Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7. Bei Start weißer Bildschirm. PC durch Interpool gesperrt (https://www.trojaner-board.de/142669-windows-7-start-weisser-bildschirm-pc-interpool-gesperrt.html)

Phil84 07.10.2013 16:36
Windows 7. Bei Start weißer Bildschirm. PC durch Interpool gesperrt
 
Hallo,

zunächst vielen Dank und Lob für dieses Forum. Vorab schonmal Sorry. Bin neu im Forum und Foren generell eher selten genutzt.

Leider hat es nun einen meiner Rechner erwischt. Bei Starten von Windows 7 (64) öffnet sich leider ein weißer Bildschirm mit dem Text : Dieser PC ist von der Regierung gesperrt... Interpol... Zahlen Sie bitte 100 €"

Mein Rechner hat 2 Laufwerke/ Partitionen. (1 x Windows als Admin, und 1 x ohne Admin für den täglichen Gebrauch) Das Laufwerk für den täglichen Gebrauch ist das Problem.

Ich habe nach Recherche im Forum bereits eine frst Datei erstellt. Allerdings über das Windows Laufwerk (das keine Probleme hat). Um das für das "Problem-Laufwerk zu" erstellen muss ich Admin-Rechte zuweisen. Soll ich dass noch machen oder reicht die hier gepostete frst. Datei aus. (Sorry, bin halt unbedarft)

Dankeschön und Grüße

Phil

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-R6UPG8T on 07-10-2013 17:12:41
Running from H:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe [2148664 2010-11-28] (BullGuard Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKU\Philipp\...\Run: [Steam] - D:\Steam\Steam.exe [1635752 2013-05-04] (Valve Corporation)
HKU\Philipp\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-28] (Google Inc.)
HKU\Philipp\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Philipp\...\Run: [iMeshInstall] - "C:\Users\Philipp\AppData\Local\Temp\iMeshInstaller\nslE88D.tmp.exe" /N <===== ATTENTION
HKU\Philipp\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [941968 2011-06-24] (Samsung)
HKU\Philipp\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-06-24] (Samsung Electronics Co., Ltd.)
HKU\Philipp\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-06-24] ()
HKU\Philipp und Marisa\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-28] (Google Inc.)
HKU\Philipp und Marisa\...\Run: [Cebutef] - "C:\Users\Philipp und Marisa\AppData\Roaming\Oloxn\vibyu.exe"
HKU\Philipp und Marisa\...\Run: [Erocbi] - "C:\Users\Philipp und Marisa\AppData\Roaming\Ythob\myote.exe"
HKU\Philipp und Marisa\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Philipp und Marisa\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\Philipp und Marisa\...\Run: [Aracecve] - "C:\Users\Philipp und Marisa\AppData\Roaming\Ycty\utyqo.exe"
HKU\Philipp und Marisa\...\Winlogon: [Shell] explorer.exe,C:\Users\Philipp und Marisa\AppData\Roaming\data.dat [69120 2013-08-02] () <==== ATTENTION

==================== Services (Whitelisted) =================

S2 AAV UpdateService; D:\Gemeinsamer Ordner\Steuererklaerung\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AdobeActiveFileMonitor7.0; D:\Adobe Photoshop\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [157576 2010-08-21] (BullGuard Ltd.)
S2 BsBrowser; C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll [73096 2010-08-21] (BullGuard Ltd.)
S2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [354648 2010-12-17] (BullGuard Ltd.)
S2 BsFire; C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll [529240 2010-12-17] (BullGuard Ltd.)
S2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [233864 2010-09-17] (BullGuard Ltd.)
S2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [244864 2011-01-21] (BullGuard Ltd.)
S3 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [341896 2010-10-09] (BullGuard Ltd.)
S2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [426328 2011-12-16] (BullGuard Ltd.)

==================== Drivers (Whitelisted) ====================

S1 AFW; C:\Windows\System32\DRIVERS\afw.sys [31768 2009-12-04] (Agnitum Ltd.)
S3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [413208 2009-12-04] (Agnitum Ltd.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-02-28] ()
S1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [63712 2010-12-17] (BullGuard Ltd.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-02-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 17:12 - 2013-10-07 17:12 - 00000000 ____D C:\FRST
2013-10-07 15:40 - 2013-10-07 15:40 - 01954124 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2013-10-06 15:57 - 2013-10-07 15:24 - 00000004 _____ C:\Users\Philipp und Marisa\AppData\Roaming\settings.ini
2013-10-06 15:55 - 2013-10-06 15:55 - 00069120 _____ C:\Users\Philipp und Marisa\uogxxhoaipqddommxce.bfg
2013-09-29 10:01 - 2013-09-29 17:28 - 02672500 _____ C:\Users\Philipp und Marisa\Desktop\Bastelanleitungen.pptx_=
2013-09-11 23:27 - 2013-08-10 06:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-11 23:27 - 2013-08-10 06:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-11 23:27 - 2013-08-10 06:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-11 23:27 - 2013-08-10 06:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-11 23:27 - 2013-08-10 06:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-11 23:27 - 2013-08-10 06:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-11 23:27 - 2013-08-10 06:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-11 23:27 - 2013-08-10 06:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-11 23:27 - 2013-08-10 06:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-11 23:27 - 2013-08-10 06:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-11 23:27 - 2013-08-10 06:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-11 23:27 - 2013-08-10 06:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-11 23:27 - 2013-08-10 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-11 23:27 - 2013-08-10 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-11 23:27 - 2013-08-10 04:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 23:27 - 2013-08-10 04:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 23:27 - 2013-08-10 04:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 23:27 - 2013-08-10 04:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-11 23:27 - 2013-08-10 04:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 23:27 - 2013-08-10 03:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-11 23:27 - 2013-08-10 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 22:45 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-11 22:45 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-11 22:45 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-11 22:45 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-11 22:45 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-11 22:45 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-11 22:45 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-11 22:45 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-11 22:45 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-11 22:45 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-11 22:45 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 22:45 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 22:45 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 22:45 - 2013-08-02 02:51 - 00069120 _____ C:\Users\Philipp und Marisa\AppData\Roaming\data.dat
2013-09-11 22:45 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 22:45 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 22:45 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-11 22:45 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-11 22:45 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 22:45 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 22:45 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 22:45 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 22:45 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 22:45 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-11 22:45 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-11 22:45 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 22:45 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 15:52 - 2013-09-20 16:52 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2013-10-07 17:12 - 2013-10-07 17:12 - 00000000 ____D C:\FRST
2013-10-07 16:09 - 2010-02-28 17:13 - 00072076 _____ C:\Windows\System32\config\afw_hm.conf
2013-10-07 16:09 - 2010-02-28 17:13 - 00000004 _____ C:\Windows\System32\config\afw_db.conf
2013-10-07 16:09 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 16:09 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 16:04 - 2013-05-08 16:33 - 00010760 _____ C:\Windows\setupact.log
2013-10-07 16:04 - 2010-03-01 18:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-07 16:04 - 2010-02-28 20:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 16:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 15:42 - 2010-02-28 16:24 - 01402356 _____ C:\Windows\WindowsUpdate.log
2013-10-07 15:40 - 2013-10-07 15:40 - 01954124 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2013-10-07 15:37 - 2009-07-14 18:58 - 00658988 _____ C:\Windows\System32\perfh007.dat
2013-10-07 15:37 - 2009-07-14 18:58 - 00132558 _____ C:\Windows\System32\perfc007.dat
2013-10-07 15:37 - 2009-07-14 06:13 - 01512418 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-07 15:34 - 2010-02-28 20:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 15:24 - 2013-10-06 15:57 - 00000004 _____ C:\Users\Philipp und Marisa\AppData\Roaming\settings.ini
2013-10-07 15:23 - 2010-02-28 17:11 - 00000000 ____D C:\ProgramData\BullGuard
2013-10-06 16:04 - 2010-02-28 19:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\Google
2013-10-06 16:02 - 2010-02-28 19:32 - 00121072 _____ C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-06 15:55 - 2013-10-06 15:55 - 00069120 _____ C:\Users\Philipp und Marisa\uogxxhoaipqddommxce.bfg
2013-10-06 15:55 - 2010-03-01 17:06 - 00000000 ____D C:\users\Philipp und Marisa
2013-10-06 15:52 - 2012-04-14 14:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 15:42 - 2010-05-10 19:45 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7EFB8ACB-BDE2-4E0F-B0AC-48A85114DCC4}
2013-10-03 14:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-09-29 17:28 - 2013-09-29 10:01 - 02672500 _____ C:\Users\Philipp und Marisa\Desktop\Bastelanleitungen.pptx_=
2013-09-28 11:35 - 2010-11-04 17:51 - 00000000 ____D C:\ProgramData\tmp
2013-09-28 11:33 - 2011-09-03 16:51 - 00001336 _____ C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk
2013-09-28 11:33 - 2011-09-03 16:51 - 00001311 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-09-20 16:52 - 2013-09-11 15:52 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-20 16:52 - 2012-04-14 14:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 16:52 - 2012-04-14 14:05 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 16:52 - 2011-07-09 13:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 15:50 - 2010-05-08 09:45 - 00000000 ____D C:\Users\Philipp und Marisa\AppData\Roaming\ZoomBrowser EX
2013-09-19 15:50 - 2010-05-08 09:40 - 00000000 ____D C:\Users\Philipp und Marisa\AppData\Roaming\CameraWindowDC
2013-09-16 13:02 - 2013-08-25 13:22 - 00000000 ____D C:\Windows\rescache
2013-09-12 13:19 - 2009-07-14 05:45 - 00449456 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 13:15 - 2010-02-28 18:25 - 00136512 _____ C:\Windows\PFRO.log
2013-09-11 23:25 - 2013-08-15 17:54 - 00000000 ____D C:\Windows\System32\MRT
2013-09-11 23:25 - 2010-03-07 12:23 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-11 23:25 - 2010-02-28 17:29 - 00000000 ____D C:\ProgramData\Microsoft Help

