Windows 7 weißer Sperrbildschirm/ Abgesicherter Modus funktioniert nicht / LogFile mit OTLPE erstellt

kuba1506 · 28.10.2013, 22:26

Hallo Leute...
mein Laptop bootet leider nicht mehr vollständig. Sobald ich mein Passwort eingebe kommt ein weißer Bildschirm und ich kann nix mehr tun.

Abgesicherter Modus funktioniert ebenfallls nicht. Ich habe nun mit ner DVD mit OTLPE gebootet und einen Scan durchgeführt(im Verzeichnis C:/Windows mit allen Usern. Das Logfile befindet sich im Anhang.(In 2 Textdateien aufgeteilt)

Ich kann mit dem Logfile selber nix anfangen und bräuchte nun Hilfe wie ich das Problem fixxen kann.

Was soll ich tun?

aharonov · 29.10.2013, 00:31

Hallo,

kannst du nach diesem Fix den Rechner wieder normal starten?

Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL
O20 - HKU\Désiré_ON_D Winlogon: Shell - (C:\Users\Désiré\AppData\Roaming\skype.dat) - D:\Users\Désiré\AppData\Roaming\skype.dat ()
[2013/10/28 15:14:07 | 000,000,004 | ---- | M] () -- D:\Users\Désiré\AppData\Roaming\skype.ini
O20 - HKU\Gast_ON_D Winlogon: Shell - (C:\Users\Gast\AppData\Roaming\skype.dat) - D:\Users\Gast\AppData\Roaming\skype.dat ()
[2013/03/18 15:19:33 | 000,000,153 | ---- | C] () -- D:\ProgramData\5417466.reg
[2013/03/18 15:19:33 | 000,000,061 | ---- | C] () -- D:\ProgramData\5417466.bat
[2013/03/18 15:19:31 | 095,023,320 | ---- | C] () -- D:\ProgramData\5417466.pad
[2013/02/25 18:29:53 | 000,000,153 | ---- | C] () -- D:\ProgramData\7557944.reg
[2013/02/25 18:29:53 | 000,000,061 | ---- | C] () -- D:\ProgramData\7557944.bat
[2013/02/25 18:29:47 | 095,023,320 | ---- | C] () -- D:\ProgramData\7557944.pad
[2012/09/14 19:37:14 | 083,023,306 | ---- | C] () -- D:\ProgramData\dsgsdgdsgdsgw.pad
[2012/09/14 10:51:28 | 000,076,348 | ---- | C] () -- D:\ProgramData\rxdoaolxeyseqif
[2012/09/09 08:22:06 | 000,000,051 | ---- | C] () -- D:\ProgramData\tvqmdpetkolnsbc
[2012/08/08 08:32:00 | 004,503,728 | ---- | C] () -- D:\ProgramData\ldsw_0paos.pad
[2012/07/26 14:56:27 | 004,503,728 | ---- | C] () -- D:\ProgramData\z7_0ytr.pad
[2012/07/11 02:02:40 | 000,000,051 | ---- | C] () -- D:\ProgramData\lbbfjbxztttpryj
[2013/05/19 08:17:22 | 000,000,000 | ---D | M] -- D:\ProgramData\1634F
[2013/02/14 11:31:56 | 000,000,000 | ---D | M] -- D:\ProgramData\3846
[2013/04/28 10:48:35 | 000,000,000 | ---D | M] -- D:\ProgramData\flbyibeilfhgfov
[2013/04/28 10:48:35 | 000,000,000 | ---D | M] -- D:\ProgramData\wbmvmucgsbmenoq
[2013/04/28 10:48:35 | 000,000,000 | ---D | M] -- D:\ProgramData\wdjjptjayrbnfdn
@Alternate Data Stream - 97 bytes -> D:\ProgramData\Temp:71FA8B7F
@Alternate Data Stream - 143 bytes -> D:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> D:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 140 bytes -> D:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 135 bytes -> D:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 125 bytes -> D:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 121 bytes -> D:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> D:\ProgramData\Temp:E3C56885

Klicke jetzt auf den Fix Button.
Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
Kopiere nun dessen Inhalt hier in deinen Thread.

kuba1506 · 29.10.2013, 14:19

Vielen Dank für deine Hilfe.

Den Fix habe mit dem angegebenen Text ausgeführt und der hat auch funktioniert. Als ich dann das System neugestartet hab kam ein ganz kurzer Bluescreen und der Laptop hat sich wieder neugestartet. Ich komm nun weder normal in das System noch in den abgesicherten Modus. Immer wieder kommt der kurze Bluescreen(der ist so kurz ich kann nicht erkennen was da steht) und er startet sich neu.

Weißt du einen Rat?

aharonov · 29.10.2013, 14:40

Dann schauen wir mal mit FRST:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

kuba1506 · 29.10.2013, 19:21

So hier das geforderte Logfile von frst

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe

aharonov · 29.10.2013, 21:59

Das ist irgendwie ein Customscan-Skript für OTL, aber unmöglich ein FRST-Log...

Dieses müsste FRST.txt heissen und auf dem USB-Stick gespeichert worden sein.

kuba1506 · 29.10.2013, 22:06

Upps..sry bin in der Zeile verrutscht das müsste jetzt das Richtige sein

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by SYSTEM on MININT-KAOJ4UV on 30-10-2013 01:19:19
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-04-28] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-06-18] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-06-18] (Iminent)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
HKU\Désiré\...\Run: [Desk 365] - C:\Program Files (x86)\Desk 365\desk365.exe [916048 2013-06-14] (337 Technology Limited.)
HKU\Désiré\...\Run: [WebCake Desktop] - C:\Users\Désiré\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-06-07] (WebCake LLC)
HKU\Désiré\...\Run: [Pokki] - C:\Users\Désiré\AppData\Local\Pokki\v0.260.10.204\pokki.exe [5639448 2013-01-25] (Pokki)
HKU\Désiré\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
HKU\Gast\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL     C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll  [1530792 2012-11-26] (iMesh, Inc)
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL     C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll  [1188776 2012-11-26] (iMesh, Inc)
Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter

==================== Services (Whitelisted) =================

S4 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342168 2012-12-09] (PCRx.com, LLC)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-04-28] (Kaspersky Lab ZAO)
S2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [424016 2013-06-14] (337 Technology Limited.)
S4 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [314736 2010-07-12] (Egis Technology Inc. )
S4 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [822304 2010-06-15] (Acer Incorporated)
S2 eSafeSvc; C:\ProgramData\eSafe\eGdpSvc.exe [360512 2013-06-14] (eSafe Security Co., Ltd.)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.)
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2864448 2013-10-21] (Iminent)
S2 WebCake Desktop Updater; C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [23552 2013-06-07] (WebCake LLC)

