Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win 7, Login-Screen flackert, kein Login möglich

Win 7, Login-Screen flackert, kein Login möglich


Log-Analyse und Auswertung: Win 7, Login-Screen flackert, kein Login möglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.12.2014, 23:32   #1
tilro
 
Win 7, Login-Screen flackert, kein Login möglich - Standard

Win 7, Login-Screen flackert, kein Login möglich


Hallo,

bin heute Mittag zwischen 15-16 Uhr an meinen Schreibtisch zurück gekommen. Meine beiden Laptops (ThinkPad W540 und X230, beide Windows 7) zeigten identisches Verhalten:
- der Login-Screen flackert schnell
- es ist kein Login mehr möglich
- Rechner ließ sich nicht kontrolliert herunterfahren

Nach dem "Killen" des Rechners ist ein Start im abgesicherten Modus möglich.

Ich verwende BitDefender als AV-Scanner, der allerdings im abgesicherten Modus nicht zu funktionieren scheint. Ich konnte das System nicht scannen.

Ich habe zu dem Thema noch einen anderen Thread hier: hxxp://thinkpad-forum.de/threads/182284-HILFE-Loginscreen-flackert-kein-Login-m%C3%B6glich/page2 - ich ging zu Beginn nicht davon aus, dass es ein Virus sein könnte. Es scheint so, dass auch andere das gleiche Problem hatten.

Im Moment läuft auf dem W540 der Scan mit Kaspersky Rescue Disk. Der erste Scan (Bootsektoren, Autostart-Objekte) hat kein Ergebnis gezeigt.

Für den X230 habe ich die Logfiles wie beschrieben erstellt.

defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:01 on 03/12/2014 (TilmannAdmin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by TilmannAdmin (administrator) on THINK-X230 on 03-12-2014 21:02:20
Running from C:\Users\TilmannAdmin\Desktop\AntiVirFix
Loaded Profile: TilmannAdmin (Available profiles: TilmannAdmin & Luca & Jonathan & Angela)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\Dxpserver.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\Windows\SYSTEM32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-06-20] (Lenovo Group Limited)
HKLM\...\Run: [ResetACGauge] => C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe [154688 2012-04-20] (Lenovo)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2012-04-20] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2007-07-18] ()
HKLM\...\Run: [LMPSSDMON] => C:\Program Files\Lexmark\Monitor\ACJ\LMabMON.exe [753664 2010-03-26] ()
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2014-11-17] (Bitdefender)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [87040 2013-03-26] (Primax Electronics Ltd.)
HKLM\...\Run: [Mouse Suite 98 Daemon] => ICO.EXE
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-4202006404-72638676-4184759351-1001\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-03-26] ( )
HKU\S-1-5-21-4202006404-72638676-4184759351-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-17] (Bitdefender)
HKU\S-1-5-21-4202006404-72638676-4184759351-1001\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-17] (Bitdefender)
HKU\S-1-5-21-4202006404-72638676-4184759351-1001\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-17] (Bitdefender)
HKU\S-1-5-21-4202006404-72638676-4184759351-1001\...\MountPoints2: {e3a7c444-3905-11e4-9b6d-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-17] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-17] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-17] (Bitdefender)
Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\Users\TilmannAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4202006404-72638676-4184759351-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-4202006404-72638676-4184759351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
HKU\S-1-5-21-4202006404-72638676-4184759351-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4202006404-72638676-4184759351-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Homepage: https://startpage.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-4202006404-72638676-4184759351-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default\searchplugins\webde-suche.xml
FF Extension: Xmarks - C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default\Extensions\foxmarks@kei.com [2014-11-23]
FF Extension: DownloadHelper - C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-11]
FF Extension: Ghostery - C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default\Extensions\firefox@ghostery.com.xpi [2014-09-11]
FF Extension: NoScript - C:\Users\TilmannAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\n6x4usx0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-11]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-09-11]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-09-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2013-06-11]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-09-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-11-17] (Bitdefender)
S2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8447848 2011-11-09] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-06-25] (Lenovo.)
S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-06-20] (Lenovo Group Limited)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S2 lmab_device; C:\Windows\system32\LMabcoms.exe [1045504 2010-03-26] ( ) [File not signed]
S2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2010-03-26] ( ) [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
S2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
S2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [178688 2012-03-13] () [File not signed]
S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
S2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-11-17] (Bitdefender)
S2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-18] (Symantec Corporation)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2014-11-17] (Bitdefender)
S2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
S2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-11-17] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-11-17] (BitDefender)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
S3 pelbtm; C:\Windows\System32\DRIVERS\pelbtm.sys [16384 2012-06-19] (Primax Electronics Ltd.)
S1 pelmoubt; C:\Windows\System32\DRIVERS\pelmoubt.sys [22528 2012-06-19] (Primax Electronics Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-11-17] (BitDefender S.R.L.)
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)
S2 smihlp; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 21:02 - 2014-12-03 21:02 - 00000000 ____D () C:\FRST
2014-12-03 21:01 - 2014-12-03 21:02 - 00000000 ____D () C:\Users\TilmannAdmin\Desktop\AntiVirFix
2014-12-03 21:01 - 2014-12-03 21:01 - 00000000 _____ () C:\Users\TilmannAdmin\defogger_reenable
2014-12-03 18:47 - 2014-12-03 18:59 - 1162936320 _____ () C:\Users\TilmannAdmin\Downloads\ubuntu-14.10-desktop-amd64.iso
2014-12-03 14:29 - 2014-12-03 14:29 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-12-03 14:29 - 2014-12-03 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2014-12-03 14:29 - 2014-12-03 14:29 - 00000000 ____D () C:\Program Files\Macrium
2014-12-03 14:25 - 2014-12-03 14:30 - 00313732 _____ () C:\Reflect_Install.log
2014-12-03 14:19 - 2014-12-03 14:25 - 00000000 ____D () C:\ProgramData\Macrium
2014-12-03 14:19 - 2014-12-03 14:23 - 00000000 ____D () C:\Users\TilmannAdmin\Downloads\Macrium
2014-12-03 14:19 - 2014-12-03 14:19 - 02292720 _____ (Paramount Software UK Ltd) C:\Users\TilmannAdmin\Downloads\reflectdl.exe
2014-12-03 12:58 - 2014-12-03 12:58 - 00000000 ____D () C:\Users\TilmannAdmin\Documents\Ulead Burn.Now
2014-12-03 12:58 - 2014-12-03 12:58 - 00000000 ____D () C:\Users\TilmannAdmin\AppData\Roaming\Ulead Systems
2014-12-03 12:45 - 2014-12-03 12:45 - 00000000 ____D () C:\Users\TilmannAdmin\AppData\Roaming\Acronis
2014-11-28 15:15 - 2014-11-28 15:15 - 00000000 ____D () C:\Users\Luca\AppData\Local\Intel_Corporation
2014-11-25 16:36 - 2014-11-25 16:36 - 00000000 ____D () C:\Users\Luca\AppData\Local\GoPro
2014-11-23 12:53 - 2014-11-23 12:53 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-23 12:53 - 2014-11-23 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-23 12:52 - 2014-11-23 12:52 - 42096984 _____ (Apple Inc.) C:\Users\TilmannAdmin\Downloads\QuickTimeInstaller.exe
2014-11-23 12:51 - 2014-11-23 12:51 - 00000000 __SHD () C:\Users\TilmannAdmin\AppData\Local\EmieBrowserModeList
2014-11-23 12:48 - 2014-11-23 12:59 - 00000000 ____D () C:\Users\TilmannAdmin\AppData\Roaming\GoPro
2014-11-23 12:48 - 2014-11-23 12:48 - 00001119 _____ () C:\Users\TilmannAdmin\Desktop\GoPro Studio.lnk