Files to move or delete:
====================
C:\Users\Philipp und Marisa\AppData\Roaming\data.dat
C:\Users\Philipp und Marisa\AppData\Roaming\settings.ini
C:\Users\Philipp und Marisa\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\installerdll.dll
C:\Users\Philipp\AppData\Local\Temp\ose00000.exe
C:\Users\Philipp\AppData\Local\Temp\uninstall.exe
C:\Users\Philipp\AppData\Local\Temp\_is1D9E.exe
C:\Users\Philipp und Marisa\AppData\Local\Temp\cdfrkfntwsnxriywhmv.exe
C:\Users\Philipp und Marisa\AppData\Local\Temp\EADF69D.exe
C:\Users\Philipp und Marisa\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Philipp und Marisa\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Philipp und Marisa\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Philipp und Marisa\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Philipp und Marisa\AppData\Local\Temp\ubi5CB7.tmp.exe
C:\Users\Philipp und Marisa\AppData\Local\Temp\ubiA1BB.tmp.exe
C:\Users\Philipp und Marisa\AppData\Local\Temp\ubiAA82.tmp.exe
C:\Users\Philipp und Marisa\AppData\Local\Temp\ubiAE2B.tmp.exe
C:\Users\Philipp und Marisa\AppData\Local\Temp\_is622C.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

1
Restore point made on: 2013-10-07 15:36:03

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4094.49 MB
Available physical RAM: 3463.38 MB
Total Pagefile: 4092.64 MB
Available Pagefile: 3464.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:57.1 GB) (Free:3.32 GB) NTFS
Drive d: () (Fixed) (Total:146.48 GB) (Free:3.72 GB) NTFS
Drive h: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:29.3 GB) (Free:29.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 9EE77545)
Partition 1: (Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=57 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6D258974)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-10-03 15:07

==================== End Of Log ============================

aharonov 07.10.2013 16:56
Hallo Phil,

startet der Rechner nach folgendem Fix wieder normal?



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Philipp und Marisa\...\Winlogon: [Shell] explorer.exe,C:\Users\Philipp und Marisa\AppData\Roaming\data.dat [69120 2013-08-02] () <==== ATTENTION
C:\Users\Philipp und Marisa\AppData\Roaming\Oloxn
HKU\Philipp und Marisa\...\Run: [Cebutef] - "C:\Users\Philipp und Marisa\AppData\Roaming\Oloxn\vibyu.exe"
HKU\Philipp und Marisa\...\Run: [Erocbi] - "C:\Users\Philipp und Marisa\AppData\Roaming\Ythob\myote.exe"
HKU\Philipp und Marisa\...\Run: [Aracecve] - "C:\Users\Philipp und Marisa\AppData\Roaming\Ycty\utyqo.exe"
C:\Users\Philipp und Marisa\AppData\Roaming\Ythob
C:\Users\Philipp und Marisa\AppData\Roaming\Ycty
C:\Users\Philipp und Marisa\AppData\Roaming\data.dat
C:\Users\Philipp und Marisa\AppData\Roaming\settings.ini
C:\Users\Philipp und Marisa\AppData\Roaming\i.ini
C:\Users\Philipp und Marisa\AppData\Local\Temp\*.exe
2013-10-06 15:57 - 2013-10-07 15:24 - 00000004 _____ C:\Users\Philipp und Marisa\AppData\Roaming\settings.ini
2013-10-06 15:55 - 2013-10-06 15:55 - 00069120 _____ C:\Users\Philipp und Marisa\uogxxhoaipqddommxce.bfg
CMD: dir /a/b "C:\Users\Philipp und Marisa\AppData\Roaming"
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Phil84 09.10.2013 16:25
Hallo,

jaaa! Das Profil funktioniert wieder. Vielen Dank zunächst dafür.
Sorry, bin erst heute dazu gekommen.