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38456 2013-02-11] (GFI Software)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-28] (GFI Software)
S3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-08-31] (Windows (R) Win 7 DDK provider)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-28] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55056 2013-04-28] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-28] (Kaspersky Lab ZAO)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
S3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation)
S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
S3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro )
S3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s217mdfl; C:\Windows\System32\DRIVERS\s217mdfl.sys [19496 2007-11-02] (MCCI Corporation)
S3 s217mdm; C:\Windows\System32\DRIVERS\s217mdm.sys [145448 2007-11-02] (MCCI Corporation)
S3 s217mgmt; C:\Windows\System32\DRIVERS\s217mgmt.sys [130088 2007-11-02] (MCCI Corporation)
S3 s217nd5; C:\Windows\System32\DRIVERS\s217nd5.sys [33832 2007-11-02] (MCCI Corporation)
S3 s217obex; C:\Windows\System32\DRIVERS\s217obex.sys [124968 2007-11-02] (MCCI Corporation)
S3 s217unic; C:\Windows\System32\DRIVERS\s217unic.sys [138792 2007-11-02] (MCCI)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-05-19] (CyberLink Corp.)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-28] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 01:19 - 2013-10-30 01:19 - 00000000 ____D C:\FRST
2013-10-29 20:31 - 2013-10-29 20:31 - 00000000 _____ C:\Recovery.txt
2013-10-29 16:09 - 2013-10-29 16:09 - 00000000 ____D C:\_OTL
2013-10-28 21:32 - 2013-10-28 23:19 - 00166874 _____ C:\OTL.Txt
2013-10-22 03:38 - 2013-10-22 03:38 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-10-21 13:25 - 2013-10-21 13:25 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2013-10-21 00:46 - 2013-10-21 00:46 - 00001058 _____ C:\Windows\WindowsUpdate.log
2013-10-06 18:56 - 2013-10-06 18:56 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

==================== One Month Modified Files and Folders =======

2013-10-30 01:19 - 2013-10-30 01:19 - 00000000 ____D C:\FRST
2013-10-29 20:31 - 2013-10-29 20:31 - 00000000 _____ C:\Recovery.txt
2013-10-29 16:09 - 2013-10-29 16:09 - 00000000 ____D C:\_OTL
2013-10-28 23:19 - 2013-10-28 21:32 - 00166874 _____ C:\OTL.Txt
2013-10-28 21:25 - 2013-05-12 12:19 - 00000000 ____D C:\users\Gast
2013-10-28 21:25 - 2010-12-24 08:30 - 00000000 ____D C:\users\Désiré
2013-10-28 21:24 - 2013-04-28 04:01 - 00000000 ____D C:\users\Administrator
2013-10-28 11:46 - 2013-06-14 04:00 - 00000000 ____D C:\ProgramData\eSafe
2013-10-28 11:46 - 2013-06-14 04:00 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-10-28 11:46 - 2013-04-28 04:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-28 11:46 - 2013-03-29 15:11 - 00019061 _____ C:\Windows\setupact.log
2013-10-28 11:46 - 2010-12-28 08:48 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-28 11:46 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 11:25 - 2012-08-09 02:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 11:22 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 11:22 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 11:19 - 2010-10-04 11:11 - 00689668 _____ C:\Windows\System32\perfh007.dat
2013-10-28 11:19 - 2010-10-04 11:11 - 00139708 _____ C:\Windows\System32\perfc007.dat
2013-10-28 11:19 - 2009-07-13 21:13 - 01581170 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-28 11:07 - 2013-06-14 03:59 - 00000360 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-10-28 11:06 - 2010-12-28 08:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-28 10:54 - 2013-06-24 06:15 - 00000000 ____D C:\Users\Désiré\AppData\Local\Pokki
2013-10-28 10:43 - 2013-06-30 12:52 - 00000004 _____ C:\Users\Gast\AppData\Roaming\skype.ini
2013-10-28 10:38 - 2013-06-24 06:29 - 00000000 ____D C:\Users\Gast\AppData\Local\CrashDumps
2013-10-22 03:45 - 2013-06-14 04:00 - 00000000 ____D C:\Users\Désiré\AppData\Roaming\WebCake
2013-10-22 03:38 - 2013-10-22 03:38 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-10-21 13:25 - 2013-10-21 13:25 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2013-10-21 12:40 - 2011-12-12 10:43 - 00000000 ____D C:\Windows\pss
2013-10-21 00:46 - 2013-10-21 00:46 - 00001058 _____ C:\Windows\WindowsUpdate.log
2013-10-19 01:01 - 2012-08-09 02:08 - 00002431 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-15 13:58 - 2010-12-24 08:30 - 00000000 __SHD C:\Recovery
2013-10-15 04:13 - 2013-06-24 06:24 - 00000000 ____D C:\Users\Désiré\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-10-14 09:23 - 2013-06-30 13:06 - 00000000 ____D C:\Users\Désiré\AppData\Local\CrashDumps
2013-10-14 09:17 - 2013-03-29 15:10 - 00007538 _____ C:\Windows\PFRO.log
2013-10-14 09:13 - 2013-06-14 04:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Desk 365
2013-10-08 21:38 - 2010-12-28 08:48 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-08 21:38 - 2010-12-28 08:48 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-06 18:56 - 2013-10-06 18:56 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-10-06 18:56 - 2010-12-28 08:47 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

ZeroAccess:
C:\Windows\Installer\{f41d4045-9230-bf06-8637-2820cee121d3}
C:\Windows\Installer\{f41d4045-9230-bf06-8637-2820cee121d3}\@
C:\Windows\Installer\{f41d4045-9230-bf06-8637-2820cee121d3}\L\00000004.@
C:\Windows\Installer\{f41d4045-9230-bf06-8637-2820cee121d3}\L\1afb2d56
C:\Windows\Installer\{f41d4045-9230-bf06-8637-2820cee121d3}\L\201d3dde
C:\Windows\Installer\{f41d4045-9230-bf06-8637-2820cee121d3}\L\24fb4792
C:\Windows\Installer\{f41d4045-9230-bf06-8637-2820cee121d3}\L\4cce1f70
C:\Windows\Installer\{f41d4045-9230-bf06-8637-2820cee121d3}\L\76603ac3

ZeroAccess:
C:\Users\Désiré\AppData\Local\{f41d4045-9230-bf06-8637-2820cee121d3}
C:\Users\Désiré\AppData\Local\{f41d4045-9230-bf06-8637-2820cee121d3}\@
C:\Users\Désiré\AppData\Local\{f41d4045-9230-bf06-8637-2820cee121d3}\L\00000004.@

