Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   DHL Mail - Link geöffnet :-( (https://www.trojaner-board.de/167535-dhl-mail-link-geoeffnet.html)

wima 03.06.2015 10:53
DHL Mail - Link geöffnet :-(
 
Hallo Ihr,
ich war so doof auf den Link in der dhl-Mail zu klicken.
Meine Hand war schneller als der Kopf, da ich ein Paket erwarte.

Ohje, was nun?

Der Link führt mich hierhier: hxxp://qod-shop.de/cli/Y37fCFrEbBh

Ich mache gerade einen Virenscan.

schrauber 03.06.2015 11:09
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


wima 03.06.2015 11:35
hier die frst.txt
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Stephanie (administrator) on MATRIX on 03-06-2015 12:22:17
Running from C:\Users\Stephanie\Downloads
Loaded Profiles: Stephanie (Available Profiles: Stephanie)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\FileSync\VSSService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(FileSync) C:\Program Files\FileSync\OpenAccess.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE
(Google Inc.) C:\Users\Stephanie\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TARNHTU.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TARNHTU.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\odscanui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dominik Reichl) C:\Program Files\KeePass Password Safe 2\KeePass.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [342360 2013-11-29] (Lenovo.)
HKLM\...\Run: [PWMTRV] => rundll32 "C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL",PwrMgrBkGndMonitor
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1918176 2015-02-02] (Bitdefender)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2015-02-02] (Bitdefender)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-11-14] (Bitdefender)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Livedrive] => C:\Program Files\FileSync\OpenAccess.exe [1588904 2013-11-22] (FileSync)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE [220800 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Google Update] => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-07] (Google Inc.)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Google+ Auto Backup] => C:\Users\Stephanie\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [GoogleChromeAutoLaunch_15A09AB4B2860ED1D468C1D57628C0D5] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2015-02-02] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-11-14] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-02] (Microsoft Corporation)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BackupOverlay] -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files\FileSync\Extensions.dll [2013-11-22] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files\FileSync\Extensions.dll [2013-11-22] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files\FileSync\Extensions.dll [2013-11-22] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files\FileSync\Extensions.dll [2013-11-22] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files\FileSync\Extensions.dll [2013-11-22] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4222683380-241142296-947392436-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-4222683380-241142296-947392436-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKU\S-1-5-21-4222683380-241142296-947392436-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
SearchScopes: HKU\S-1-5-21-4222683380-241142296-947392436-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-11-14] (Bitdefender)
BHO: BrowserHelper Class -> {EDF48A39-1442-463F-9F4E-F376A78D034A} -> C:\Program Files\FileSync\ExplorerExtensions.dll [2013-11-22] (Livedrive Internet Ltd)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\2wrw8mii.default
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4222683380-241142296-947392436-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4222683380-241142296-947392436-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman [2014-03-02]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-02]