Hier die log-Datei:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-09 17:13:44 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Philipp und Marisa\...\Winlogon: [Shell] explorer.exe,C:\Users\Philipp und Marisa\AppData\Roaming\data.dat [69120 2013-08-02] () <==== ATTENTION
C:\Users\Philipp und Marisa\AppData\Roaming\Oloxn
HKU\Philipp und Marisa\...\Run: [Cebutef] - "C:\Users\Philipp und Marisa\AppData\Roaming\Oloxn\vibyu.exe"
HKU\Philipp und Marisa\...\Run: [Erocbi] - "C:\Users\Philipp und Marisa\AppData\Roaming\Ythob\myote.exe"
HKU\Philipp und Marisa\...\Run: [Aracecve] - "C:\Users\Philipp und Marisa\AppData\Roaming\Ycty\utyqo.exe"
C:\Users\Philipp und Marisa\AppData\Roaming\Ythob
C:\Users\Philipp und Marisa\AppData\Roaming\Ycty
C:\Users\Philipp und Marisa\AppData\Roaming\data.dat
C:\Users\Philipp und Marisa\AppData\Roaming\settings.ini
C:\Users\Philipp und Marisa\AppData\Roaming\i.ini
C:\Users\Philipp und Marisa\AppData\Local\Temp\*.exe
2013-10-06 15:57 - 2013-10-07 15:24 - 00000004 _____ C:\Users\Philipp und Marisa\AppData\Roaming\settings.ini
2013-10-06 15:55 - 2013-10-06 15:55 - 00069120 _____ C:\Users\Philipp und Marisa\uogxxhoaipqddommxce.bfg
CMD: dir /a/b "C:\Users\Philipp und Marisa\AppData\Roaming"
*****************

HKU\Philipp und Marisa\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Philipp und Marisa\AppData\Roaming\Oloxn => Moved successfully.
HKU\Philipp und Marisa\Software\Microsoft\Windows\CurrentVersion\Run\\Cebutef => Value deleted successfully.
HKU\Philipp und Marisa\Software\Microsoft\Windows\CurrentVersion\Run\\Erocbi => Value deleted successfully.
HKU\Philipp und Marisa\Software\Microsoft\Windows\CurrentVersion\Run\\Aracecve => Value deleted successfully.
C:\Users\Philipp und Marisa\AppData\Roaming\Ythob => Moved successfully.
C:\Users\Philipp und Marisa\AppData\Roaming\Ycty => Moved successfully.
C:\Users\Philipp und Marisa\AppData\Roaming\data.dat => Moved successfully.
C:\Users\Philipp und Marisa\AppData\Roaming\settings.ini => Moved successfully.
"C:\Users\Philipp und Marisa\AppData\Roaming\i.ini" => File/Directory not found.
C:\Users\Philipp und Marisa\AppData\Local\Temp\*.exe => Moved successfully.
"C:\Users\Philipp und Marisa\AppData\Roaming\settings.ini" => File/Directory not found.
C:\Users\Philipp und Marisa\uogxxhoaipqddommxce.bfg => Moved successfully.

=========  dir /a/b "C:\Users\Philipp und Marisa\AppData\Roaming" =========

Addiy
Adobe
Alguna
Amazon
ASCON Installer
Bioshock2
BullGuard
CameraWindowDC
Canon
CANON INC
elsterformular
GetRightToGo
Google
Identities
Ipbei
Kyaf
Logitech
Macromedia
Media Center Programs
Microsoft
Mozilla
ProtectDISC
Samsung
The Creative Assembly
Tropico 3
Tropico 4 Demo
Ubisoft
vlc
Vokea
Vosowe
Wargaming.net
WinRAR
ZoomBrowser EX

========= End of CMD: =========


==== End of Fixlog ====
Danke nochmals und Grüße

Phil

aharonov 09.10.2013 16:31
Ok, dann weiter:
Verschiebe die frst64.exe vom USB-Stick auf den Desktop.
  • Starte dann FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Phil84 12.10.2013 11:39
Hallo,

hier die die Addition txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Philipp und Marisa at 2013-10-12 12:33:08
Running from C:\Users\Philipp und Marisa\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: BullGuard Antivirus (Enabled - Up to date) {504FFF66-3028-EB7E-2E60-62B19ADD791C}
AS: BullGuard Antispyware (Enabled - Up to date) {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Enabled) {68747E43-7A47-EA26-053F-CB84640E3E67}

==================== Installed Programs ======================

AAVUpdateManager (x32 Version: 18.00.0000)
Adobe AIR (x32 Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0)
Adobe Reader 9.5.2 - Deutsch (x32 Version: 9.5.2)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
ANNO 2070 (x32 Version: 1.0.0.0)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Audiograbber MP3-Plugin (x32 Version: 1.0)
BioShock 2 (x32 Version: 1.0.0003.131)
BullGuard 9.0 (Version: 9.0)
Canon Easy-PhotoPrint EX (x32)
Canon Easy-WebPrint EX (x32)
Canon G.726 WMP-Decoder (x32 Version: 1.1.0.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.5.0.3)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.1.6)
Canon MG5300 series Benutzerregistrierung (x32)
Canon MG5300 series MP Drivers
Canon MG5300 series On-screen Manual (x32)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 2.6.0.4)
Canon MP Navigator EX 5.0 (x32)
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 0.9.3.9)
Canon Solution Menu EX (x32)
Canon Utilities CameraWindow (x32 Version: 7.1.0.2)
Canon Utilities CameraWindow DC (x32 Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (x32 Version: 6.4.2.16)
Canon Utilities MyCamera (x32 Version: 6.4.0.5)
Canon Utilities MyCamera DC (x32 Version: 7.0.1.8)
Canon Utilities PhotoStitch (x32 Version: 3.1.21.45)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (x32 Version: 6.1.0.20)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.1.0.8)
CDDRV_Installer (Version: 4.60)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Empire: Total War (x32)
erLT (x32 Version: 1.20.0137)
GM(S) - Toolbar (x32)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.153)
honestech Audio Recorder 2.0 Deluxe (x32 Version: 2.0)
Java 7 Update 7 (x32 Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 25 (x32 Version: 6.0.250)
JavaFX 2.1.1 (x32 Version: 2.1.1)
KhalInstallWrapper (Version: 2.00.0000)
Logitech SetPoint (x32 Version: 4.80)
Logitech Unifying-Software 2.10 (Version: 2.10.37)
Meine CEWE FOTOWELT (x32 Version: 5.0.4)
meinHausplaner (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
mp3-2-wav converter 1.14 (x32)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Display Control Panel (Version: 1.10)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.10.0222)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
Panzer Corps (x32 Version: 1.03)
PDF Reader (HKCU)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
PVSonyDll (Version: 1.00.0001)
QuickStores-Toolbar 1.2.0 (x32 Version: 1.2.0)
Samsung Kies (x32 Version: 2.0.1.11053_99)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2410.0)
Steam (x32 Version: 1.0.0.0)
Steuer-Spar-Erklärung 2013 (x32 Version: 18.08)
Sweet Home 3D version 3.6 (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
World of Tanks (x32)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-02-25 18:05 - 2010-02-25 18:05 - 00079696 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2010-04-15 13:33 - 2010-04-15 13:33 - 00597840 _____ () C:\Program Files\BullGuard Ltd\BullGuard\libxml2.dll
2010-03-10 18:44 - 2010-03-10 18:44 - 00091984 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll
2011-03-18 19:30 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-11-30 19:59 - 2010-11-30 19:59 - 00385664 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpBackupRes.dll
2011-01-21 19:33 - 2011-01-21 19:33 - 00433280 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpMainRes.dll
2010-04-15 13:33 - 2010-04-15 13:33 - 00599376 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2010-02-25 18:05 - 2010-02-25 18:05 - 00063824 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2011-07-19 18:39 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2013 04:58:19 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16686 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f5c