Files to move or delete:
====================
C:\Users\Désiré\AppData\Roaming\AltShell.ini
C:\Users\Gast\AppData\Roaming\skype.ini
C:\ProgramData\l_0_00_re.pad


Some content of TEMP:
====================
C:\Users\Désiré\AppData\Local\Temp\d5580771-11e9-49b2-8ff9-826ab030cfe5.exe
C:\Users\Désiré\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Désiré\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Désiré\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Désiré\AppData\Local\Temp\IminentSetup.exe
C:\Users\Désiré\AppData\Local\Temp\install_flashplayer11x32ax_aih.exe
C:\Users\Désiré\AppData\Local\Temp\k4q5qqu0.dll
C:\Users\Désiré\AppData\Local\Temp\Setup__2140_il50863.exe
C:\Users\Désiré\AppData\Local\Temp\version51030bc4470a0.exe
C:\Users\Gast\AppData\Local\Temp\0xbgqgno.dll
C:\Users\Gast\AppData\Local\Temp\m53lhr44.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 3764.48 MB
Available physical RAM: 3048.91 MB
Total Pagefile: 3762.63 MB
Available Pagefile: 3047.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.16 GB) (Free:380.94 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:13.4 GB) NTFS
Drive g: () (Removable) (Total:7.25 GB) (Free:5.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: E1BA5632)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=448 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-10-21 23:13

==================== End Of Log ============================

--- --- ---

[/CODE]

aharonov · 29.10.2013, 22:21

Ja das ist richtig.
Versuch bitte diesen Fix. Erscheint danach immer noch ein Bluescreen, wenn du nach Windows starten willst?

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Désiré\AppData\Local\Temp\*.exe
C:\Users\Désiré\AppData\Local\Temp\*.dll
C:\Users\Gast\AppData\Local\Temp\*.dll
C:\Users\Désiré\AppData\Roaming\AltShell.ini
C:\Users\Gast\AppData\Roaming\skype.ini
C:\ProgramData\l_0_00_re.pad
HKU\Désiré\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
HKU\Gast\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
C:\Windows\Installer\{f41d4045-9230-bf06-8637-2820cee121d3}
C:\Users\Désiré\AppData\Local\{f41d4045-9230-bf06-8637-2820cee121d3}

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

kuba1506 · 29.10.2013, 22:55

Hi vielen Dank für deine Hilfe. Hier ist das Fixlog. Er zeigt mir nach wie vor einen Bluescreen an

Code:

ATTFilter

C:\Users\Désiré\AppData\Local\Temp\*.exe
C:\Users\Désiré\AppData\Local\Temp\*.dll
C:\Users\Gast\AppData\Local\Temp\*.dll
C:\Users\Désiré\AppData\Roaming\AltShell.ini
C:\Users\Gast\AppData\Roaming\skype.ini
C:\ProgramData\l_0_00_re.pad
HKU\Désiré\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
HKU\Gast\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
C:\Windows\Installer\{f41d4045-9230-bf06-8637-2820cee121d3}
C:\Users\Désiré\AppData\Local\{f41d4045-9230-bf06-8637-2820cee121d3}

aharonov · 29.10.2013, 22:58

Dann mach bitte einen neuen FRST-Scan und poste das Log.

kuba1506 · 29.10.2013, 23:06

Ok hier das neue LOG-File

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by SYSTEM on MININT-9C7AM8D on 30-10-2013 05:03:28
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-04-28] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-06-18] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-06-18] (Iminent)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
HKU\Désiré\...\Run: [Desk 365] - C:\Program Files (x86)\Desk 365\desk365.exe [916048 2013-06-14] (337 Technology Limited.)
HKU\Désiré\...\Run: [WebCake Desktop] - C:\Users\Désiré\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-06-07] (WebCake LLC)
HKU\Désiré\...\Run: [Pokki] - C:\Users\Désiré\AppData\Local\Pokki\v0.260.10.204\pokki.exe [5639448 2013-01-25] (Pokki)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL     C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll  [1530792 2012-11-26] (iMesh, Inc)
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL     C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll  [1188776 2012-11-26] (iMesh, Inc)
Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter

==================== Services (Whitelisted) =================

S4 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342168 2012-12-09] (PCRx.com, LLC)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-04-28] (Kaspersky Lab ZAO)
S2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [424016 2013-06-14] (337 Technology Limited.)
S4 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [314736 2010-07-12] (Egis Technology Inc. )
S4 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [822304 2010-06-15] (Acer Incorporated)
S2 eSafeSvc; C:\ProgramData\eSafe\eGdpSvc.exe [360512 2013-06-14] (eSafe Security Co., Ltd.)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.)
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2864448 2013-10-21] (Iminent)
S2 WebCake Desktop Updater; C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [23552 2013-06-07] (WebCake LLC)

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38456 2013-02-11] (GFI Software)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-28] (GFI Software)
S3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-08-31] (Windows (R) Win 7 DDK provider)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-28] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55056 2013-04-28] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-28] (Kaspersky Lab ZAO)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
S3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation)
S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
S3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro )
S3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s217mdfl; C:\Windows\System32\DRIVERS\s217mdfl.sys [19496 2007-11-02] (MCCI Corporation)
S3 s217mdm; C:\Windows\System32\DRIVERS\s217mdm.sys [145448 2007-11-02] (MCCI Corporation)
S3 s217mgmt; C:\Windows\System32\DRIVERS\s217mgmt.sys [130088 2007-11-02] (MCCI Corporation)
S3 s217nd5; C:\Windows\System32\DRIVERS\s217nd5.sys [33832 2007-11-02] (MCCI Corporation)
S3 s217obex; C:\Windows\System32\DRIVERS\s217obex.sys [124968 2007-11-02] (MCCI Corporation)
S3 s217unic; C:\Windows\System32\DRIVERS\s217unic.sys [138792 2007-11-02] (MCCI)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-05-19] (CyberLink Corp.)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-28] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 01:19 - 2013-10-30 01:19 - 00000000 ____D C:\FRST
2013-10-29 20:31 - 2013-10-29 20:31 - 00000000 _____ C:\Recovery.txt
2013-10-29 16:09 - 2013-10-29 16:09 - 00000000 ____D C:\_OTL
2013-10-28 21:32 - 2013-10-28 23:19 - 00166874 _____ C:\OTL.Txt
2013-10-22 03:38 - 2013-10-22 03:38 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-10-21 13:25 - 2013-10-21 13:25 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2013-10-21 00:46 - 2013-10-21 00:46 - 00001058 _____ C:\Windows\WindowsUpdate.log
2013-10-06 18:56 - 2013-10-06 18:56 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

