Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Desktop leer, Virenfund (https://www.trojaner-board.de/145266-windows-7-desktop-leer-virenfund.html)

Hallowinna 27.11.2013 20:58
Windows 7: Desktop leer, Virenfund
 
Guten Abend zusammen,

nach einer Update-Installation (macht den Anschein eines Windows-Updates) musste ich mehrmals mein Passwort eingeben. Nachdem das korrekte Passwort angenommen wurde fuhr der PC wie gewohnt hoch.
Jedoch mit einigen Auffälligkeiten:
- Desktophintergrundbild verschwunden
- sämtliche Icons auf dem Dektop verschwunden
- Persönliche Einstellungen bei Firefox verloren

Das kam mir alles komisch vor, also habe ich Malwarbytes drüber laufen lassen. Mit einem großen Fund an verdächtigen Dateien. Ich bin ein absoluter Foren-Neuling und weiß daher nicht wie ich das Log-File zum scrollen einfüge. Entschuldigt bitte den langen Post!

Könnt ihr mir sagen, was ich tun kann und wie gefährlich die Nutzung meines PCs im Moment ist?

Danke schonmal für eure Hilfe!
LG
Hallowinna


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.27.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
ACO :: ACO-PC [administrator]

27.11.2013 20:16:56
MBAM-log-2013-11-27 (20-38-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254381
Time elapsed: 20 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 83
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> No action taken.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> No action taken.
HKCR\escort.escortIEPane (PUP.Optional.Delta) -> No action taken.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> No action taken.
HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> No action taken.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> No action taken.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> No action taken.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> No action taken.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\IminentWebBooster.ActiveContentHandle.1 (PUP.Optional.Iminent.A) -> No action taken.
HKCR\IminentWebBooster.ActiveContentHandler (PUP.Optional.Iminent.A) -> No action taken.
HKCR\IminentWebBooster.BrowserHelperObject.1 (PUP.Optional.Iminent.A) -> No action taken.
HKCR\IminentWebBooster.BrowserHelperObject (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> No action taken.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Business.Tinyfying.DownloadArgs (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Business.Tinyfying.LinkToPromoteArgs (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Business.Tinyfying.RawDataArgs (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Business.Tinyfying.TinyUrlArgs (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Business.Tinyfying.ViralLinkArgs (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.ClientCallback (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.ContractBase (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.GameOverCallback (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.GetCreditCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableResult (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.InstallationContextResult (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.LoginCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.LogoutCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.MyAccountCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.PlayContentCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.PostContentCallback (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.SetVariableCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.TestContentCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.WarmUpCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.DataContracts.WelcomeCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.ServerCommand (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.Communication.ServerResult (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.LightContent (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.LightUri (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Iminent.Mediator.MediatorServiceProxy (PUP.Optional.Iminent.A) -> No action taken.
HKCR\IminentWebBooster.ScriptExtender (PUP.Optional.Iminent.A) -> No action taken.
HKCR\IminentWebBooster.ScriptExtender.1 (PUP.Optional.Iminent.A) -> No action taken.
HKCR\IminentWebBooster.TinyUrlHandler (PUP.Optional.Iminent.A) -> No action taken.
HKCR\IminentWebBooster.TinyUrlHandler.1 (PUP.Optional.Iminent.A) -> No action taken.
HKCR\AppID\Iminent.WebBooster.InternetExplorer.DLL (PUP.Optional.Iminent.A) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> No action taken.
HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> No action taken.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: hxxp://www2.delta-search.com/?affID=121562&babsrc=HP_ss&mntrId=380D001D72C50398 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 31
C:\Users\ACO\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\Program Files\Iminent (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\it (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\de (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\en (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\es (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\fr (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\ro (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\tr (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\chrome (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\chrome\content (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\defaults (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\defaults\preferences (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\inst (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\inst\Bootstrapper (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\ACO\AppData\Roaming\OpenCandy\4F568BE6B5774BBF9C6F9FDBA7C9E679 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\ACO\AppData\Roaming\OpenCandy\55E5ADB6758940D6B7CD1858C7B4B906 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\ACO\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> No action taken.