Chrome:
=======
CHR Profile: C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-09-12]
CHR Extension: (Google Docs) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-02]
CHR Extension: (Google Drive) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-02]
CHR Extension: (QuickPin) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhogoimaoahmedeeahleijnpljdbammj [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
CHR Extension: (Google Search) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
CHR Extension: (Bookmark Manager) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Pin It Button) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-05-24]
CHR Extension: (Pinterest Image Expander) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjfcepcgakkhodjinacolfaeimnedbg [2014-05-24]
CHR Extension: (Pixlr Touch Up) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2015-01-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR Extension: (Page Monitor) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-07-21]
CHR Extension: (Gmail) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]
CHR HKLM\...\Chrome\Extension: [-4222683380-241142296-947392436-1000] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2015-02-02]
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2015-02-02]
CHR HKU\S-1-5-21-4222683380-241142296-947392436-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-11-14] (Bitdefender)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-25] (SEIKO EPSON CORPORATION)
R2 FileSyncVSSService; C:\Program Files\FileSync\VSSService.exe [157352 2013-11-22] ()
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [110128 2014-05-27] (Lenovo Group Limited)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664856 2013-12-09] (Lenovo Group Limited)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [24120 2014-02-14] ()
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [116208 2014-06-10] (Lenovo Group Limited)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-11-14] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1302784 2015-02-02] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1073160 2015-02-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [528248 2014-11-14] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-27] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299144 2012-11-10] (EldoS Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [408280 2015-02-02] (BitDefender S.R.L.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 12:22 - 2015-06-03 12:24 - 00019493 _____ () C:\Users\Stephanie\Downloads\FRST.txt
2015-06-03 12:21 - 2015-06-03 12:22 - 00000000 ____D () C:\FRST
2015-06-03 12:21 - 2015-06-03 12:21 - 01147392 _____ (Farbar) C:\Users\Stephanie\Downloads\FRST.exe
2015-05-22 12:44 - 2015-05-22 12:45 - 00149896 _____ () C:\Windows\Minidump\052215-17940-01.dmp
2015-05-22 12:44 - 2015-05-22 12:44 - 236522717 _____ () C:\Windows\MEMORY.DMP
2015-05-22 12:44 - 2015-05-22 12:44 - 00000000 ____D () C:\Windows\Minidump
2015-05-18 22:25 - 2015-05-18 22:25 - 00030731 _____ () C:\Users\Stephanie\Downloads\pacifico (1).zip
2015-05-18 22:21 - 2015-05-18 22:21 - 00000000 ____D () C:\Users\Stephanie\Downloads\pacifico
2015-05-18 22:20 - 2015-05-18 22:20 - 00083451 _____ () C:\Users\Stephanie\Downloads\pacifico.zip
2015-05-12 23:14 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 20:24 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 20:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 20:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 20:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 20:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 20:24 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 20:24 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 20:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 20:24 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 20:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 20:24 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 20:24 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 20:24 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 20:24 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 20:24 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 20:24 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 20:24 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 20:24 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 20:24 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 20:24 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 20:24 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 20:24 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 20:24 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 20:23 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 20:23 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 20:23 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 20:23 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 20:23 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 20:23 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 20:23 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 20:23 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 20:23 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 20:23 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 20:23 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 20:23 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 20:23 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 20:23 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 20:23 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 20:23 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 20:23 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 20:23 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 20:23 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 20:23 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 20:23 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 20:23 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 20:23 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 20:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 20:23 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 20:23 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 12:18 - 2014-06-07 22:38 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000UA.job
2015-06-03 12:13 - 2014-03-01 22:11 - 01360750 _____ () C:\Windows\WindowsUpdate.log
2015-06-03 12:01 - 2014-03-02 13:59 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 10:20 - 2009-07-14 06:34 - 00015776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 10:20 - 2009-07-14 06:34 - 00015776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 10:13 - 2014-11-09 21:41 - 00000000 ___RD () C:\Users\Stephanie\Google Drive
2015-06-03 10:13 - 2014-04-15 22:44 - 00000000 ___RD () C:\Users\Stephanie\Dropbox
2015-06-03 10:13 - 2014-04-15 22:24 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Dropbox
2015-06-03 10:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-03 10:10 - 2009-07-14 06:39 - 00069866 _____ () C:\Windows\setupact.log
2015-06-02 21:18 - 2014-06-07 22:38 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000Core.job
2015-06-01 20:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-06-01 13:45 - 2014-11-09 23:03 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\KeePass
2015-05-30 22:04 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-26 09:10 - 2014-03-02 14:00 - 00002128 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-25 23:19 - 2014-11-09 21:35 - 00008414 _____ () C:\Users\Stephanie\Documents\WM.kdbx
2015-05-24 21:42 - 2014-03-01 22:33 - 00000000 ____D () C:\ProgramData\lenovo
2015-05-22 12:00 - 2014-11-20 11:04 - 00000000 ____D () C:\Users\Stephanie\Documents\Nachahmer
2015-05-22 11:49 - 2014-03-02 22:35 - 00000000 ____D () C:\Users\Stephanie\Documents\Marketing
2015-05-21 16:34 - 2015-03-02 22:51 - 00000000 ____D () C:\Users\Stephanie\Documents\Katharina Klett
2015-05-21 10:22 - 2014-03-01 22:21 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 11:03 - 2014-06-02 21:29 - 00000000 ____D () C:\Users\Stephanie\Documents\Wholesale
2015-05-19 07:58 - 2009-07-14 06:33 - 00444952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 22:54 - 2014-03-01 22:35 - 00120856 _____ () C:\Users\Stephanie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-18 13:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-05-17 19:56 - 2014-03-02 13:59 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-13 21:41 - 2014-03-02 23:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 17:33 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 09:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-13 08:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-12 23:14 - 2014-03-02 15:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 23:04 - 2014-03-02 15:11 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-11 08:33 - 2014-08-28 21:49 - 00000376 _____ () C:\Users\Stephanie\AppData\Roamingprivacy.xml
2015-05-10 20:55 - 2014-11-09 21:40 - 00002007 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-10 20:55 - 2014-11-09 21:40 - 00002005 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-10 20:55 - 2014-11-09 21:40 - 00001995 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-10 20:55 - 2014-11-09 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-07 21:23 - 2014-04-15 22:44 - 00001035 _____ () C:\Users\Stephanie\Desktop\Dropbox.lnk
2015-05-07 21:23 - 2014-04-15 22:27 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-04 10:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\LiveKernelReports