==================== One Month Modified Files and Folders =======

2013-10-30 01:19 - 2013-10-30 01:19 - 00000000 ____D C:\FRST
2013-10-29 20:31 - 2013-10-29 20:31 - 00000000 _____ C:\Recovery.txt
2013-10-29 16:09 - 2013-10-29 16:09 - 00000000 ____D C:\_OTL
2013-10-28 23:19 - 2013-10-28 21:32 - 00166874 _____ C:\OTL.Txt
2013-10-28 21:25 - 2013-05-12 12:19 - 00000000 ____D C:\users\Gast
2013-10-28 21:25 - 2010-12-24 08:30 - 00000000 ____D C:\users\Désiré
2013-10-28 21:24 - 2013-04-28 04:01 - 00000000 ____D C:\users\Administrator
2013-10-28 11:46 - 2013-06-14 04:00 - 00000000 ____D C:\ProgramData\eSafe
2013-10-28 11:46 - 2013-06-14 04:00 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-10-28 11:46 - 2013-04-28 04:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-28 11:46 - 2013-03-29 15:11 - 00019061 _____ C:\Windows\setupact.log
2013-10-28 11:46 - 2010-12-28 08:48 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-28 11:46 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 11:25 - 2012-08-09 02:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 11:22 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 11:22 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 11:19 - 2010-10-04 11:11 - 00689668 _____ C:\Windows\System32\perfh007.dat
2013-10-28 11:19 - 2010-10-04 11:11 - 00139708 _____ C:\Windows\System32\perfc007.dat
2013-10-28 11:19 - 2009-07-13 21:13 - 01581170 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-28 11:07 - 2013-06-14 03:59 - 00000360 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-10-28 11:06 - 2010-12-28 08:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-28 10:54 - 2013-06-24 06:15 - 00000000 ____D C:\Users\Désiré\AppData\Local\Pokki
2013-10-28 10:38 - 2013-06-24 06:29 - 00000000 ____D C:\Users\Gast\AppData\Local\CrashDumps
2013-10-22 03:45 - 2013-06-14 04:00 - 00000000 ____D C:\Users\Désiré\AppData\Roaming\WebCake
2013-10-22 03:38 - 2013-10-22 03:38 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-10-21 13:25 - 2013-10-21 13:25 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2013-10-21 12:40 - 2011-12-12 10:43 - 00000000 ____D C:\Windows\pss
2013-10-21 00:46 - 2013-10-21 00:46 - 00001058 _____ C:\Windows\WindowsUpdate.log
2013-10-19 01:01 - 2012-08-09 02:08 - 00002431 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-15 13:58 - 2010-12-24 08:30 - 00000000 __SHD C:\Recovery
2013-10-15 04:13 - 2013-06-24 06:24 - 00000000 ____D C:\Users\Désiré\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-10-14 09:23 - 2013-06-30 13:06 - 00000000 ____D C:\Users\Désiré\AppData\Local\CrashDumps
2013-10-14 09:17 - 2013-03-29 15:10 - 00007538 _____ C:\Windows\PFRO.log
2013-10-14 09:13 - 2013-06-14 04:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Desk 365
2013-10-08 21:38 - 2010-12-28 08:48 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-08 21:38 - 2010-12-28 08:48 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-06 18:56 - 2013-10-06 18:56 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-10-06 18:56 - 2010-12-28 08:47 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-06 18:54 - 2013-10-06 18:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 3764.48 MB
Available physical RAM: 3049.64 MB
Total Pagefile: 3762.63 MB
Available Pagefile: 3041.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.16 GB) (Free:380.94 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:13.4 GB) NTFS
Drive g: () (Removable) (Total:7.25 GB) (Free:5.43 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: E1BA5632)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=448 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-10-21 23:13

==================== End Of Log ============================

--- --- ---

--- --- ---

aharonov · 29.10.2013, 23:12

Und du kannst die Angaben des Bluescreens nicht erkennen?

Versuch mal die Startreperatur: Wieder in die Reperaturoptionen starten wie beim FRST-Scan, aber dann nicht "Eingabeaufforderung" auswählen, sondern "Systemstartreperatur". Hilft das was?

kuba1506 · 30.10.2013, 16:23

Ich hab grad nochmal rumprobiert und jetzt kann ich die Funktion das er beim Systemfehler neustartet deaktivieren. Welche Angaben vom Bluescreen brauchst du genau? Das was nach dem STOP steht?(STOP:0x0000007B (0xFFFFFF880009A9928,0xFFFFFFFFC0000034,0x0000000000000000,0x0000000000000000))

Nachdem ich jetzt im Bootmenü auf IDE umgestellt hab startet der Rechner wieder normal ins Windows :-)...er lässt sich jetzt wieder normal bedienen...Vielen Dank...Was empfiehlst du mir jetzt als nächstes?

aharonov · 30.10.2013, 16:51

Sehr gut. Dann weiter im normalen Modus:
Verschiebe die frst64.exe vom USB-Stick auf den Desktop.