Startzeit: 01cec36d54ff67ee

Endzeit: 27

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (10/07/2013 04:40:49 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e98

Startzeit: 01cec36b2e932c81

Endzeit: 4

Anwendungspfad: C:\Users\Philipp\Downloads\FRST64.exe

Berichts-ID: 73232f1d-2f5e-11e3-a1b4-001a4d5f99a5

Error: (10/06/2013 05:05:21 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16686 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 494

Startzeit: 01cec2a544bf76a3

Endzeit: 7

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (10/06/2013 04:41:54 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16686 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7c4

Startzeit: 01cec2a1f7aa7656

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (10/03/2013 02:57:33 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16686 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c1c

Startzeit: 01cec037d4fc2e15

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (09/30/2013 07:56:07 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Das System kann die angegebene Datei nicht finden. (0x80070002)"

Error: (09/16/2013 11:57:23 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Das System kann die angegebene Datei nicht finden. (0x80070002)"

Error: (08/15/2013 06:14:34 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Das System kann die angegebene Datei nicht finden. (0x80070002)"

Error: (07/28/2013 05:43:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1106, Zeitstempel: 0x50f9458d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001a2519
ID des fehlerhaften Prozesses: 0x135c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/28/2013 02:49:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: AcroPDF.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50170017
Ausnahmecode: 0xc000041d
Fehleroffset: 0x671bad69
ID des fehlerhaften Prozesses: 0x498
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3


System errors:
=============
Error: (10/12/2013 11:35:55 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/09/2013 07:34:10 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/09/2013 06:50:53 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/09/2013 05:07:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/09/2013 05:07:41 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

Error: (10/07/2013 05:22:22 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/07/2013 05:20:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/07/2013 05:20:48 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

Error: (10/07/2013 04:22:03 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎06.‎10.‎2013 um 17:11:30 unerwartet heruntergefahren.

Error: (10/06/2013 05:04:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (10/07/2013 04:58:19 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16686f5c01cec36d54ff67ee27C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/07/2013 04:40:49 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.8.1e9801cec36b2e932c814C:\Users\Philipp\Downloads\FRST64.exe73232f1d-2f5e-11e3-a1b4-001a4d5f99a5

Error: (10/06/2013 05:05:21 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1668649401cec2a544bf76a37C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/06/2013 04:41:54 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.166867c401cec2a1f7aa76560C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/03/2013 02:57:33 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16686c1c01cec037d4fc2e154C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/30/2013 07:56:07 PM) (Source: Windows Backup)(User: )
Description: Das System kann die angegebene Datei nicht finden. (0x80070002)

Error: (09/16/2013 11:57:23 AM) (Source: Windows Backup)(User: )
Description: Das System kann die angegebene Datei nicht finden. (0x80070002)

Error: (08/15/2013 06:14:34 PM) (Source: Windows Backup)(User: )
Description: Das System kann die angegebene Datei nicht finden. (0x80070002)

Error: (07/28/2013 05:43:51 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921nvwgf2um.dll9.18.13.110650f9458dc0000005001a2519135c01ce8ba93e0a88c9C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\nvwgf2um.dll7f7bda93-f79c-11e2-bd3c-001a4d5f99a5

Error: (07/28/2013 02:49:52 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921AcroPDF.dll_unloaded0.0.0.050170017c000041d671bad6949801ce8b88d95d0d8eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEAcroPDF.dll319c5dd3-f784-11e2-84e2-001a4d5f99a5


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 4094.49 MB
Available physical RAM: 2240.3 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 5936.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:57.1 GB) (Free:2.98 GB) NTFS
Drive d: () (Fixed) (Total:146.48 GB) (Free:3.65 GB) NTFS
Drive g: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT

==================== MBR & Partition Table ==================

==================== End Of Log ============================

und die FRST txt


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Philipp und Marisa (ATTENTION: The logged in user is not administrator) on PHILIPP-PC on 12-10-2013 12:32:04
Running from C:\Users\Philipp und Marisa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Philipp und Marisa\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Honest Technology) C:\Program Files (x86)\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe [2148664 2010-11-28] (BullGuard Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-28] (Google Inc.)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Philipp und Marisa\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
AppInit_DLLs: BgGamingMonitor.dll [108368 2010-05-07] (BullGuard Ltd.)
AppInit_DLLs-x32: BgGamingMonitor.dll [98128 2010-05-07] (BullGuard Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD28D27E0C4DACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: BGAntiphishingBHO Class - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
BHO-x32: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BGAntiphishingBHO Class - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://fotomeyer.picserver.info/ImageUploader4.cab
Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9 09 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9 10 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9 21 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 05 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 06 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 07 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 08 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 09 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 10 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Winsock: Catalog9-x64 21 C:\Windows\system32\BGLsp.dll [174400] (BullGuard Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp und Marisa\AppData\Roaming\Mozilla\Firefox\Profiles\eb7edmrp.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Philipp und Marisa\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Google.src
FF Extension: QuickStores-Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\
FF Extension: BullGuard Antiphishing Toolbar - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin
FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter
FF Extension: BullGuard Spamfilter - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Gutscheinmieze-Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (Synatix GmbH)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Extension: (YouTube) - C:\Users\PHILIP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\PHILIP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\PHILIP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AAV UpdateService; D:\Gemeinsamer Ordner\Steuererklaerung\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AdobeActiveFileMonitor7.0; D:\Adobe Photoshop\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [157576 2010-08-21] (BullGuard Ltd.)
R2 BsBrowser; C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll [73096 2010-08-21] (BullGuard Ltd.)
R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [354648 2010-12-17] (BullGuard Ltd.)
R2 BsFire; C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll [529240 2010-12-17] (BullGuard Ltd.)
R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [233864 2010-09-17] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [244864 2011-01-21] (BullGuard Ltd.)
R3 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [341896 2010-10-09] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [426328 2011-12-16] (BullGuard Ltd.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [31768 2009-12-04] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [413208 2009-12-04] (Agnitum Ltd.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-02-28] ()
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [63712 2010-12-17] (BullGuard Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-02-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-12 12:31 - 2013-10-07 16:40 - 01954124 _____ (Farbar) C:\Users\Philipp und Marisa\Desktop\FRST64.exe
2013-10-09 19:35 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 19:35 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 19:35 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 19:35 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 19:35 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 19:35 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 19:35 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 19:35 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 19:35 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 19:35 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 19:34 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 17:33 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:33 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:32 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 17:32 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 17:32 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 17:32 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 17:32 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 17:32 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 17:32 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 17:32 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 17:32 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 17:32 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:32 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:32 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 17:32 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:32 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:32 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 17:32 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 17:32 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:32 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 17:32 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:32 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 17:32 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 17:32 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:32 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:32 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:32 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:32 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:32 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:32 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:32 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:32 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:32 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:31 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 17:31 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 17:31 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 17:31 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 17:31 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 17:31 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 17:31 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 17:31 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 17:31 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 17:31 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 17:31 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 17:31 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:31 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:31 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:30 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-07 18:12 - 2013-10-07 18:12 - 00000000 ____D C:\FRST
2013-10-07 16:40 - 2013-10-07 16:40 - 01954124 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2013-09-29 11:01 - 2013-09-29 18:28 - 02672500 _____ C:\Users\Philipp und Marisa\Desktop\Bastelanleitungen.pptx_=