Files Detected: 132
C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (Trojan.BProtector) -> No action taken.
C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (PUP.Optional.Delta) -> No action taken.
C:\Program Files\Delta\delta\1.8.16.16\deltasrv.exe (PUP.Optional.Delta) -> No action taken.
C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\OpenCandy\55E5ADB6758940D6B7CD1858C7B4B906\DeltaTB.exe (PUP.Optional.Delta.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\D9F3.tmp (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\78DF.tmp (PUP.Optional.PerformerSoft.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\B867.tmp (PUP.Optional.FileScout.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\BD.tmp (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\9DE3.tmp (PUP.Optional.PerformerSoft.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\AD9B.tmp (PUP.Optional.PerformerSoft.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\setup_fsu_cid.exe (Trojan.Sefnit) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\46CEE6A3-BAB0-7891-B735-A427813F68E1\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\46CEE6A3-BAB0-7891-B735-A427813F68E1\Latest\CrxInstaller.dum (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\46CEE6A3-BAB0-7891-B735-A427813F68E1\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\46CEE6A3-BAB0-7891-B735-A427813F68E1\Latest\Setup.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\upd8BAB\BabMaint.x (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\is1293846689\dealply.exe (PUP.Optional.Dealply) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\bus2C3D\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\busBF2B\BUSolution.dll (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\busCC46\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Program Files\Iminent\SearchTheWeb.xml (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Mediator.ActivePlayers.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\f_in_box.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.AxImp.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Booster.UI.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Business.Connect.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Business.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Business.tlb (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.crx (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Entity.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.exe (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.exe.config (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.InstallLog (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.InstallState (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Microsoft.Expression.Interactions.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\System.Data.SQLite.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\System.Data.SQLite.xml (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\System.Windows.Interactivity.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\System.Windows.Interactivity.xml (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\WPFLocalizeExtension.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\WPFLocalizeExtension.xml (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Mediator.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Mediator.tlb (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Messengers.exe (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Messengers.exe.config (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Services.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.WinCore.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.WinCore.WLM.WinEvents.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.WinCore.WLM15.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.WinCore.Yahoo.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Windows.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\Iminent.Workflow.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\it\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\it\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\it\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\it\Iminent.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\it\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\it\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\it\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\de\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\de\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\de\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\de\Iminent.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\de\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\de\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\de\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\en\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\en\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\en\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\en\Iminent.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\en\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\en\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\en\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\es\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\es\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\es\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\es\Iminent.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\es\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\es\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\es\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\fr\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\fr\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\fr\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\fr\Iminent.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\fr\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\fr\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\fr\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\ro\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\ro\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\ro\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\tr\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\tr\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\tr\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\tr\Iminent.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\tr\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\chrome.manifest (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\install.rdf (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\chrome\content\browser.js (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\chrome\content\browser.xul (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\chrome\content\config.js (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\chrome\content\scriptExtender.js (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\chrome\content\scriptInjector.js (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\chrome\content\utils.js (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\webbooster@iminent.com\defaults\preferences\prefs.js (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\inst\main.ico (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\inst\msacm32.dll (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\inst\SearchTheWeb.ico (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Iminent\inst\Bootstrapper\Bootstrapper.exe (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\SearchTheWeb.lnk (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Blog.lnk (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\FAQ.lnk (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Help.lnk (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Iminent.lnk (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1033.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\ACO\AppData\Roaming\OpenCandy\4F568BE6B5774BBF9C6F9FDBA7C9E679\TuneUpUtilities2013_2200217_de-DE.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\ACO\AppData\Roaming\OpenCandy\55E5ADB6758940D6B7CD1858C7B4B906\5404.ico (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\ACO\AppData\Roaming\OpenCandy\55E5ADB6758940D6B7CD1858C7B4B906\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\ACO\AppData\Roaming\OpenCandy\55E5ADB6758940D6B7CD1858C7B4B906\OCBrowserHelper_1.0.6.124.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\ACO\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> No action taken.
C:\Users\ACO\AppData\Local\Temp\Iminent\Log\Iminent.MSI.log (PUP.Optional.Iminent.A) -> No action taken.

(end)

schrauber 28.11.2013 08:24
hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307




Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Hallowinna 28.11.2013 21:14
Hallöchen! Vielen Dank für deine Antwort und deine angebotene Hilfe!