Starte dann FRST.
Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

kuba1506 · 30.10.2013, 17:56

Hier die Logfiles

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Désiré (administrator) on DÉSIRÉ-PC on 30-10-2013 23:19:46
Running from C:\Users\Désiré\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(337 Technology Limited.) C:\Program Files (x86)\Desk 365\deskSvc.exe
(eSafe Security Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(WebCake LLC) C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Pokki) C:\Users\Désiré\AppData\Local\Pokki\v0.260.10.204\pokki.exe
(337 Technology Limited.) C:\Program Files (x86)\Desk 365\desk365.exe
(WebCake LLC) C:\Users\Désiré\AppData\Roaming\WebCake\WebCakeDesktop.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
(Pokki) C:\Users\Désiré\AppData\Local\Pokki\v0.260.10.204\pokki.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Desk 365] - C:\Program Files (x86)\Desk 365\desk365.exe [916048 2013-06-14] (337 Technology Limited.)
HKCU\...\Run: [WebCake Desktop] - C:\Users\Désiré\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-06-07] (WebCake LLC)
HKCU\...\Run: [Pokki] - C:\Users\Désiré\AppData\Local\Pokki\v0.260.10.204\pokki.exe [5639448 2013-01-25] (Pokki)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Désiré\AppData\Local\{f41d4045-9230-bf06-8637-2820cee121d3}\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {3a104968-14ef-11e0-9add-4c0f6e5f66fc} - E:\AutoRun.exe
MountPoints2: {3a104970-14ef-11e0-9add-4c0f6e5f66fc} - E:\AutoRun.exe
MountPoints2: {93c6d965-4e44-11e0-9481-c80aa9c6aa3a} - E:\AutoRun.exe
MountPoints2: {93c6d974-4e44-11e0-9481-c80aa9c6aa3a} - E:\AutoRun.exe
MountPoints2: {93c6d976-4e44-11e0-9481-c80aa9c6aa3a} - E:\AutoRun.exe
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-04-28] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-06-18] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-06-18] (Iminent)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL     C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll  [1530792 2012-11-27] (iMesh, Inc)
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL     C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll  [1188776 2012-11-27] (iMesh, Inc)
Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=1371211212
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=1371211212
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=1371211212
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=1371211212
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=1371211212
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=1371211212
URLSearchHook: HKLM-x32 - Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files (x86)\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - GIGA Deutsch Toolbar - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)
URLSearchHook: HKCU - Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files (x86)\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
URLSearchHook: HKCU - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
URLSearchHook: HKCU - GIGA Deutsch Toolbar - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)
URLSearchHook: HKCU - Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=1371211212
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=3407924
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=3407924
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1663835329424447&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=4611423733694245&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4934305384514423&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=3407924
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=3407924
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1663835329424447&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=4611423733694245&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4934305384514423&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=3407924
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=55555&tt=5212_2&babsrc=SP_def&mntrId=52049e3b0000000000004c0f6e5f66fc
SearchScopes: HKCU - {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=52049e3b0000000000004c0f6e5f66fc&tlver=1.4.19.19&ss=1&affID=17395
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=3407924
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=A05A966FF4E7D2EC4D21E651562844F8&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=1663835329424447&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=4611423733694245&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4934305384514423&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80760&lng=de
SearchScopes: HKCU - {CD10120B-C165-4f8d-8C74-639629E238FF} URL = hxxp://mystart.magentic.com/?search={searchTerms}&loc=search_box
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/mb44/?search={searchTerms}&loc=search_box&u=1036325712529923874
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\x64\BrowserConnection.dll (iMesh, Inc)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Magentic Toolbar - {07C92F45-3193-4FD9-AF54-B1925707C872} - C:\Program Files (x86)\magentictb\magenticDx.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: GIGA Deutsch Toolbar - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)
BHO-x32: ConvertionOneIEBHO Class - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\ConversionOneIE.dll (Conversion One GmbH)
BHO-x32: Search-Results Toolbar - {31d8407c-62e4-4125-a4a9-717efb1a56ae} - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Updater For Magentic Toolbar - {B3312915-9368-4FE4-8D4E-B60E5B36D0FF} - C:\Program Files (x86)\magentictb\auxi\magenticAu.dll (Visicom Media)
BHO-x32: Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files (x86)\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
BHO-x32: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\BrowserConnection.dll (iMesh, Inc)
BHO-x32: No Name - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll (Inbox.com, Inc.)
BHO-x32: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
BHO-x32: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files (x86)\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Magentic Toolbar - {07C92F45-3193-4FD9-AF54-B1925707C872} - C:\Program Files (x86)\magentictb\magenticDx.dll ()
Toolbar: HKLM-x32 - GIGA Deutsch Toolbar - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll No File
Toolbar: HKLM-x32 - Search-Results Toolbar - {31d8407c-62e4-4125-a4a9-717efb1a56ae} - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} -  No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll (Inbox.com, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1

FireFox:
========
FF ProfilePath: C:\Users\Désiré\AppData\Roaming\Mozilla\Firefox\Profiles\05a7nit4.default
FF user.js: detected! => C:\Users\Désiré\AppData\Roaming\Mozilla\Firefox\Profiles\05a7nit4.default\user.js
FF DefaultSearchEngine: qvo6
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=1371211212
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF Extension: WebCake - C:\Users\Désiré\AppData\Roaming\Mozilla\Firefox\Profiles\05a7nit4.default\Extensions\plugin@getwebcake.com
FF Extension: webbooster - C:\Users\Désiré\AppData\Roaming\Mozilla\Firefox\Profiles\05a7nit4.default\Extensions\webbooster@iminent.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
FF Extension:  Password Bank Extension  - C:\Program Files (x86)\Acer Bio Protection\FFExt
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF Extension: Babylon Translation Activation - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF HKCU\...\Firefox\Extensions: [finder@meingutscheincode.de] - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
FF Extension: No Name - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS545050B9A300_100924PBN40417F2SMSEX&ts=1371211212

Chrome: 
=======
CHR Extension: (AppGraffiti - Free Facebook Layouts) - C:\Users\DSIR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\angobeimajilfhlcpeiccndaifchnppl\1.0.0.11_0
CHR Extension: (Babylon Translator) - C:\Users\DSIR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0
CHR Extension: (preisspion.de) - C:\Users\DSIR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.2_0
CHR Extension: (SecureSearch) - C:\Users\DSIR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.1_0
CHR Extension: (RebateInformer) - C:\Users\DSIR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal\1.0.0.8_0
CHR HKLM-x32\...\Chrome\Extension: [angobeimajilfhlcpeiccndaifchnppl] - C:\Program Files (x86)\AppGraffiti\Chrome\graff_chr.crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCake\WebCakeLayers.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx
CHR HKLM-x32\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files (x86)\RebateInformer\Chrome\rebateinformer_c.crx
CHR HKLM-x32\...\Chrome\Extension: [ofahndfepeaeelmhdkjiihmofnokhmik] - C:\Users\DSIR~1\AppData\Local\Temp\tbch.crx

==================== Services (Whitelisted) =================

S4 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342168 2012-12-09] (PCRx.com, LLC)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-04-28] (Kaspersky Lab ZAO)
R2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [424016 2013-06-14] (337 Technology Limited.)
S4 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [314736 2010-07-13] (Egis Technology Inc. )
S4 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [822304 2010-06-15] (Acer Incorporated)
R2 eSafeSvc; C:\ProgramData\eSafe\eGdpSvc.exe [360512 2013-06-14] (eSafe Security Co., Ltd.)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2864448 2013-10-21] (Iminent)
R2 WebCake Desktop Updater; C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [23552 2013-06-07] (WebCake LLC)