==================== One Month Modified Files and Folders =======

2013-10-12 12:19 - 2009-07-14 19:58 - 00658988 _____ C:\Windows\system32\perfh007.dat
2013-10-12 12:19 - 2009-07-14 19:58 - 00132558 _____ C:\Windows\system32\perfc007.dat
2013-10-12 12:19 - 2009-07-14 07:13 - 01512418 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-12 12:04 - 2010-02-28 17:24 - 01465530 _____ C:\Windows\WindowsUpdate.log
2013-10-12 11:52 - 2012-04-14 15:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-12 11:35 - 2010-02-28 21:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 11:34 - 2010-02-28 21:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-12 11:28 - 2013-08-25 14:22 - 00000000 ____D C:\Windows\rescache
2013-10-12 11:27 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-12 11:27 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-12 10:49 - 2013-05-08 17:33 - 00012003 _____ C:\Windows\setupact.log
2013-10-12 10:46 - 2010-02-28 18:11 - 00000000 ____D C:\ProgramData\BullGuard
2013-10-12 10:42 - 2010-03-01 19:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-12 10:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-10 15:34 - 2009-07-14 06:45 - 00449456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 19:38 - 2010-02-28 18:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 19:28 - 2013-08-15 18:54 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 19:25 - 2010-03-07 13:23 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 18:52 - 2012-04-14 15:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 18:52 - 2011-07-09 14:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 18:13 - 2010-03-01 18:06 - 00000000 ____D C:\Users\Philipp und Marisa
2013-10-07 18:12 - 2013-10-07 18:12 - 00000000 ____D C:\FRST
2013-10-07 16:40 - 2013-10-12 12:31 - 01954124 _____ (Farbar) C:\Users\Philipp und Marisa\Desktop\FRST64.exe
2013-10-07 16:40 - 2013-10-07 16:40 - 01954124 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2013-10-06 17:04 - 2010-02-28 20:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\Google
2013-10-06 17:02 - 2010-02-28 20:32 - 00121072 _____ C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-06 17:01 - 2010-02-28 17:31 - 00001417 _____ C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-06 17:01 - 2010-02-28 17:30 - 00000000 ___RD C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 17:01 - 2010-02-28 17:30 - 00000000 ___RD C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-03 15:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-29 18:28 - 2013-09-29 11:01 - 02672500 _____ C:\Users\Philipp und Marisa\Desktop\Bastelanleitungen.pptx_=
2013-09-28 12:35 - 2010-11-04 18:51 - 00000000 ____D C:\ProgramData\tmp
2013-09-28 12:33 - 2011-09-03 17:51 - 00001336 _____ C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk
2013-09-28 12:33 - 2011-09-03 17:51 - 00001311 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-09-23 01:28 - 2013-10-09 19:35 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 19:35 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 01:27 - 2013-10-09 19:34 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 00:55 - 2013-10-09 19:35 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 19:35 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-09 19:35 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-09 19:35 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 05:38 - 2013-10-09 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-09 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-09 19:35 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-09 19:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-19 16:50 - 2010-05-08 10:45 - 00000000 ____D C:\Users\Philipp und Marisa\AppData\Roaming\ZoomBrowser EX
2013-09-19 16:50 - 2010-05-08 10:40 - 00000000 ____D C:\Users\Philipp und Marisa\AppData\Roaming\CameraWindowDC
2013-09-14 03:10 - 2013-10-09 17:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-12 14:20 - 2010-03-01 18:06 - 00000000 ___RD C:\Users\Philipp und Marisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 14:20 - 2010-03-01 18:06 - 00000000 ___RD C:\Users\Philipp und Marisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 14:15 - 2010-02-28 19:25 - 00136512 _____ C:\Windows\PFRO.log

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\installerdll.dll
C:\Users\Philipp\AppData\Local\Temp\ose00000.exe
C:\Users\Philipp\AppData\Local\Temp\uninstall.exe
C:\Users\Philipp\AppData\Local\Temp\_is1D9E.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---


Grüße (auch von den anderen Nutzern dieses Rechners :-) )
Phil

aharonov 13.10.2013 10:27
Hi,

kannst du FRST bitte noch einmal scannen lassen, aber dieses mal das Programm mit Rechtsklick -> Als Administrator ausführen.

Phil84 13.10.2013 13:13
Hallo,

na klar, gerne. Hätte ich mir eigentlich denken können.

FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Philipp (administrator) on PHILIPP-PC on 13-10-2013 14:09:21
Running from C:\Users\Philipp und Marisa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() D:\Gemeinsamer Ordner\Steuererklaerung\AAVUpdateManager\aavus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) D:\Adobe Photoshop\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Philipp und Marisa\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe
(Honest Technology) C:\Program Files (x86)\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe [1696088 2013-10-12] (BullGuard Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Steam] - D:\Steam\Steam.exe [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-28] (Google Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [iMeshInstall] - "C:\Users\Philipp\AppData\Local\Temp\iMeshInstaller\nslE88D.tmp.exe" /N <===== ATTENTION
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [941968 2011-06-24] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-06-24] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-06-24] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
AppInit_DLLs: BgGamingMonitor.dll [109912 2013-10-12] (BullGuard Ltd.)
AppInit_DLLs-x32: BgGamingMonitor.dll [100184 2013-10-12] (BullGuard Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=10&cc=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCB7E86EA73E1CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {AC8BBB14-5B7A-4AD6-9736-19E756981512} URL = hxxp://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=457
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=78719aa9000000000000001b2f34b738
SearchScopes: HKCU - {AC8BBB14-5B7A-4AD6-9736-19E756981512} URL = hxxp://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=457
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: BGAntiphishingBHO Class - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
BHO-x32: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BGAntiphishingBHO Class - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU -  No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://fotomeyer.picserver.info/ImageUploader4.cab
Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9 09 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9 10 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9 21 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 05 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 06 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 07 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 08 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 09 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 10 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Winsock: Catalog9-x64 21 C:\Windows\system32\BGLsp.dll [98648] (BullGuard Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"]},"first_run_tabs":["hxxp://www.google.com/","hxxp://welcome_page"

==================== Services (Whitelisted) =================

R2 AAV UpdateService; D:\Gemeinsamer Ordner\Steuererklaerung\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AdobeActiveFileMonitor7.0; D:\Adobe Photoshop\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [161112 2013-10-12] (BullGuard Ltd.)
S2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [383320 2013-10-12] (BullGuard Ltd.)
R2 BsBrowser; C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll [87896 2013-10-12] (BullGuard Ltd.)
R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [426328 2013-10-12] (BullGuard Ltd.)
R2 BsFire; C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll [710488 2013-10-12] (BullGuard Ltd.)
R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [261976 2013-10-12] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [269656 2013-10-12] (BullGuard Ltd.)
R3 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [341848 2013-10-12] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [382304 2013-10-13] (BullGuard Ltd.)