2014-11-23 12:48 - 2014-11-23 12:48 - 00000000 ____D () C:\Users\TilmannAdmin\AppData\Local\GoPro
2014-11-23 12:47 - 2014-11-23 12:59 - 00000000 ____D () C:\Users\Public\CineForm
2014-11-23 12:47 - 2014-11-23 12:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-23 12:47 - 2014-11-23 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2014-11-23 12:47 - 2014-11-23 12:47 - 00000000 ____D () C:\Program Files (x86)\GoPro
2014-11-23 12:47 - 2014-11-23 12:47 - 00000000 ____D () C:\Program Files (x86)\CineForm
2014-11-23 12:44 - 2014-11-23 12:46 - 163882760 _____ () C:\Users\TilmannAdmin\Downloads\GoProStudioPC-2.5.3.400.exe
2014-11-21 09:37 - 2014-11-22 19:34 - 00015161 _____ () C:\Users\Luca\Documents\Verträge.ods
2014-11-19 12:18 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 12:18 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 12:18 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 12:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 15:54 - 2014-11-17 15:54 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Adobe
2014-11-13 14:31 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 14:31 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 16:11 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:11 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:11 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 16:11 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:11 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 16:11 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:11 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 16:11 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 16:11 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 16:11 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:11 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:11 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:11 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 16:11 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 16:11 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 16:11 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 16:11 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 16:11 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:11 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 16:11 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:11 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 16:11 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:11 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:11 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:11 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:11 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:11 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:11 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:11 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:11 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:11 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 16:11 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:11 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 16:11 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 16:11 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:11 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:11 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:11 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:11 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:11 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 16:11 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:11 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:11 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:11 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:11 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:11 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:11 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:11 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:11 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 16:11 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:11 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:11 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:11 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 16:11 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:11 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:11 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 16:11 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:11 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 16:11 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:11 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:11 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:11 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 16:11 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 16:11 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:11 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:08 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:08 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:08 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 16:08 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 16:08 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:08 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:08 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 16:08 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:08 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:08 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 16:08 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 16:08 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 16:08 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 16:08 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 16:08 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 16:08 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:08 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 16:08 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 16:08 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 16:08 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 16:08 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:08 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 16:08 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:08 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 16:08 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 16:08 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 16:07 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:07 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:07 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 16:07 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 15:28 - 2014-11-11 15:28 - 00000000 ____D () C:\Users\TilmannAdmin\AppData\Roaming\yWorks
2014-11-11 10:28 - 2014-11-11 10:28 - 29197947 _____ (AG Projects ) C:\Users\TilmannAdmin\Downloads\Blink-Installer.exe
2014-11-11 10:18 - 2014-11-11 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yEd Graph Editor
2014-11-11 10:18 - 2014-11-11 10:18 - 00000000 ____D () C:\Program Files (x86)\yWorks