Hier die angeforderten Files:

FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-11-2013
Ran by ACO (administrator) on ACO-PC on 28-11-2013 21:10:12
Running from C:\Users\TEMP\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UIExec] - C:\Program Files\1&1 Surf-Stick\UIExec.exe [156448 2012-05-04] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoAutorun] 1
AppInit_DLLs: C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll [ 2013-11-18] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=121562&babsrc=HP_ss&mntrId=380D001D72C50398
SearchScopes: HKLM - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 21 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\q22335fz.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor
FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files\Iminent\webbooster@iminent.com
FF Extension: Iminent Minibar - C:\Program Files\Iminent\webbooster@iminent.com
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-09] (Avira Operations GmbH & Co. KG)
R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 HPSLPSVC; C:\Users\ACO\AppData\Local\Temp\7zS195B\hpslpsvc32.dll [701288 2012-11-14] (Hewlett-Packard Co.)
S2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-11] ()
R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [363336 2011-11-15] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-11] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [329544 2012-04-02] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [103112 2013-11-05] (McAfee, Inc.)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [274208 2012-05-04] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-12] (Avira Operations GmbH & Co. KG)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2009-12-22] ()
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-08-29] (MBB Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-11-27] (Malwarebytes Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-12] (Avira GmbH)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-28 21:10 - 2013-11-28 21:11 - 00012319 _____ C:\Users\TEMP\Downloads\FRST.txt
2013-11-28 21:09 - 2013-11-28 21:09 - 01092049 _____ (Farbar) C:\Users\TEMP\Downloads\FRST.exe
2013-11-28 21:09 - 2013-11-28 21:09 - 00000000 ____D C:\FRST
2013-11-28 21:07 - 2013-11-28 21:07 - 00001167 _____ C:\Users\A-CO\Desktop\Continue Zip Extractor Installation.lnk
2013-11-28 21:07 - 2013-11-28 21:07 - 00001151 _____ C:\Users\TEMP\Desktop\Continue Zip Extractor Installation.lnk
2013-11-27 20:15 - 2013-11-27 20:15 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-11-27 20:15 - 2013-11-27 20:15 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Malwarebytes
2013-11-27 20:14 - 2013-11-27 20:14 - 00000000 ____D C:\Users\TEMP\AppData\Local\Macromedia
2013-11-27 20:12 - 2013-11-28 21:06 - 00000000 ____D C:\Users\TEMP\AppData\Local\Mozilla
2013-11-27 20:12 - 2013-11-27 20:13 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
2013-11-27 20:05 - 2013-11-27 20:05 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Avira
2013-11-27 20:01 - 2013-11-27 20:01 - 00109280 _____ C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-27 19:59 - 2013-11-27 19:59 - 00001425 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 19:59 - 2013-11-27 19:59 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\Startmenü
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\Netzwerkumgebung
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\Druckumgebung
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Musik
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Bilder
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Verlauf
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2013-11-27 19:59 - 2012-04-11 16:40 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2013-11-27 19:59 - 2011-10-14 13:23 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2013-11-27 19:59 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-27 19:59 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-19 09:21 - 2013-11-19 09:21 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-19 09:21 - 2013-11-19 09:21 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-19 09:21 - 2013-11-19 09:21 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-19 09:21 - 2013-11-19 09:21 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-19 09:21 - 2013-11-19 09:21 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-19 09:21 - 2013-11-19 09:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-19 09:20 - 2013-11-19 09:25 - 00010261 _____ C:\Windows\IE11_main.log
2013-11-17 16:16 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-17 16:16 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-17 16:16 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-17 16:16 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-17 16:16 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-17 16:16 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-17 16:16 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-17 16:16 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-17 16:16 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-17 16:16 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-17 16:16 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-17 16:16 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-17 16:16 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-17 16:15 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-17 16:15 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-17 16:15 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-17 16:15 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-17 16:15 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