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38456 2013-02-11] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-28] (GFI Software)
R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-08-31] (Windows (R) Win 7 DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55056 2013-04-28] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-28] (Kaspersky Lab ZAO)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation)
S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro )
S3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s217mdfl; C:\Windows\System32\DRIVERS\s217mdfl.sys [19496 2007-11-02] (MCCI Corporation)
S3 s217mdm; C:\Windows\System32\DRIVERS\s217mdm.sys [145448 2007-11-02] (MCCI Corporation)
S3 s217mgmt; C:\Windows\System32\DRIVERS\s217mgmt.sys [130088 2007-11-02] (MCCI Corporation)
S3 s217nd5; C:\Windows\System32\DRIVERS\s217nd5.sys [33832 2007-11-02] (MCCI Corporation)
S3 s217obex; C:\Windows\System32\DRIVERS\s217obex.sys [124968 2007-11-02] (MCCI Corporation)
S3 s217unic; C:\Windows\System32\DRIVERS\s217unic.sys [138792 2007-11-02] (MCCI)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-05-19] (CyberLink Corp.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-28] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 23:19 - 2013-10-29 19:16 - 01956538 _____ (Farbar) C:\Users\Désiré\Desktop\FRST64.exe
2013-10-30 10:19 - 2013-10-30 10:19 - 00000000 ____D C:\FRST
2013-10-30 01:09 - 2013-10-30 01:09 - 00000000 ____D C:\_OTL
2013-10-29 06:32 - 2013-10-29 08:19 - 00166874 _____ C:\OTL.Txt
2013-10-22 12:38 - 2013-10-22 12:38 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-10-21 22:25 - 2013-10-21 22:25 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2013-10-21 09:46 - 2013-10-21 09:46 - 00001058 _____ C:\Windows\WindowsUpdate.log
2013-10-07 03:56 - 2013-10-07 03:56 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-10-07 03:54 - 2013-10-07 03:54 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-07 03:54 - 2013-10-07 03:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

==================== One Month Modified Files and Folders =======

2013-10-30 23:19 - 2013-03-30 00:11 - 00019968 _____ C:\Windows\setupact.log
2013-10-30 23:18 - 2013-06-14 12:59 - 00000360 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-10-30 23:17 - 2013-06-14 13:00 - 00000000 ____D C:\ProgramData\eSafe
2013-10-30 23:17 - 2013-06-14 13:00 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-10-30 23:17 - 2013-04-28 13:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-30 23:17 - 2010-12-28 17:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 23:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-30 22:26 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 22:26 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 22:25 - 2012-08-09 11:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 22:24 - 2010-10-04 20:11 - 00689668 _____ C:\Windows\system32\perfh007.dat
2013-10-30 22:24 - 2010-10-04 20:11 - 00139708 _____ C:\Windows\system32\perfc007.dat
2013-10-30 22:24 - 2009-07-14 06:13 - 01581170 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-30 22:20 - 2013-06-24 15:15 - 00000000 ____D C:\Users\Désiré\AppData\Local\Pokki
2013-10-30 10:19 - 2013-10-30 10:19 - 00000000 ____D C:\FRST
2013-10-30 01:09 - 2013-10-30 01:09 - 00000000 ____D C:\_OTL
2013-10-29 19:16 - 2013-10-30 23:19 - 01956538 _____ (Farbar) C:\Users\Désiré\Desktop\FRST64.exe
2013-10-29 08:19 - 2013-10-29 06:32 - 00166874 _____ C:\OTL.Txt
2013-10-29 06:25 - 2013-05-12 21:19 - 00000000 ____D C:\Users\Gast
2013-10-29 06:25 - 2010-12-24 17:30 - 00000000 ____D C:\Users\Désiré
2013-10-29 06:24 - 2013-04-28 13:01 - 00000000 ____D C:\Users\Administrator
2013-10-28 20:46 - 2010-12-28 17:48 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-28 19:38 - 2013-06-24 15:29 - 00000000 ____D C:\Users\Gast\AppData\Local\CrashDumps
2013-10-22 12:45 - 2013-06-14 13:00 - 00000000 ____D C:\Users\Désiré\AppData\Roaming\WebCake
2013-10-22 12:38 - 2013-10-22 12:38 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-10-21 22:25 - 2013-10-21 22:25 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2013-10-21 21:40 - 2011-12-12 19:43 - 00000000 ____D C:\Windows\pss
2013-10-21 09:46 - 2013-10-21 09:46 - 00001058 _____ C:\Windows\WindowsUpdate.log
2013-10-19 10:01 - 2012-08-09 11:08 - 00002431 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-15 22:58 - 2010-12-24 17:30 - 00000000 __SHD C:\Recovery
2013-10-15 13:13 - 2013-06-24 15:24 - 00000000 ____D C:\Users\Désiré\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-10-14 18:23 - 2013-06-30 22:06 - 00000000 ____D C:\Users\Désiré\AppData\Local\CrashDumps
2013-10-14 18:17 - 2013-03-30 00:10 - 00007538 _____ C:\Windows\PFRO.log
2013-10-14 18:13 - 2013-06-14 13:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Desk 365
2013-10-09 06:38 - 2010-12-28 17:48 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-09 06:38 - 2010-12-28 17:48 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-07 03:56 - 2013-10-07 03:56 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-10-07 03:56 - 2010-12-28 17:47 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-07 03:54 - 2013-10-07 03:54 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-07 03:54 - 2013-10-07 03:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-22 08:13

==================== End Of Log ============================

--- --- ---

--- --- ---

[/CODE]

Addition-Log

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013
Ran by Désiré at 2013-10-30 23:21:03
Running from C:\Users\Désiré\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