2014-11-11 10:17 - 2014-11-11 10:17 - 56629832 _____ (yWorks GmbH) C:\Users\TilmannAdmin\Downloads\yEd-3.13_with-JRE_32-bit_setup.exe
2014-11-11 07:33 - 2014-11-11 07:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 23:49 - 2014-11-10 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Mouse Suite
2014-11-10 23:48 - 2013-03-26 07:47 - 00012288 ____N (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\pvendrlf.SYS
2014-11-10 23:48 - 2013-03-26 07:46 - 00034816 ____N (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\phidmice.SYS
2014-11-10 23:48 - 2013-03-26 07:40 - 00023040 ____N (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\pmouself.SYS
2014-11-10 23:48 - 2013-03-19 17:11 - 00034816 ____N (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\PELUSBLF.SYS
2014-11-10 23:48 - 2012-11-28 17:08 - 00023040 ____N (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\PELMOUSE.SYS
2014-11-10 23:48 - 2012-06-19 11:19 - 00022528 _____ (Primax Electronics Ltd.) C:\Windows\system32\Drivers\PELMOUBT.SYS
2014-11-10 23:48 - 2012-06-19 11:18 - 00016384 _____ (Primax Electronics Ltd.) C:\Windows\system32\Drivers\PELBTM.SYS
2014-11-10 23:48 - 2009-11-02 16:36 - 00011776 ____N (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\PELVENDR.SYS
2014-11-10 23:48 - 2005-11-17 15:46 - 00414632 _____ (Microsoft Corporation) C:\Windows\difxapi.dll
2014-11-10 23:47 - 2014-11-10 23:47 - 28145792 _____ (Lenovo Group Limited ) C:\Users\TilmannAdmin\Downloads\e1mie05us17.exe
2014-11-10 23:45 - 2014-11-10 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-11-10 23:45 - 2014-11-10 23:45 - 00000000 ____D () C:\Program Files\Tracker Software
2014-11-10 23:44 - 2014-11-10 23:44 - 17072512 _____ () C:\Users\TilmannAdmin\Downloads\PDFXVwer2.5.311.zip
2014-11-10 23:44 - 2014-11-10 23:44 - 00000000 ____D () C:\Users\TilmannAdmin\Downloads\PDFXVwer2.5.311
2014-11-08 08:47 - 2014-11-08 08:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-11-05 01:18 - 2014-11-05 01:18 - 01462272 _____ (CineForm Inc.) C:\Windows\system32\CFHD.dll
2014-11-05 01:15 - 2014-11-05 01:15 - 01490944 _____ (CineForm Inc.) C:\Windows\SysWOW64\CFHD.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 21:01 - 2014-09-10 17:20 - 00000000 ____D () C:\Users\TilmannAdmin
2014-12-03 19:39 - 2013-06-12 05:07 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-03 19:39 - 2013-06-12 05:07 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-03 19:39 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-03 17:42 - 2014-09-11 20:59 - 00000000 ____D () C:\Users\TilmannAdmin\AppData\Local\PasswordSafe
2014-12-03 16:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 16:57 - 2009-07-14 05:51 - 00083854 _____ () C:\Windows\setupact.log
2014-12-03 16:17 - 2014-09-11 19:43 - 00005472 _____ () C:\ProgramData\LMabscan.log
2014-12-03 16:15 - 2013-06-11 19:18 - 01621989 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 16:15 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 16:15 - 2009-07-14 05:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 15:56 - 2014-09-12 10:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 15:50 - 2010-11-21 04:47 - 00606538 _____ () C:\Windows\PFRO.log
2014-12-03 13:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-01 16:51 - 2014-09-12 12:30 - 00000000 ____D () C:\Users\Luca\Documents\01 Jahresarbeit-MTB
2014-12-01 16:46 - 2014-09-12 12:42 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Skype
2014-11-28 14:56 - 2014-09-12 10:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 14:56 - 2014-09-12 10:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 14:56 - 2014-09-12 10:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-23 13:28 - 2014-09-11 22:19 - 00000000 ____D () C:\Users\TilmannAdmin\AppData\Roaming\Apple Computer
2014-11-23 12:47 - 2014-09-10 21:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-23 12:47 - 2013-06-11 19:17 - 00105872 _____ () C:\Windows\DPINST.LOG
2014-11-23 12:47 - 2013-06-11 19:17 - 00000000 ____D () C:\Program Files\DIFX
2014-11-17 16:28 - 2014-09-12 15:46 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Skype
2014-11-17 15:54 - 2014-09-11 22:00 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\LSC
2014-11-17 15:54 - 2014-09-11 19:34 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Adobe
2014-11-17 15:43 - 2014-09-11 20:14 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml
2014-11-17 15:34 - 2014-09-11 19:59 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-11-17 15:34 - 2014-09-11 19:53 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-11-17 15:33 - 2014-09-11 19:59 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-11-17 15:33 - 2014-09-11 19:53 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2014-11-17 15:33 - 2014-09-11 19:53 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-11-17 15:33 - 2014-09-11 19:53 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2014-11-13 13:54 - 2009-07-14 05:45 - 00388360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 13:35 - 2014-09-10 17:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 13:31 - 2014-09-10 17:51 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 10:25 - 2014-09-10 17:27 - 00000000 ____D () C:\Users\TilmannAdmin\AppData\Local\MobileAccess
2014-11-12 10:09 - 2014-09-11 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 16:44 - 2011-12-08 21:43 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-11 16:44 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-11-11 16:44 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-11-11 16:44 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-11-11 16:44 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-11-11 16:44 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-11-11 16:44 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-11-11 16:44 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-11-11 16:44 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-11-11 16:44 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-11-11 16:44 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-11-11 16:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-11 16:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-11 16:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-11 16:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-11-11 16:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-11-11 16:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-11 16:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\com
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-11-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-11 10:46 - 2014-09-12 08:35 - 00000000 ____D () C:\Users\TilmannAdmin\AppData\Roaming\Blink
2014-11-11 10:29 - 2014-09-12 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blink
2014-11-11 10:29 - 2014-09-12 08:34 - 00000000 ____D () C:\Program Files (x86)\Blink
2014-11-10 23:48 - 2013-06-11 19:23 - 00000000 ____D () C:\Program Files\Lenovo
2014-11-05 16:30 - 2014-10-23 18:26 - 00010398 _____ () C:\Users\Jonathan\Documents\Ballhäuschen.ods