==================== One Month Modified Files and Folders =======

2013-11-28 21:11 - 2013-11-28 21:10 - 00012319 _____ C:\Users\TEMP\Downloads\FRST.txt
2013-11-28 21:11 - 2011-10-12 17:15 - 01317788 _____ C:\Windows\WindowsUpdate.log
2013-11-28 21:09 - 2013-11-28 21:09 - 01092049 _____ (Farbar) C:\Users\TEMP\Downloads\FRST.exe
2013-11-28 21:09 - 2013-11-28 21:09 - 00000000 ____D C:\FRST
2013-11-28 21:09 - 2009-07-14 05:34 - 00020528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-28 21:09 - 2009-07-14 05:34 - 00020528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-28 21:07 - 2013-11-28 21:07 - 00001167 _____ C:\Users\A-CO\Desktop\Continue Zip Extractor Installation.lnk
2013-11-28 21:07 - 2013-11-28 21:07 - 00001151 _____ C:\Users\TEMP\Desktop\Continue Zip Extractor Installation.lnk
2013-11-28 21:06 - 2013-11-27 20:12 - 00000000 ____D C:\Users\TEMP\AppData\Local\Mozilla
2013-11-28 21:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2013-11-27 21:16 - 2009-07-14 05:39 - 00088216 _____ C:\Windows\setupact.log
2013-11-27 20:15 - 2013-11-27 20:15 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-11-27 20:15 - 2013-11-27 20:15 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Malwarebytes
2013-11-27 20:14 - 2013-11-27 20:14 - 00000000 ____D C:\Users\TEMP\AppData\Local\Macromedia
2013-11-27 20:13 - 2013-11-27 20:12 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
2013-11-27 20:05 - 2013-11-27 20:05 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Avira
2013-11-27 20:01 - 2013-11-27 20:01 - 00109280 _____ C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-27 19:59 - 2013-11-27 19:59 - 00001425 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-27 19:59 - 2013-11-27 19:59 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\Startmenü
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\Netzwerkumgebung
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\Druckumgebung
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Musik
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Bilder
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Verlauf
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2013-11-27 19:59 - 2013-11-27 19:59 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2013-11-27 19:59 - 2013-09-14 18:46 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-27 19:56 - 2013-02-17 12:28 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-27 19:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-19 09:35 - 2011-10-13 08:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-19 09:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-19 09:35 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2013-11-19 09:25 - 2013-11-19 09:20 - 00010261 _____ C:\Windows\IE11_main.log
2013-11-19 09:21 - 2013-11-19 09:21 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-19 09:21 - 2013-11-19 09:21 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-19 09:21 - 2013-11-19 09:21 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-19 09:21 - 2013-11-19 09:21 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-19 09:21 - 2013-11-19 09:21 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-19 09:21 - 2013-11-19 09:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-18 09:37 - 2012-07-22 08:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-18 07:17 - 2013-04-20 10:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-18 07:14 - 2011-10-12 18:00 - 00000000 ____D C:\Program Files\McAfee
2013-11-18 07:11 - 2010-11-20 22:48 - 00359318 _____ C:\Windows\PFRO.log
2013-11-17 19:26 - 2013-08-13 22:09 - 00000000 ____D C:\Windows\system32\MRT
2013-11-17 19:22 - 2011-10-13 11:06 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-17 16:10 - 2010-11-20 22:01 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 22:39 - 2013-05-15 19:33 - 00000000 ____D C:\Users\ACO\AppData\Roaming\Spotify
2013-11-11 21:10 - 2013-05-15 19:33 - 00000000 ____D C:\Users\ACO\AppData\Local\Spotify

Some content of TEMP:
====================
C:\Users\ACO\AppData\Local\Temp\AskSLib.dll
C:\Users\ACO\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\ACO\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\ACO\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ACO\AppData\Local\Temp\ose00000.exe
C:\Users\ACO\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\ACO\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TEMP\AppData\Local\Temp\ICReinstall_ZipExtractorSetup(1).exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 19:33