==================== Files in the root of some directories =======

2015-01-09 19:53 - 2015-01-09 19:53 - 0000600 _____ () C:\Users\Stephanie\AppData\Local\PUTTY.RND
2014-03-02 14:58 - 2014-03-02 14:58 - 0685822 _____ () C:\ProgramData\1393764630.bdinstall.bin

Some files in TEMP:
====================
C:\Users\Stephanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpau6x2v.dll
C:\Users\Stephanie\AppData\Local\Temp\tidy_de.exe
C:\Users\Stephanie\AppData\Local\Temp\tidy_en.exe
C:\Users\Stephanie\AppData\Local\Temp\ydkgkeyj.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-27 10:11

==================== End of log ============================
--- --- ---


und hier die addition:FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Stephanie at 2015-06-03 12:25:02
Running from C:\Users\Stephanie\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4222683380-241142296-947392436-500 - Administrator - Disabled)
Gast (S-1-5-21-4222683380-241142296-947392436-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4222683380-241142296-947392436-1002 - Limited - Enabled)
Stephanie (S-1-5-21-4222683380-241142296-947392436-1000 - Administrator - Enabled) => C:\Users\Stephanie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
ASEOPS 9 (HKLM\...\{C9748E91-BA62-44D0-A779-24B3D29F5609}_is1) (Version: 9.0.1 - AceBIT)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.26.0.1106 - Bitdefender)
Brother P-touch Address Book 1.1 (HKLM\...\InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.100 - Brother Industries, Ltd.)
Brother P-touch Address Book 1.1 (Version: 1.1.100 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.1 (HKLM\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0200 - Brother Industries, Ltd.)
Brother QL-Series Software User's Guide (HKLM\...\InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}) (Version: 1.00.0000 - Brother Industries, Ltd.)
Brother QL-Series Software User's Guide (Version: 1.00.0000 - Brother Industries, Ltd.) Hidden
Dropbox (HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.2 - Lenovo Group Limited)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
FileSync (HKLM\...\{8E2C6AAA-9E6D-4AC4-A2E6-7696EEA4BD5D}) (Version: 1.14.8.0 - FileSync)
FileZilla Client 3.9.0.1 (HKLM\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
KeePass Password Safe 2.28 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Lenovo Patch Utility (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0008 - Lenovo)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
Tinypic 3.18 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
W-Fragen Tool (HKLM\...\W-Fragen Tool) (Version: 2.2.0 - SEARCH ONE)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