Some content of TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Jonathan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Luca\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TilmannAdmin\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\TilmannAdmin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8uh6zw.dll
C:\Users\TilmannAdmin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\TilmannAdmin\AppData\Local\Temp\i4jdel0.exe
C:\Users\TilmannAdmin\AppData\Local\Temp\xerces-c_2_5_0.dll
C:\Users\TilmannAdmin\AppData\Local\Temp\xmlDeployer.exe
C:\Users\TilmannAdmin\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-03 13:24

==================== End Of Log ============================
Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by TilmannAdmin at 2014-12-03 21:03:24
Running from C:\Users\TilmannAdmin\Desktop\AntiVirFix
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Disabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Disabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.41.00 - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.28.0.1191 - Bitdefender)
Blink version 0.9.1.2 (HKLM-x32\...\{AA4328C3-006F-49F0-94F4-0BA659FCB6A5}_is1) (Version: 0.9.1.2 - AG Projects)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.385 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DisplayLink Core Software (HKLM\...\{B57D4097-F2FE-4222-BA02-46C6EC8B7944}) (Version: 6.1.35392.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-4202006404-72638676-4184759351-1001\...\Dropbox) (Version: 2.10.29 - Dropbox, Inc.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.1 - Lenovo Group Limited)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GoPro Studio 2.5.3 (HKLM-x32\...\GoPro Studio) (Version: 2.5.3 - GoPro, Inc.)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3359 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.13.0 - Lenovo)
Lenovo Graphics Software (HKLM\...\{A8CAC260-092D-41DA-A38F-73AF4226B021}) (Version: 6.1.35401.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{4DD171A1-70FB-48EE-8844-98A7AA4C8DCC}) (Version: 3.2.30417.1301 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.66 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}) (Version: 1.3.0.007 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0014.00 - Lenovo Group Limited)
Lexmark Scan Center (HKLM-x32\...\{E13A3B1E-53C6-4697-AB0E-AE9AC6184499}) (Version: 1.10.00 - NewSoft Technology Corporation)
Lexmark Software deinstallieren (HKLM\...\Lexmark_HostCD) (Version:  - Lexmark International, Inc.)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7220 - Paramount Software (UK) Ltd.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.1.1.0 - Ericsson AB)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Presto! PageManager 7.12.31 (HKLM-x32\...\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}) (Version: 7.12.31 - NewSoft Technology Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.20 - Lenovo)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
RSA SecurID Software Token with Automation (HKLM-x32\...\{0ED59A2A-DFE9-48D6-B5E2-B2794BE19987}) (Version: 4.1.1 - RSA, The Security Division of EMC)
Self-Service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.51.86909 - SugarSync, Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Access Connections (HKLM-x32\...\{9C551D9B-5D36-46A2-9414-F658D934B129}) (Version: 5.93 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows-Treiberpaket - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/01/2012 16.0.2.0) (HKLM\...\A4EEF8BC45A8EED2C8090601368F19B9357FC46E) (Version: 03/01/2012 16.0.2.0 - Synaptics)
yEd Graph Editor 3.13 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.13 - yWorks GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4202006404-72638676-4184759351-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TilmannAdmin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4202006404-72638676-4184759351-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TilmannAdmin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4202006404-72638676-4184759351-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TilmannAdmin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4202006404-72638676-4184759351-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TilmannAdmin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4202006404-72638676-4184759351-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TilmannAdmin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4202006404-72638676-4184759351-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TilmannAdmin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4202006404-72638676-4184759351-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TilmannAdmin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4202006404-72638676-4184759351-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TilmannAdmin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4202006404-72638676-4184759351-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TilmannAdmin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00756476-446C-430B-BA6E-FCC6260500E2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {1110117B-C5AC-4761-A3E6-21F3F2D433CE} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {120A66DC-1745-484D-97C5-B34A1C9E6DAA} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {174A33C3-2C5A-40C6-8FB7-029C1AD19FBA} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {1C6E27E4-DE26-4390-BAF6-2A29468FACD1} - System32\Tasks\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {65596C68-8261-4075-B8F0-EE8DE99E72DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {7117577A-9526-4EAA-925C-6FD1437B0184} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {7AAA8790-15A5-4A73-8976-4EBF539097F5} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {7BA9CEA2-1CB1-41C6-B749-9D077C200E54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-28] (Adobe Systems Incorporated)
Task: {819B9424-FF08-4B14-B95A-8C74F235FCBB} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-06-25] (Lenovo Group Limited)
Task: {89F317DF-D434-49A0-9FB9-D748E76D0858} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)
Task: {8DC79E0A-9A7D-42DE-AAEC-370E8F424780} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {B15C6041-F57C-4E02-8E03-26600F531719} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)
Task: {C62A113C-1578-4F6F-9ED0-97C8B0412337} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
Task: {DA549D68-7655-43F2-999A-5BFFE5BC5300} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {EC652522-1AF6-4743-954D-CD066992AACC} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {F0A61844-CEC6-48FB-A100-CF5D97CA0969} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()
Task: {F81CBC25-28ED-41E2-8555-DD63F2979370} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-02-24] (Lenovo)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-06-11 19:29 - 2014-06-25 05:06 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-11-11 07:33 - 2014-11-11 07:33 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\TilmannAdmin\Downloads\Blink-Installer.exe:BDU
AlternateDataStreams: C:\Users\TilmannAdmin\Downloads\GoProStudioPC-2.5.3.400.exe:BDU
AlternateDataStreams: C:\Users\TilmannAdmin\Downloads\QuickTimeInstaller.exe:BDU
AlternateDataStreams: C:\Users\TilmannAdmin\Downloads\reflectdl.exe:BDU
AlternateDataStreams: C:\Users\TilmannAdmin\Downloads\tipp10_win_v2-1-0.exe:BDU
AlternateDataStreams: C:\Users\TilmannAdmin\Downloads\yEd-3.13_with-JRE_32-bit_setup.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4202006404-72638676-4184759351-500 - Administrator - Disabled)
Angela (S-1-5-21-4202006404-72638676-4184759351-1005 - Limited - Enabled) => C:\Users\Angela
Gast (S-1-5-21-4202006404-72638676-4184759351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4202006404-72638676-4184759351-1002 - Limited - Enabled)
Jonathan (S-1-5-21-4202006404-72638676-4184759351-1004 - Limited - Enabled) => C:\Users\Jonathan
Luca (S-1-5-21-4202006404-72638676-4184759351-1003 - Limited - Enabled) => C:\Users\Luca
TilmannAdmin (S-1-5-21-4202006404-72638676-4184759351-1001 - Administrator - Enabled) => C:\Users\TilmannAdmin