24x7 Help (x32 Version: 2.1.0.22)
Acer Arcade Deluxe (x32 Version: 4.1.8012)
Acer Arcade Instant On (x32 Version: 3.0.35.1)
Acer Arcade Movie (x32 Version: 9.0.6625)
Acer Backup Manager (x32 Version: 2.0.1.68)
Acer Bio Protection (x32 Version: 7.0.40.0)
Acer Crystal Eye Webcam (x32 Version: 5.2.19.3)
Acer eRecovery Management (x32 Version: 4.05.3013)
Acer GameZone Console (x32 Version: 6.1.0.9)
Acer PowerSmart Manager (x32 Version: 5.01.3003)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0309.2010)
Acer Updater (x32 Version: 1.02.3001)
Acer VCM (x32 Version: 4.05.3002)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.5.0.1060)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.202)
Adobe Reader 9.2 MUI (x32 Version: 9.2.0)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)
Airport Mania First Flight (x32)
Amazonia (x32)
AppGraffiti (x32 Version: 1.0.0.33)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.33)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Babylon (x32)
Babylon toolbar  (x32 Version: 1.8.7.2)
Backup Manager Advance (x32 Version: 2.0.1.68)
BearShare (x32 Version: 10.0.0.131750)
Big Fish Games: Game Manager (x32 Version: 2.0.0.28)
BioExcess (Version: 7.0.40.0)
Cake Mania (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Light (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0421.657.10561)
Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561)
Catalyst Control Center Localization All (x32 Version: 2010.0421.657.10561)
CCC Help Chinese Standard (x32 Version: 2010.0421.0656.10561)
CCC Help Chinese Traditional (x32 Version: 2010.0421.0656.10561)
CCC Help Czech (x32 Version: 2010.0421.0656.10561)
CCC Help Danish (x32 Version: 2010.0421.0656.10561)
CCC Help Dutch (x32 Version: 2010.0421.0656.10561)
CCC Help English (x32 Version: 2010.0421.0656.10561)
CCC Help Finnish (x32 Version: 2010.0421.0656.10561)
CCC Help French (x32 Version: 2010.0421.0656.10561)
CCC Help German (x32 Version: 2010.0421.0656.10561)
CCC Help Greek (x32 Version: 2010.0421.0656.10561)
CCC Help Hungarian (x32 Version: 2010.0421.0656.10561)
CCC Help Italian (x32 Version: 2010.0421.0656.10561)
CCC Help Japanese (x32 Version: 2010.0421.0656.10561)
CCC Help Korean (x32 Version: 2010.0421.0656.10561)
CCC Help Norwegian (x32 Version: 2010.0421.0656.10561)
CCC Help Polish (x32 Version: 2010.0421.0656.10561)
CCC Help Portuguese (x32 Version: 2010.0421.0656.10561)
CCC Help Russian (x32 Version: 2010.0421.0656.10561)
CCC Help Spanish (x32 Version: 2010.0421.0656.10561)
CCC Help Swedish (x32 Version: 2010.0421.0656.10561)
CCC Help Thai (x32 Version: 2010.0421.0656.10561)
CCC Help Turkish (x32 Version: 2010.0421.0656.10561)
ccc-core-static (x32 Version: 2010.0421.657.10561)
ccc-utility64 (Version: 2010.0421.657.10561)
Desk 365 (x32 Version: 1.12.16)
DEUTSCHLAND SPIELT GAME CENTER (x32 Version: 1.2009.10.29)
Die*Sims™*3 (x32 Version: 1.0.631)
Dream Day First Home (x32)
EA Download Manager (x32 Version: 5.0.0.255)
eBay Worldwide (x32 Version: 2.1.0901)
Elf 1.15 Toolbar (x32 Version: 6.3.0.26)
eSafe Security Control 1.0.0.2405 (x32 Version: 1.0.0.2405)
eSobi v2 (x32 Version: 2.0.4.000274)
Farm Frenzy 2 (x32)
Farm Frenzy 3 - Madagaskar (x32)
Farm Frenzy Pizza Party (x32)
Fingerprint Solution (x32 Version: 7.0.40.0)
Galapago (x32)
GIGA Deutsch Toolbar (x32 Version: 6.4.0.12)
Google Chrome (x32 Version: 30.0.1599.101)
Google Drive (x32 Version: 1.12.5329.1887)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Heroes of Hellas (x32)
Identity Card (x32 Version: 1.00.3003)
iLivid (x32 Version: 4.0.0.2466)
iMesh (x32 Version: 11.0.0.130401)
Iminent (x32 Version: 6.25.21.0)
Inbox Toolbar (x32 Version: 2.0.0.46)
IncrediMail (x32 Version: 6.2.5.4835)
IncrediMail 2.0 (x32 Version: 6.2.5.4835)
IncrediMail MediaBar 2 Toolbar (x32 Version: 6.1.0.7)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java Auto Updater (x32 Version: 2.0.4.1)
Java(TM) 6 Update 25 (x32 Version: 6.0.250)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190)
Launch Manager (x32 Version: 4.0.14)
Machinarium (x32)
Magentic (x32 Version:  1.3.1.957)
Magentic Toolbar (x32 Version: 3.0.0.14)
MediaShow Espresso (x32 Version: 5.5.1403_23691)
Mein Gutscheincode Finder 1.0.0.0 (x32 Version: 1.0.0.0)
Meine kleine Farm 3 (x32 Version: 1.0.0.0)
Meine kleine Farm 3: Ice Age (x32 Version: 1.0.0.0)
Merriam Websters Spell Jam (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version: 3.1.212.0)
MyWinLocker Suite (x32 Version: 3.1.212.0)
Norton Online Backup (x32 Version: 2.1.17869)
NTI Backup Now 5 (x32 Version: 5.1.2.630)
NTI Backup Now Standard (x32 Version: 5.1.2.630)
NTI Media Maker 8 (x32 Version: 8.0.12.6636)
Nuvoton CIR Device Drivers (x32 Version: 8.60.2002)
O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00)
O2Micro 1394 OHCI Compliant Host Controller Driver (x32 Version: 1.0.00)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.37.D)
O2Micro Flash Memory Card Windows Driver (x32 Version: 2.0.37.D)
Photo to Cartoon (x32 Version: 1.0.0)
PhotoScape (x32)
Poker Pop (x32)
PokerStars.net (x32)
Pokki (HKCU Version: 0.260.10.204)
PX Profile Update (x32 Version: 1.00.1.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6072)
RebateInformer (x32 Version: 1.0.0.83)
Search-Results Toolbar (x32 Version: 1.0.0.12)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
Snagit 11 (x32 Version: 11.2.1)
Software Version Updater (x32 Version: 1.1.3.7)
Spin & Win (x32)
Synaptics Pointing Device Driver (Version: 15.0.12.2)
Torch (HKCU Version: 25.0.0.3359)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
WebCake 3.00 (Version: 3.00)
web'n'walk Manager (x32 Version: 11.002.04.03.55)
webXvid Codec (x32 Version: 3.6)
Welcome Center (x32 Version: 1.02.3004)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {084B8C91-D10D-4F8C-8FAF-F9D5F11455B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28] (Google Inc.)
Task: {3204C91C-6F90-4780-8446-D65BA0610628} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {37F73A0D-A8D3-40ED-A60E-29409D7A2339} - System32\Tasks\{48A97F71-BEC4-4097-B6BB-CC0905747F02} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe
Task: {70DFA566-F7C2-4620-887A-0ADC6F00E441} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9940AD70-1D44-4EC3-A6D9-1677AE34479C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28] (Google Inc.)
Task: {A64FF82E-F53C-41C7-8D97-190BF3C24A9B} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe [2013-06-14] (337 Technology Limited.)
Task: {CCC64ED1-52A4-46B9-BD3E-6BDAB3683C58} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Désiré\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\MinibarChrome.exe [2013-06-24] (Sien SA)
Task: {D9AB68D1-ACCA-49A0-9531-BE9DE5D723C8} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {E335B29C-8E83-4B5C-9582-1DC9A91FD1E8} - System32\Tasks\AmiUpdXp => C:\Users\Désiré\AppData\Local\SwvUpdater\Updater.exe [2013-06-14] (Amonetize ltd.)
Task: {FC258501-EAC2-4C6F-8B64-3D7C4536F396} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-23] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Désiré\AppData\Local\SwvUpdater\Updater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-25 23:05 - 2013-01-25 23:05 - 01511704 _____ () C:\Users\Désiré\AppData\Local\Pokki\ocdeskband_0.dll
2013-06-14 13:00 - 2013-06-14 13:00 - 00612432 _____ () C:\Program Files (x86)\Desk 365\sqlite3.dll
2012-08-17 20:39 - 2013-04-28 13:32 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2012-12-05 23:23 - 2012-12-05 23:23 - 01093646 _____ () C:\Users\Désiré\AppData\Local\Pokki\v0.260.10.204\avcodec-53.dll
2012-12-05 23:23 - 2012-12-05 23:23 - 00117262 _____ () C:\Users\Désiré\AppData\Local\Pokki\v0.260.10.204\avutil-51.dll
2012-12-05 23:23 - 2012-12-05 23:23 - 00184846 _____ () C:\Users\Désiré\AppData\Local\Pokki\v0.260.10.204\avformat-53.dll
2013-01-25 23:01 - 2013-01-25 23:01 - 00061952 _____ () C:\Users\Désiré\AppData\Local\Pokki\v0.260.10.204\chrome.dll
2013-06-14 13:00 - 2013-06-14 13:00 - 00230480 _____ () C:\Program Files (x86)\Desk 365\edeskcmn.dll
2013-06-14 13:00 - 2013-06-14 13:00 - 00181840 _____ () C:\Program Files (x86)\Desk 365\libpng.dll
2013-06-14 13:00 - 2013-06-14 13:00 - 00099408 _____ () C:\Program Files (x86)\Desk 365\mbdet.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2012-08-17 20:40 - 2012-08-17 20:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2013 11:17:33 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (10/30/2013 10:22:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd03d
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009c524
ID des fehlerhaften Prozesses: 0xdd0
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3