==================== Drivers (Whitelisted) ====================

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [38528 2013-10-13] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [445568 2013-10-13] (Agnitum Ltd.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-02-28] ()
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [66272 2013-10-12] (BullGuard Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-02-28] ()
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [256072 2013-10-13] (NovaShield, Inc.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [25160 2013-10-13] (NovaShield, Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [290376 2013-10-13] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-13 14:08 - 2013-10-13 14:08 - 00290376 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\Trufos.sys
2013-10-13 14:08 - 2013-10-13 14:08 - 00111064 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll.PendingBullGuardUpdate
2013-10-13 14:08 - 2013-10-13 14:08 - 00100216 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll.PendingBullGuardUpdate
2013-10-13 14:08 - 2013-10-13 14:08 - 00063840 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll.PendingBullGuardUpdate
2013-10-13 14:08 - 2013-10-13 14:08 - 00054624 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll.PendingBullGuardUpdate
2013-10-13 14:05 - 2013-10-13 14:05 - 00000000 ____D C:\Program Files\Common Files\BullGuard Ltd
2013-10-12 18:18 - 2013-10-12 18:18 - 00829429 _____ C:\Users\Philipp und Marisa\Documents\Präsentation2.pptx
2013-10-12 18:13 - 2013-10-12 18:13 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-12 18:04 - 2013-10-12 18:04 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-12 18:04 - 2013-10-12 18:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-12 18:04 - 2013-10-12 18:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-12 18:04 - 2013-10-12 18:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-12 18:03 - 2013-10-12 18:03 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-12 17:56 - 2013-10-12 17:56 - 00026850 _____ C:\Users\Philipp\Desktop\Computer#2013101216520000000000a.bglog
2013-10-12 12:55 - 2013-10-12 12:55 - 00000000 ____D C:\Users\Philipp und Marisa\AppData\Roaming\Software Inspection Library
2013-10-12 12:46 - 2013-10-13 14:08 - 00256072 _____ (NovaShield, Inc.) C:\Windows\system32\Drivers\NSKernel.sys
2013-10-12 12:46 - 2013-10-13 14:08 - 00025160 _____ (NovaShield, Inc.) C:\Windows\system32\Drivers\NSNetmon.sys
2013-10-12 12:46 - 2013-10-12 12:46 - 00109912 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2013-10-12 12:46 - 2013-10-12 12:46 - 00100184 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2013-10-12 12:46 - 2013-10-12 12:46 - 00098648 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2013-10-12 12:46 - 2013-10-12 12:46 - 00082776 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2013-10-12 12:33 - 2013-10-12 12:33 - 00021154 _____ C:\Users\Philipp und Marisa\Desktop\Addition.txt
2013-10-12 12:31 - 2013-10-07 16:40 - 01954124 _____ (Farbar) C:\Users\Philipp und Marisa\Desktop\FRST64.exe
2013-10-09 19:35 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 19:35 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 19:35 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 19:35 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 19:35 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 19:35 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 19:35 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 19:35 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 19:35 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 19:35 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 19:35 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 19:35 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 19:34 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 17:33 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:33 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:32 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 17:32 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 17:32 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 17:32 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 17:32 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 17:32 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 17:32 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 17:32 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 17:32 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 17:32 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:32 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:32 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 17:32 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:32 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:32 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 17:32 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 17:32 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:32 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 17:32 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:32 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 17:32 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 17:32 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:32 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:32 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:32 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:32 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:32 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:32 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:32 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:32 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:32 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:31 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 17:31 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 17:31 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 17:31 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 17:31 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 17:31 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 17:31 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 17:31 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 17:31 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 17:31 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 17:31 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 17:31 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:31 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:31 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:30 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:30 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-07 18:12 - 2013-10-07 18:12 - 00000000 ____D C:\FRST
2013-10-07 16:40 - 2013-10-07 16:40 - 01954124 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2013-09-29 11:01 - 2013-09-29 18:28 - 02672500 _____ C:\Users\Philipp und Marisa\Desktop\Bastelanleitungen.pptx_=