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2014 06:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lsc.exe, Version: 0.0.0.0, Zeitstempel: 0x4eb75ae0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 15.0.0.249, Zeitstempel: 0x53fe5c69
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0056fcdc
ID des fehlerhaften Prozesses: 0xb9c
Startzeit der fehlerhaften Anwendung: 0xlsc.exe0
Pfad der fehlerhaften Anwendung: lsc.exe1
Pfad des fehlerhaften Moduls: lsc.exe2
Berichtskennung: lsc.exe3

Error: (12/03/2014 05:33:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 04:58:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79f70
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005357
ID des fehlerhaften Prozesses: 0x1434
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3

Error: (12/03/2014 04:58:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79f70
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005357
ID des fehlerhaften Prozesses: 0x121c
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3

Error: (12/03/2014 04:58:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79f70
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005357
ID des fehlerhaften Prozesses: 0x1750
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3

Error: (12/03/2014 04:58:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79f70
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005357
ID des fehlerhaften Prozesses: 0x1680
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3

Error: (12/03/2014 04:58:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79f70
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005357
ID des fehlerhaften Prozesses: 0x15b0
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3

Error: (12/03/2014 04:58:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79f70
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005357
ID des fehlerhaften Prozesses: 0x14dc
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3

Error: (12/03/2014 04:58:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79f70
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005357
ID des fehlerhaften Prozesses: 0x140c
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3

Error: (12/03/2014 04:58:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79f70
Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005357
ID des fehlerhaften Prozesses: 0x1224
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3


System errors:
=============
Error: (12/03/2014 05:57:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (12/03/2014 05:35:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/03/2014 05:35:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/03/2014 05:35:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/03/2014 05:35:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/03/2014 05:35:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/03/2014 05:35:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/03/2014 05:35:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/03/2014 05:35:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/03/2014 05:35:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (12/03/2014 06:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lsc.exe0.0.0.04eb75ae0Adobe AIR.dll15.0.0.24953fe5c69c00000050056fcdcb9c01d00f1dab8e0ad4c:\program files\lenovo\lenovo solution center\lsc.exec:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll2e8da046-7b11-11e4-b859-3c970e04d287

Error: (12/03/2014 05:33:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 04:58:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.1.7601.175144ce79f70USER32.dll6.1.7601.175144ce7c9f1c00000050000000000005357143401d00f11f6cdc4f1C:\Windows\system32\LogonUI.exeC:\Windows\system32\USER32.dll348fbc33-7b05-11e4-b327-9cb70dd10625

Error: (12/03/2014 04:58:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.1.7601.175144ce79f70USER32.dll6.1.7601.175144ce7c9f1c00000050000000000005357121c01d00f11f6a7aeecC:\Windows\system32\LogonUI.exeC:\Windows\system32\USER32.dll346c078f-7b05-11e4-b327-9cb70dd10625

Error: (12/03/2014 04:58:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.1.7601.175144ce79f70USER32.dll6.1.7601.175144ce7c9f1c00000050000000000005357175001d00f11f683fa48C:\Windows\system32\LogonUI.exeC:\Windows\system32\USER32.dll3445f18b-7b05-11e4-b327-9cb70dd10625

Error: (12/03/2014 04:58:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.1.7601.175144ce79f70USER32.dll6.1.7601.175144ce7c9f1c00000050000000000005357168001d00f11f65de444C:\Windows\system32\LogonUI.exeC:\Windows\system32\USER32.dll34223ce7-7b05-11e4-b327-9cb70dd10625