==================== End Of Log ============================
--- --- ---


Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-11-2013
Ran by ACO at 2013-11-28 21:12:30
Running from C:\Users\TEMP\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1&1 Surf-Stick (Version: 1.0.0.2)
AAVUpdateManager (Version: 18.00.0000)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Apago PDF Shrink 4.5 (Version: 4.5)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
AudibleManager (Version: 2009160416.48.56.7277938)
Avira Free Antivirus (Version: 13.0.0.4052)
Batch PDF Merger (Version: 2.1)
BitGuard
Bonjour (Version: 3.0.0.10)
CDBurnerXP (Version: 4.4.0.2971)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delta toolbar  (Version: 1.8.16.16)
ElsterFormular (Version: 13.3.0.9066)
Free YouTube to MP3 Converter version 3.12.2.426 (Version: 3.12.2.426)
FreeCompressor (Version: 2.5855.00016)
FreePDF (Remove only)
GPL Ghostscript (Version: 9.04)
Hotspot Shield 2.53 (Version: 2.53)
Iminent (Version: 5.26.21.0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel(R) TV Wizard
iTunes (Version: 10.5.0.142)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 30 (Version: 6.0.300)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee SiteAdvisor (Version: 3.6.160)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MozBackup 1.5.1
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MyFreeCodec
PC Connectivity Solution (Version: 8.47.7.0)
PDF Blender
Poladroid (Version: 0.9.6.0)
RedMon - Redirection Port Monitor
Samsung Kies (Version: 2.0.1.11053_99)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.8.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.3 (Version: 6.3.107)
Steuer-Spar-Erklärung 2012 (Version: 17.11)
Steuer-Spar-Erklärung 2013 (Version: 18.09)
Synovel Spicebird (0.8) (Version: 0.8 (en-US))
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0002)
TIPCI (Version: 2.00.0002)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VLC media player 1.1.11 (Version: 1.1.11)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {078A1738-C982-4D99-AE92-59E47B656C60} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {64D26F2B-274D-42F0-BAD7-A4977D296333} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {92854446-0BE6-46D4-81BD-13A8ADB280BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A6BBB0BD-959A-4709-B3DB-B5C3F285232D} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {CE337BC3-3D1A-4E4B-A963-1326519DB6D4} - System32\Tasks\{D982CAF8-2A27-4927-B400-EE0CFC8DF73C} => F:\DCIM\101_AUCT\CIMG0047.exe
Task: {D9B32823-3B35-4638-B224-B11FC894CE56} - System32\Tasks\EPUpdater => C:\Users\ACO\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] ()

==================== Loaded Modules (whitelisted) =============

2013-11-04 21:47 - 2013-10-22 16:09 - 02735584 _____ () C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-11-27 19:59 - 2013-11-18 15:31 - 03618304 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
2013-04-20 10:12 - 2013-11-18 07:17 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-08-30 19:04 - 2013-08-30 19:04 - 16166280 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2013 10:17:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (11/27/2013 10:17:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (11/27/2013 10:17:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/27/2013 10:16:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00118f87
ID des fehlerhaften Prozesses: 0xa00
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (11/27/2013 07:59:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: ACO-PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (11/27/2013 07:59:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: ACO-PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (11/27/2013 07:59:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: ACO-PC)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (11/27/2013 07:59:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
 for C:\Users\ACO\ntuser.dat

Error: (11/27/2013 07:57:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 09:32:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/27/2013 07:56:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.

Error: (11/27/2013 07:55:52 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen.

Error: (11/19/2013 09:03:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.

Error: (11/18/2013 09:38:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.

Error: (11/18/2013 07:14:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.

Error: (11/18/2013 07:12:15 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen.

Error: (11/17/2013 04:04:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.

Error: (11/10/2013 10:36:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.

Error: (11/04/2013 09:34:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.

Error: (10/23/2013 08:35:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" ist von folgendem Dienst abhängig: taphss. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (11/27/2013 10:17:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (11/27/2013 10:17:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (11/27/2013 10:17:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/27/2013 10:16:43 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f87a0001ceeba4abde7ed0C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll36771177-57a9-11e3-843f-001d72c50398

Error: (11/27/2013 07:59:01 PM) (Source: Microsoft-Windows-User Profiles Service)(User: ACO-PC)
Description:

Error: (11/27/2013 07:59:01 PM) (Source: Microsoft-Windows-User Profiles Service)(User: ACO-PC)
Description:

Error: (11/27/2013 07:59:01 PM) (Source: Microsoft-Windows-User Profiles Service)(User: ACO-PC)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (11/27/2013 07:59:01 PM) (Source: Microsoft-Windows-User Profiles Service)(User: NT-AUTORITÄT)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\ACO\ntuser.dat

Error: (11/27/2013 07:57:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 09:32:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 2038.43 MB
Available physical RAM: 824.84 MB
Total Pagefile: 4076.86 MB
Available Pagefile: 2261.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.07 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:79.31 GB) (Free:18.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:12.47 GB) NTFS
Drive e: (PETRA_SHAPE_RELAX) (CDROM) (Total:1.84 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 34FE34FD)
Partition 2: (Active) - (Size=79 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 29.11.2013 15:41
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55