==================== One Month Modified Files and Folders =======

2013-10-13 14:08 - 2013-10-13 14:08 - 00290376 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\Trufos.sys
2013-10-13 14:08 - 2013-10-13 14:08 - 00111064 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll.PendingBullGuardUpdate
2013-10-13 14:08 - 2013-10-13 14:08 - 00100216 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll.PendingBullGuardUpdate
2013-10-13 14:08 - 2013-10-13 14:08 - 00063840 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll.PendingBullGuardUpdate
2013-10-13 14:08 - 2013-10-13 14:08 - 00054624 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll.PendingBullGuardUpdate
2013-10-13 14:08 - 2013-10-12 12:46 - 00256072 _____ (NovaShield, Inc.) C:\Windows\system32\Drivers\NSKernel.sys
2013-10-13 14:08 - 2013-10-12 12:46 - 00025160 _____ (NovaShield, Inc.) C:\Windows\system32\Drivers\NSNetmon.sys
2013-10-13 14:08 - 2010-05-10 20:45 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7EFB8ACB-BDE2-4E0F-B0AC-48A85114DCC4}
2013-10-13 14:08 - 2010-02-28 18:11 - 00000000 ____D C:\ProgramData\BullGuard
2013-10-13 14:08 - 2009-12-04 12:00 - 00445568 ____R (Agnitum Ltd.) C:\Windows\system32\Drivers\AfwCore.sys
2013-10-13 14:08 - 2009-12-04 12:00 - 00038528 ____R (Agnitum Ltd.) C:\Windows\system32\Drivers\Afw.sys
2013-10-13 14:08 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-13 14:08 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-13 14:05 - 2013-10-13 14:05 - 00000000 ____D C:\Program Files\Common Files\BullGuard Ltd
2013-10-13 14:05 - 2010-02-28 17:24 - 01611609 _____ C:\Windows\WindowsUpdate.log
2013-10-13 14:01 - 2013-05-08 17:33 - 00012227 _____ C:\Windows\setupact.log
2013-10-13 14:01 - 2010-03-01 19:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-13 14:01 - 2010-02-28 21:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-13 14:01 - 2010-02-28 18:13 - 00000840 _____ C:\Windows\system32\config\afw_hm.conf
2013-10-13 14:01 - 2010-02-28 18:13 - 00000004 _____ C:\Windows\system32\config\afw_db.conf
2013-10-13 14:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-13 09:52 - 2012-04-14 15:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-12 23:37 - 2010-02-28 19:25 - 00143236 _____ C:\Windows\PFRO.log
2013-10-12 19:34 - 2010-02-28 21:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 18:18 - 2013-10-12 18:18 - 00829429 _____ C:\Users\Philipp und Marisa\Documents\Präsentation2.pptx
2013-10-12 18:15 - 2010-03-01 18:07 - 00000000 ____D C:\Users\Philipp und Marisa\AppData\Roaming\BullGuard
2013-10-12 18:13 - 2013-10-12 18:13 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-12 18:13 - 2012-08-26 17:35 - 00000000 ____D C:\Users\Philipp und Marisa\AppData\Roaming\vlc
2013-10-12 18:04 - 2013-10-12 18:04 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-12 18:04 - 2013-10-12 18:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-12 18:04 - 2013-10-12 18:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-12 18:04 - 2013-10-12 18:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-12 18:04 - 2012-08-04 11:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-12 18:04 - 2011-04-30 14:03 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-12 18:03 - 2013-10-12 18:03 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-12 17:56 - 2013-10-12 17:56 - 00026850 _____ C:\Users\Philipp\Desktop\Computer#2013101216520000000000a.bglog
2013-10-12 14:50 - 2009-07-14 19:58 - 00658988 _____ C:\Windows\system32\perfh007.dat
2013-10-12 14:50 - 2009-07-14 19:58 - 00132558 _____ C:\Windows\system32\perfc007.dat
2013-10-12 14:50 - 2009-07-14 07:13 - 01512418 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-12 12:55 - 2013-10-12 12:55 - 00000000 ____D C:\Users\Philipp und Marisa\AppData\Roaming\Software Inspection Library
2013-10-12 12:46 - 2013-10-12 12:46 - 00109912 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2013-10-12 12:46 - 2013-10-12 12:46 - 00100184 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2013-10-12 12:46 - 2013-10-12 12:46 - 00098648 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2013-10-12 12:46 - 2013-10-12 12:46 - 00082776 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2013-10-12 12:46 - 2010-12-17 12:25 - 00066272 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\BdSpy.sys
2013-10-12 12:33 - 2013-10-12 12:33 - 00021154 _____ C:\Users\Philipp und Marisa\Desktop\Addition.txt
2013-10-12 11:28 - 2013-08-25 14:22 - 00000000 ____D C:\Windows\rescache
2013-10-10 15:34 - 2009-07-14 06:45 - 00449456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 19:38 - 2010-02-28 18:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 19:28 - 2013-08-15 18:54 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 19:25 - 2010-03-07 13:23 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 18:52 - 2012-04-14 15:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 18:52 - 2012-04-14 15:05 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 18:52 - 2011-07-09 14:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 18:13 - 2010-03-01 18:06 - 00000000 ____D C:\Users\Philipp und Marisa
2013-10-07 18:12 - 2013-10-07 18:12 - 00000000 ____D C:\FRST
2013-10-07 16:40 - 2013-10-12 12:31 - 01954124 _____ (Farbar) C:\Users\Philipp und Marisa\Desktop\FRST64.exe
2013-10-07 16:40 - 2013-10-07 16:40 - 01954124 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2013-10-06 17:04 - 2010-02-28 20:26 - 00000000 ____D C:\Users\Philipp\AppData\Local\Google
2013-10-06 17:02 - 2010-02-28 20:32 - 00121072 _____ C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-06 17:01 - 2010-02-28 17:31 - 00001417 _____ C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-06 17:01 - 2010-02-28 17:30 - 00000000 ___RD C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 17:01 - 2010-02-28 17:30 - 00000000 ___RD C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-03 15:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-29 18:28 - 2013-09-29 11:01 - 02672500 _____ C:\Users\Philipp und Marisa\Desktop\Bastelanleitungen.pptx_=
2013-09-28 12:35 - 2010-11-04 18:51 - 00000000 ____D C:\ProgramData\tmp
2013-09-28 12:33 - 2011-09-03 17:51 - 00001336 _____ C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk
2013-09-28 12:33 - 2011-09-03 17:51 - 00001311 _____ C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2013-09-23 01:28 - 2013-10-09 19:35 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 19:35 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-09 19:35 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 01:27 - 2013-10-09 19:34 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 00:55 - 2013-10-09 19:35 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 19:35 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-09 19:35 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-09 19:35 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-09 19:35 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 05:38 - 2013-10-09 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-09 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-09 19:35 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-09 19:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-19 16:50 - 2010-05-08 10:45 - 00000000 ____D C:\Users\Philipp und Marisa\AppData\Roaming\ZoomBrowser EX
2013-09-19 16:50 - 2010-05-08 10:40 - 00000000 ____D C:\Users\Philipp und Marisa\AppData\Roaming\CameraWindowDC
2013-09-14 03:10 - 2013-10-09 17:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\installerdll.dll
C:\Users\Philipp\AppData\Local\Temp\ose00000.exe
C:\Users\Philipp\AppData\Local\Temp\uninstall.exe
C:\Users\Philipp\AppData\Local\Temp\_is1D9E.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-12 11:20

==================== End Of Log ============================
--- --- ---

[/code]

und Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Philipp at 2013-10-13 14:10:48
Running from C:\Users\Philipp und Marisa\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: BullGuard Antivirus (Enabled - Up to date) {504FFF66-3028-EB7E-2E60-62B19ADD791C}
AS: BullGuard Antispyware (Enabled - Up to date) {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Disabled) {68747E43-7A47-EA26-053F-CB84640E3E67}