Error: (12/03/2014 04:58:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.1.7601.175144ce79f70USER32.dll6.1.7601.175144ce7c9f1c0000005000000000000535715b001d00f11f63a2fa0C:\Windows\system32\LogonUI.exeC:\Windows\system32\USER32.dll33fc26e2-7b05-11e4-b327-9cb70dd10625

Error: (12/03/2014 04:58:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.1.7601.175144ce79f70USER32.dll6.1.7601.175144ce7c9f1c0000005000000000000535714dc01d00f11f614199bC:\Windows\system32\LogonUI.exeC:\Windows\system32\USER32.dll33d8723e-7b05-11e4-b327-9cb70dd10625

Error: (12/03/2014 04:58:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.1.7601.175144ce79f70USER32.dll6.1.7601.175144ce7c9f1c00000050000000000005357140c01d00f11f5ee0397C:\Windows\system32\LogonUI.exeC:\Windows\system32\USER32.dll33b25c3a-7b05-11e4-b327-9cb70dd10625

Error: (12/03/2014 04:58:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.1.7601.175144ce79f70USER32.dll6.1.7601.175144ce7c9f1c00000050000000000005357122401d00f11f5ca4ef3C:\Windows\system32\LogonUI.exeC:\Windows\system32\USER32.dll338ea796-7b05-11e4-b327-9cb70dd10625


CodeIntegrity Errors:
===================================
  Date: 2014-12-01 14:59:57.295
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-28 14:44:55.827
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-25 16:36:55.438
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-22 18:24:45.770
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-21 09:31:08.185
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-19 12:12:35.865
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-17 16:27:49.205
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 16:45:56.101
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 15:05:43.431
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 13:29:24.140
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 27%
Total physical RAM: 3791.8 MB
Available physical RAM: 2734.13 MB
Total Pagefile: 7581.77 MB
Available Pagefile: 6611.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:282.95 GB) (Free:221.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:2.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2B17D07E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gmer.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-03 21:37:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.EC2Z 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\TILMAN~1\AppData\Local\Temp\pglyqfow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                  fffff80002802000 8 bytes [00, 00, 04, 02, 53, 63, 4C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                  fffff80002802010 40 bytes [E0, 61, 66, 0A, 80, FA, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000768c1465 2 bytes [8C, 76]
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000768c14bb 2 bytes [8C, 76]
.text     ...                                                                                                                                 * 2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9                                                         
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dd10625                                                         
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dd10625@f065dd7805cc                                            0x73 0x9E 0x0A 0x6E ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70dd10625@f065dd9d09e4                                            0x35 0x93 0xF7 0xE9 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885dbead1                                                         
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)                                     
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dd10625 (not active ControlSet)                                     
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dd10625@f065dd7805cc                                                0x73 0x9E 0x0A 0x6E ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70dd10625@f065dd9d09e4                                                0x35 0x93 0xF7 0xE9 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885dbead1 (not active ControlSet)                                     

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                               unknown MBR code

---- EOF - GMER 2.1 ----
Ich bin im Moment ziemlich ratlos und dankbar für jede Anregung!

Til

Alt 04.12.2014, 07:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7, Login-Screen flackert, kein Login möglich - Standard

Win 7, Login-Screen flackert, kein Login möglich


Ich sehe ein wenig Adware, die macht aber nicht solche Probleme. Zwei Rechner machen identische Probleme? Immer noch?
Sicher dass da kein Stromausfall/Stromspitze oder sonstwas war?
__________________

__________________
Alt 04.12.2014, 07:53   #3
tilro
 
Win 7, Login-Screen flackert, kein Login möglich - Standard

Win 7, Login-Screen flackert, kein Login möglich


Guten Morgen!

Stromspitze war auch meine erste Vermutung. Im Thinkpad-Forum haben sich dann aber noch zwei andere User mit identischen Problemen gemeldet. Bei der einen war es lösbar (agesicherter Modus, dann Viren gefunden), von dem anderen habe ich nichts mehr gehört.

Auf dem W540 habe ich den Scan jetzt abgebrochen, da noch ca. 2 Tage Restdauer angegeben war.

Mit Hilfe der Lenovo Rescue & Recovery funktioniert er jetzt wieder.

Ich vermute daher, dass die Stromspitze nicht die Ursache war. Die hätte ja dann Hardware zerstört und dann würde die Recovery auch nicht mehr funktionieren dürfen. Sehe ich das richtig?