23-05-2015 22:15:45 Geplanter Prüfpunkt
01-06-2015 10:50:44 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {189DCB53-905E-418E-9BFF-A99AE2AB2644} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {1B197E5A-7D8F-4B98-A5E7-73DF573B8C41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000Core => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-07] (Google Inc.)
Task: {56B27DAB-65B0-4F3E-8A57-7A63853729EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {59A50AD5-F3CE-41E5-B3FE-1A50A0A863BB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CD748277-46A0-4BF9-BD31-3F9CB0087EE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {D7FC16FB-80E4-46A1-A3DB-E5F43664B7E5} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2014-02-14] ()
Task: {DBBE7084-7E25-4978-97DE-FDB86CAB6FE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000UA => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-07] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000Core.job => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000UA.job => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-14 09:52 - 2014-11-14 09:52 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-11-14 09:53 - 2014-11-14 09:53 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-03-02 14:56 - 2011-11-14 20:17 - 00132176 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-11-14 09:53 - 2014-11-14 09:53 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2015-05-07 11:55 - 2015-05-07 11:55 - 00682736 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00242_014\ashttpbr.mdl
2015-05-07 11:55 - 2015-05-07 11:55 - 00603432 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00242_014\ashttpdsp.mdl
2015-05-07 11:55 - 2015-05-07 11:55 - 02207112 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00242_014\ashttpph.mdl
2015-05-07 11:55 - 2015-05-07 11:55 - 01131304 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00242_014\ashttprbl.mdl
2014-03-01 23:03 - 2013-12-09 07:04 - 00108032 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2014-07-22 11:01 - 2014-07-22 11:01 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2013-11-22 00:47 - 2013-11-22 00:47 - 00157352 _____ () C:\Program Files\FileSync\VSSService.exe
2014-03-02 14:56 - 2013-03-25 16:16 - 00919136 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-03-02 14:56 - 2014-11-14 09:45 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2013-11-22 00:43 - 2013-11-22 00:43 - 00932864 _____ () C:\Program Files\FileSync\Localisation.dll
2011-07-28 16:20 - 2011-07-28 16:20 - 00270336 _____ () C:\Program Files\FileSync\AlphaFS.dll
2013-11-22 00:47 - 2013-11-22 00:47 - 00068776 _____ () C:\Program Files\FileSync\Native.dll
2015-02-13 13:15 - 2015-02-13 13:15 - 03219456 _____ () C:\Users\Stephanie\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2015-06-03 10:12 - 2015-06-03 10:12 - 00043008 _____ () c:\Users\Stephanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpau6x2v.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-26 09:10 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 09:10 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-06-03 10:11 - 2015-06-03 10:11 - 00098816 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32api.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00110080 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\pywintypes27.dll
2015-06-03 10:11 - 2015-06-03 10:11 - 00364544 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\pythoncom27.dll
2015-06-03 10:11 - 2015-06-03 10:11 - 00045568 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_socket.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 01161216 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_ssl.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00320512 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32com.shell.shell.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00713216 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_hashlib.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 01175040 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._core_.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00805888 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._gdi_.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00811008 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._windows_.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 01062400 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._controls_.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00735232 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._misc_.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00682496 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\pysqlite2._sqlite.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00128512 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_elementtree.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00127488 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\pyexpat.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00087552 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_ctypes.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00119808 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32file.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00108544 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32security.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00007168 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\hashobjs_ext.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00017408 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\usb_ext.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00167936 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32gui.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00018432 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32event.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00013824 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\common.time34.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00036864 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_psutil_windows.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00038912 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32inet.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00011264 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32crypt.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00070656 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._html2.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00027136 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_multiprocessing.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00020480 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_yappi.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00035840 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32process.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00686080 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\unicodedata.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00122368 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._wizard.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00024064 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32pipe.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00010240 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\select.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00025600 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32pdh.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00525640 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\windows._lib_cacheinvalidation.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00017408 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32profile.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00022528 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32ts.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00078336 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._animate.pyd
2006-10-26 22:30 - 2006-10-26 22:30 - 00065312 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2006-10-27 16:35 - 2006-10-27 16:35 - 00436512 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2006-10-27 16:16 - 2006-10-27 16:16 - 00138512 _____ () C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL
2006-10-26 14:56 - 2006-10-26 14:56 - 00757008 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-02-02 15:36 - 2015-02-02 15:36 - 00430368 _____ () C:\Program Files\Bitdefender\Bitdefender\bdidntconp.dll
2014-03-02 14:56 - 2014-11-14 09:45 - 00203264 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\bdidntconp.ui
2015-05-26 09:10 - 2015-05-22 22:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Stephanie\Downloads\aseops9.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\bitdefender_isecurity.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (1).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (10).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (11).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (12).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (13).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (2).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (3).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (4).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (5).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (6).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (7).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (8).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (9).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\epson328532eu.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\epson373086eu (1).EXE:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\epson373086eu.EXE:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\epson377777eu.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\FileZilla_3.9.0.1_win32-setup.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\Firefox Setup Stub 31.0.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\googledrivesync.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\install_reader11_de_mssd_aaa_aih.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\KeePass-2.28-Setup.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\LAN_SpeedTest (1).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\LAN_SpeedTest.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\pew51020ger (1).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\pew51020ger.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\picasa39-setup.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\qd500w550bger.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\SaveAsPDFandXPS.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\SkypeSetupFull.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\TeamViewerQS_de.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\TeamViewer_Setup_de (1).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\TeamViewer_Setup_de.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\TinyPic - CHIP-Installer.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\w-fragen-installer.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\Windows-Setup.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Documents\windelmanufaktur (1):com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4222683380-241142296-947392436-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{22D9573D-36EA-4E3F-9E3F-FFEF0C3FEC91}] => (Allow) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FFF9485D-57B2-4F00-9227-357047BF4CAD}] => (Allow) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{35883BA5-594A-4553-AAEA-BE97EB766A9F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6C89A0E7-883A-45D7-91A1-EC5810090507}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1BFB9EFC-E3CA-42AC-85A9-A60B2325F03F}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1D57DDB5-60B0-481E-9C6B-9E0C56D41486}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2A399096-5623-43D4-BE0E-845DA56E1A8D}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0901EC7A-5C21-45FC-99B1-E3937D2DC404}] => (Allow) C:\Program Files\Lenovo\System Update\UNCServer.exe
FirewallRules: [{88757049-8050-4B38-8AAB-6B611DDD5DCA}] => (Allow) C:\Program Files\Lenovo\System Update\UNCServer.exe
FirewallRules: [{A72F529C-3444-4A13-A681-0107A2210241}] => (Allow) C:\Program Files\Lenovo\System Update\UNCServer.exe
FirewallRules: [{10EC529D-869C-41E0-99A5-55647EDEABB7}] => (Allow) C:\Program Files\Lenovo\System Update\UNCServer.exe
FirewallRules: [{1A0E0449-FA38-4B0D-B17B-5A16EB200817}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 11:39:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {dbc849dd-e6f5-45ef-9962-190448b205c1}