==================== Installed Programs ======================

AAVUpdateManager (x32 Version: 18.00.0000)
Adobe AIR (x32 Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0)
Adobe Reader 9.5.2 - Deutsch (x32 Version: 9.5.2)
ANNO 2070 (x32 Version: 1.0.0.0)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Audiograbber MP3-Plugin (x32 Version: 1.0)
BioShock 2 (x32 Version: 1.0.0003.131)
BullGuard 9.0 (Version: 9.0)
Canon Easy-PhotoPrint EX (x32)
Canon Easy-WebPrint EX (x32)
Canon G.726 WMP-Decoder (x32 Version: 1.1.0.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.5.0.3)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.1.6)
Canon MG5300 series Benutzerregistrierung (x32)
Canon MG5300 series MP Drivers
Canon MG5300 series On-screen Manual (x32)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 2.6.0.4)
Canon MP Navigator EX 5.0 (x32)
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 0.9.3.9)
Canon Solution Menu EX (x32)
Canon Utilities CameraWindow (x32 Version: 7.1.0.2)
Canon Utilities CameraWindow DC (x32 Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (x32 Version: 6.4.2.16)
Canon Utilities MyCamera (x32 Version: 6.4.0.5)
Canon Utilities MyCamera DC (x32 Version: 7.0.1.8)
Canon Utilities PhotoStitch (x32 Version: 3.1.21.45)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (x32 Version: 6.1.0.20)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.1.0.8)
CDDRV_Installer (Version: 4.60)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Empire: Total War (x32)
erLT (x32 Version: 1.20.0137)
GM(S) - Toolbar (x32)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.153)
honestech Audio Recorder 2.0 Deluxe (x32 Version: 2.0)
Java 7 Update 25 (x32 Version: 7.0.250)
JavaFX 2.1.1 (x32 Version: 2.1.1)
KhalInstallWrapper (Version: 2.00.0000)
Logitech SetPoint (x32 Version: 4.80)
Logitech Unifying-Software 2.10 (Version: 2.10.37)
Meine CEWE FOTOWELT (x32 Version: 5.0.4)
meinHausplaner (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
mp3-2-wav converter 1.14 (x32)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Display Control Panel (Version: 1.10)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.10.0222)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
Panzer Corps (x32 Version: 1.03)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
PVSonyDll (Version: 1.00.0001)
QuickStores-Toolbar 1.2.0 (x32 Version: 1.2.0)
Samsung Kies (x32 Version: 2.0.1.11053_99)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2410.0)
Steam (x32 Version: 1.0.0.0)
Steuer-Spar-Erklärung 2013 (x32 Version: 18.08)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VLC media player 2.1.0 (x32 Version: 2.1.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
World of Tanks (x32)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {70C76564-7673-479A-B919-2538EA945C82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28] (Google Inc.)
Task: {87B3EC0D-367A-41DB-95F8-E8842257984E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {8C075BDD-5644-49C6-A748-965AE538090E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {C660925A-646C-479E-A512-58DA2F1EBDF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {D0FE8317-3A24-4476-B9A9-CB13642724A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28] (Google Inc.)
Task: {F6D2ED23-A480-474B-9E30-EF0D0A498DE6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-18 19:30 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-10-12 12:46 - 2013-10-12 12:45 - 00601432 _____ () C:\Program Files\BullGuard Ltd\BullGuard\libxml2.dll
2013-10-12 12:46 - 2013-10-12 12:45 - 00086360 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2013-10-12 12:46 - 2013-10-12 12:46 - 00388736 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpBackupRes.dll
2013-10-12 12:46 - 2013-10-12 12:45 - 00505984 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpMainRes.dll
2013-10-12 12:46 - 2013-10-12 12:45 - 00628568 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2013-10-12 12:46 - 2013-10-12 12:45 - 00065368 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2011-07-19 18:39 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2013-10-12 12:46 - 2013-10-12 12:45 - 00450392 _____ () C:\Program Files\BullGuard Ltd\BullGuard\files32\SQLite.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2013 11:55:25 PM) (Source: Application Hang) (User: )
Description: Programm PortableAppsUpdater.exe, Version 11.2.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12dc

Startzeit: 01cec794a7bd1a1b

Endzeit: 5

Anwendungspfad: G:\PortApps\PortableApps\PortableApps.com\PortableAppsUpdater.exe

Berichts-ID:

Error: (10/07/2013 04:58:19 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16686 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f5c

Startzeit: 01cec36d54ff67ee

Endzeit: 27

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (10/07/2013 04:40:49 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e98

Startzeit: 01cec36b2e932c81

Endzeit: 4

Anwendungspfad: C:\Users\Philipp\Downloads\FRST64.exe

Berichts-ID: 73232f1d-2f5e-11e3-a1b4-001a4d5f99a5

Error: (10/06/2013 05:05:21 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16686 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 494

Startzeit: 01cec2a544bf76a3

Endzeit: 7

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (10/06/2013 04:41:54 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16686 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7c4

Startzeit: 01cec2a1f7aa7656

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (10/03/2013 02:57:33 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16686 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c1c

Startzeit: 01cec037d4fc2e15

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (09/30/2013 07:56:07 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Das System kann die angegebene Datei nicht finden. (0x80070002)"

Error: (09/16/2013 11:57:23 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Das System kann die angegebene Datei nicht finden. (0x80070002)"

Error: (08/15/2013 06:14:34 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Das System kann die angegebene Datei nicht finden. (0x80070002)"

Error: (07/28/2013 05:43:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1106, Zeitstempel: 0x50f9458d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001a2519
ID des fehlerhaften Prozesses: 0x135c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3


System errors:
=============
Error: (10/12/2013 11:44:47 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/12/2013 11:44:47 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/12/2013 11:44:46 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/12/2013 11:44:46 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/12/2013 11:44:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (10/12/2013 06:54:53 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/12/2013 11:35:55 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/09/2013 07:34:10 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/09/2013 06:50:53 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/09/2013 05:07:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (10/12/2013 11:55:25 PM) (Source: Application Hang)(User: )
Description: PortableAppsUpdater.exe11.2.0.012dc01cec794a7bd1a1b5G:\PortApps\PortableApps\PortableApps.com\PortableAppsUpdater.exe

Error: (10/07/2013 04:58:19 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16686f5c01cec36d54ff67ee27C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/07/2013 04:40:49 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.8.1e9801cec36b2e932c814C:\Users\Philipp\Downloads\FRST64.exe73232f1d-2f5e-11e3-a1b4-001a4d5f99a5

Error: (10/06/2013 05:05:21 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1668649401cec2a544bf76a37C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/06/2013 04:41:54 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.166867c401cec2a1f7aa76560C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/03/2013 02:57:33 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16686c1c01cec037d4fc2e154C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/30/2013 07:56:07 PM) (Source: Windows Backup)(User: )
Description: Das System kann die angegebene Datei nicht finden. (0x80070002)

Error: (09/16/2013 11:57:23 AM) (Source: Windows Backup)(User: )
Description: Das System kann die angegebene Datei nicht finden. (0x80070002)

Error: (08/15/2013 06:14:34 PM) (Source: Windows Backup)(User: )
Description: Das System kann die angegebene Datei nicht finden. (0x80070002)

Error: (07/28/2013 05:43:51 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921nvwgf2um.dll9.18.13.110650f9458dc0000005001a2519135c01ce8ba93e0a88c9C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\nvwgf2um.dll7f7bda93-f79c-11e2-bd3c-001a4d5f99a5


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 4094.49 MB
Available physical RAM: 2218.19 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 6007.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:57.1 GB) (Free:2.75 GB) NTFS
Drive d: () (Fixed) (Total:146.48 GB) (Free:4.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 9EE77545)
Partition 1: (Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=57 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Grüße

Phil

aharonov 13.10.2013 13:31
Hi,

das sieht soweit nicht schlecht aus.
Wie läuft der Rechner denn jetzt? Alles normal?


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

aharonov 22.10.2013 21:05
Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

aharonov 29.10.2013 23:06
Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131