Den X230 werde ich erst mal nicht zurücksetzen. Ich würde schon gerne wissen, was da gestern passiert ist. Ich werde jetzt mal auf diesem Rechner den Check mit Kaspersky machen. Wenn das dort zwei Tage läuft, ist es mir egal ...
__________________
Alt 05.12.2014, 08:51   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7, Login-Screen flackert, kein Login möglich - Standard

Win 7, Login-Screen flackert, kein Login möglich


Naja, muss nicht unbedingt. Wenn die Software durcheinander kommt hilft die Recovery wieder.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.12.2014, 20:28   #5
tilro
 
Win 7, Login-Screen flackert, kein Login möglich - Standard

Win 7, Login-Screen flackert, kein Login möglich


X230 habe ich neu installiert. Da ich sowieso von HDD auf SSD umrüsten musste, habe ich eben nicht geklont, sondern neu installiert. Beim W540 scheint soweit alles normal zu funktionieren ...
Danke für die Unterstützung!


Alt 08.12.2014, 19:57   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7, Login-Screen flackert, kein Login möglich - Standard

Win 7, Login-Screen flackert, kein Login möglich


Gern Geschehen
__________________
--> Win 7, Login-Screen flackert, kein Login möglich

Antwort

Themen zu Win 7, Login-Screen flackert, kein Login möglich
adware, antivirus, bildschirm, cpu, desktop, feedback, festplatte, firefox, flash player, homepage, hotspot, kaspersky, mozilla, popup, problem, pwmtr64v.dll, realtek, registry, rundll, secur, security, software, svchost.exe, symantec, system, tracker, usb, virus, windows


« Windows 7: Öffnen von Websiten wie Google, Youtube, etc. stößt auf Fehlermeldung | Windows 8 - Proxy wird automtisch gesetzt -> keine Verbinung ins Internet »


Ähnliche Themen: Win 7, Login-Screen flackert, kein Login möglich


  1. Win 7, Login-Screen flackert, kein Login möglich
    Log-Analyse und Auswertung - 06.12.2014 (3)
  2. Schwarzer Bildschirm + Mauszeiger statt Login-Screen
    Log-Analyse und Auswertung - 26.04.2014 (13)
  3. Shell wird immer zurückgesetzt, kein Login, kein Abgesicherter Modus | Virus OTL Log
    Log-Analyse und Auswertung - 29.12.2012 (0)
  4. email-und ebay login gehen nur auf meinem PC nicht möglich, Schadprogramm auf dem Rechner?
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (3)
  5. GVU / Bunderstrojaner / Windows XP - kein abgesichertert Modus, nach Login sofort Bildschirm gesperrt...
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (6)
  6. Kein Login bei verschieden Seiten möglich
    Alles rund um Windows - 29.01.2012 (1)
  7. Kein Login möglich & Buttons deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 01.11.2011 (3)
  8. Blue Screen nach Login mit Neustart
    Plagegeister aller Art und deren Bekämpfung - 10.04.2011 (3)
  9. Win XP Login Loop
    Alles rund um Windows - 29.08.2010 (2)
  10. Antimalware Doctor entfernt (XP) - aber Windows-Login nicht mehr möglich (gibt es noch Hoffnung?)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (2)
  11. BSOD XP SP3 kein Login möglich
    Netzwerk und Hardware - 14.02.2010 (7)
  12. kein login nach dropper.gen mehr möglich, hat er mein Passwort geändert?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2009 (1)
  13. Neustes Bitdefender Update: kein Login mehr möglich in Vista / 7
    Antiviren-, Firewall- und andere Schutzprogramme - 07.07.2009 (0)
  14. Login auf trojaner-board.com nicht möglich?
    Lob, Kritik und Wünsche - 03.02.2007 (1)
  15. Kein login ?? hilfe ??
    Mülltonne - 04.11.2006 (1)
  16. SSL Login
    Lob, Kritik und Wünsche - 21.06.2003 (0)
  17. ICQ Login Probs
    Alles rund um Windows - 13.02.2003 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 7, Login-Screen flackert, kein Login möglich - Hallo, bin heute Mittag zwischen 15-16 Uhr an meinen Schreibtisch zurück gekommen. Meine beiden Laptops (ThinkPad W540 und X230, beide Windows 7) zeigten identisches Verhalten: - der Login-Screen flackert schnell - Win 7, Login-Screen flackert, kein Login möglich...
Archiv
Du betrachtest: Win 7, Login-Screen flackert, kein Login möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131