Go\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 13:30

==================== End Of Log ============================
         
Nun zur Frage. Wie bekomme ich den Trojaner wieder los?

Vielen Dank im Voraus für eure Hilfe!
VG
BerndB

Alt 12.05.2014, 08:54   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner-Fund "PUP.Optional.OpenCandy.A" - Standard

Trojaner-Fund "PUP.Optional.OpenCandy.A"



Hi,

der eine Fund war nur in den temporären Dateien. löschen und gut is
__________________

__________________

Alt 12.05.2014, 18:52   #3
BerndB
 
Trojaner-Fund "PUP.Optional.OpenCandy.A" - Standard

Trojaner-Fund "PUP.Optional.OpenCandy.A"



Super. Vielen Dank!!!!
__________________

Alt 13.05.2014, 13:40   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner-Fund "PUP.Optional.OpenCandy.A" - Standard

Trojaner-Fund "PUP.Optional.OpenCandy.A"



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojaner-Fund "PUP.Optional.OpenCandy.A"
.com, 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, association, avira, branding, combofix, converter, device driver, dvdvideosoft ltd., email, error, excel, firefox, flash player, help, helper, home, iexplore.exe, lightning, logfile, mp3, officejet, registry, scan, security, server, software, sparbuch, symantec, tracker, trojaner, vista




Ähnliche Themen: Trojaner-Fund "PUP.Optional.OpenCandy.A"


  1. Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2015 (10)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  4. Windows 8.1: "tr.dropper.gen" (Avira) und "opencandy" (MBAM)
    Log-Analyse und Auswertung - 15.06.2014 (11)
  5. Avira meldet Fund: 'TR/Crypt.XPACK.Gen2, Malwarebytes findet PUP.Optional.OpenCandy. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (14)
  6. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  7. MALWAREBYTES meldet 2 Funde, als Anbieter "PUP.Optional.Conduit.A" und "PUP.Optional.DataMngr.A"
    Log-Analyse und Auswertung - 10.03.2014 (7)
  8. Win-XP, Avira und MBAM Fund, Trojaner "TR/Drop.Softomat.AN"
    Log-Analyse und Auswertung - 23.02.2014 (9)
  9. Fund von PUP.Optional.Wajam.A, Neuinstallation fällig oder eher "nur" unerwünschte Software
    Log-Analyse und Auswertung - 26.11.2013 (19)
  10. Windows 7: MBAM Fund: PUP.Optional.Opencandy
    Log-Analyse und Auswertung - 29.10.2013 (9)
  11. Windows 7: Malwarebytes Fund "PUP.Optional.OpenCandy"
    Log-Analyse und Auswertung - 13.09.2013 (14)
  12. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  13. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)
  14. habe Malewarebytes,TDSS Killer,OTL und gmer vom Laptop Entfernt und danach ein avira fund ""EXP/JS.Expack.EB" gemacht
    Mülltonne - 05.02.2013 (1)
  15. Avira Fund "js/obfuscated.cf" und gleich darauf ""TR/SPY.KeyLogger.301" fund auf vista
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (19)
  16. Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender
    Plagegeister aller Art und deren Bekämpfung - 19.03.2011 (23)
  17. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)

Zum Thema Trojaner-Fund "PUP.Optional.OpenCandy.A" - Hallo zusammen, beim routinemäßigen Scan mit Malwarebytes wurde ein infiziertes Objekt mit dem Namen "PUP.Optional.OpenCandy.A" gemeldet. Das logfile ist angehängt: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank - Trojaner-Fund "PUP.Optional.OpenCandy.A"...
Archiv
Du betrachtest: Trojaner-Fund "PUP.Optional.OpenCandy.A" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.