Error: (06/03/2015 10:11:40 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {dbc849dd-e6f5-45ef-9962-190448b205c1}

Error: (06/02/2015 09:56:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {4d56271e-fbec-4b06-8434-28b1adab65df}

Error: (06/02/2015 08:29:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {4d56271e-fbec-4b06-8434-28b1adab65df}

Error: (06/02/2015 02:01:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {bfa5bcc9-d6b0-44d3-8a22-13a6b590ae2b}

Error: (06/02/2015 11:37:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {bfa5bcc9-d6b0-44d3-8a22-13a6b590ae2b}

Error: (06/02/2015 10:19:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {bfa5bcc9-d6b0-44d3-8a22-13a6b590ae2b}

Error: (06/01/2015 08:51:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {96b37cee-0717-4e56-ae7f-0efdf19fe5d2}

Error: (06/01/2015 01:37:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {ab41f9d2-d87c-4a18-ba3f-d138ccf78c29}

Error: (06/01/2015 00:31:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {ab41f9d2-d87c-4a18-ba3f-d138ccf78c29}


System errors:
=============
Error: (06/03/2015 00:08:28 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:38:25 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:29:25 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:26:24 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:17:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:14:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:11:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:08:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:05:22 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 10:56:21 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office:
=========================
Error: (04/22/2015 04:12:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27450 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (04/07/2015 10:19:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/07/2015 10:17:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2170 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (04/06/2015 10:26:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5872 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (02/20/2015 10:06:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 473 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (02/09/2015 09:58:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 701 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (01/29/2015 00:02:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 272 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/23/2015 00:27:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 59 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/29/2014 10:48:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 664 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (10/20/2014 11:10:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4517 seconds with 2400 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 86%
Total physical RAM: 3032.03 MB
Available physical RAM: 413.74 MB
Total Pagefile: 6062.35 MB
Available Pagefile: 2531.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.04 MB

==================== Drives ================================

Drive c: (Preload) (Fixed) (Total:143.93 GB) (Free:50.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1669C708)
Partition 1: (Active) - (Size=143.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5.1 GB) - (Type=12)

==================== End of log ============================
--- --- ---

--- --- ---

schrauber 04.06.2015 09:51
hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:22 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129