Error: (10/30/2013 10:20:38 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (10/28/2013 08:25:20 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/28/2013 08:07:29 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (10/28/2013 07:55:04 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (10/27/2013 09:10:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GoogleCrashHandler64.exe, Version: 1.3.21.165, Zeitstempel: 0x5238b8e2
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009c524
ID des fehlerhaften Prozesses: 0xcc4
Startzeit der fehlerhaften Anwendung: 0xGoogleCrashHandler64.exe0
Pfad der fehlerhaften Anwendung: GoogleCrashHandler64.exe1
Pfad des fehlerhaften Moduls: GoogleCrashHandler64.exe2
Berichtskennung: GoogleCrashHandler64.exe3

Error: (10/27/2013 09:09:52 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/22/2013 03:05:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (10/22/2013 02:44:59 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


System errors:
=============
Error: (10/30/2013 11:17:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (10/30/2013 11:17:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (10/30/2013 11:17:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (10/30/2013 11:17:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/30/2013 10:22:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/30/2013 10:20:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (10/30/2013 10:20:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (10/30/2013 10:20:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (10/30/2013 10:20:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (10/28/2013 08:46:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (10/30/2013 11:17:33 PM) (Source: Iminent)(User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (10/30/2013 10:22:12 PM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7600.163854a5bd03dntdll.dll6.1.7600.169154ec4b137c0000005000000000009c524dd001ced5b6178fd855C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\SYSTEM32\ntdll.dll56c9c9ba-41a9-11e3-a017-4c0f6e5f66fc

Error: (10/30/2013 10:20:38 PM) (Source: Iminent)(User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (10/28/2013 08:25:20 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/28/2013 08:07:29 PM) (Source: Iminent)(User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (10/28/2013 07:55:04 PM) (Source: Iminent)(User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
   bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   bei System.Delegate.DynamicInvokeImpl(Object[] args)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (10/27/2013 09:10:03 PM) (Source: Application Error)(User: )
Description: GoogleCrashHandler64.exe1.3.21.1655238b8e2ntdll.dll6.1.7600.169154ec4b137c0000005000000000009c524cc401ced3508402a092C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exeC:\Windows\SYSTEM32\ntdll.dllc369eb65-3f43-11e3-8163-c80aa9c6aa3a

Error: (10/27/2013 09:09:52 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/22/2013 03:05:34 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (10/22/2013 02:44:59 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


CodeIntegrity Errors:
===================================
  Date: 2013-10-22 16:05:26.857
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 16:05:26.842
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 16:05:26.842
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 16:05:26.810
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 16:05:26.795
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 16:05:26.795
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-19 11:00:33.064
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-19 11:00:33.048
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-19 11:00:33.048
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-19 11:00:33.017
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 3764.48 MB
Available physical RAM: 2435.71 MB
Total Pagefile: 7527.11 MB
Available Pagefile: 6052.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.16 GB) (Free:380.92 GB) NTFS
Drive e: () (Removable) (Total:7.25 GB) (Free:5.43 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: E1BA5632)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=448 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

29.10.2013, 21:59	#6
aharonov /// TB-Ausbilder	Windows 7 weißer Sperrbildschirm/ Abgesicherter Modus funktioniert nicht / LogFile mit OTLPE erstellt Das ist irgendwie ein Customscan-Skript für OTL, aber unmöglich ein FRST-Log... Dieses müsste FRST.txt heissen und auf dem USB-Stick gespeichert worden sein. __________________ --> Windows 7 weißer Sperrbildschirm/ Abgesicherter Modus funktioniert nicht / LogFile mit OTLPE erstellt

29.10.2013, 22:58	#10
aharonov /// TB-Ausbilder	Windows 7 weißer Sperrbildschirm/ Abgesicherter Modus funktioniert nicht / LogFile mit OTLPE erstellt Dann mach bitte einen neuen FRST-Scan und poste das Log. __________________ cheers, Leo

29.10.2013, 23:12	#12
aharonov /// TB-Ausbilder	Windows 7 weißer Sperrbildschirm/ Abgesicherter Modus funktioniert nicht / LogFile mit OTLPE erstellt Und du kannst die Angaben des Bluescreens nicht erkennen? Versuch mal die Startreperatur: Wieder in die Reperaturoptionen starten wie beim FRST-Scan, aber dann nicht "Eingabeaufforderung" auswählen, sondern "Systemstartreperatur". Hilft das was? __________________ cheers, Leo

Windows 7 weißer Sperrbildschirm/ Abgesicherter Modus funktioniert nicht / LogFile mit OTLPE erstellt

Log-Analyse und Auswertung: Windows 7 weißer Sperrbildschirm/ Abgesicherter Modus funktioniert nicht / LogFile mit OTLPE erstellt