DHL Mail - Link geöffnet :-(

wima · 03.06.2015, 10:53

Hallo Ihr,
ich war so doof auf den Link in der dhl-Mail zu klicken.
Meine Hand war schneller als der Kopf, da ich ein Paket erwarte.

Ohje, was nun?

Der Link führt mich hierhier: hxxp://qod-shop.de/cli/Y37fCFrEbBh

Ich mache gerade einen Virenscan.

schrauber · 03.06.2015, 11:09

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

wima · 03.06.2015, 11:35

hier die frst.txt
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Stephanie (administrator) on MATRIX on 03-06-2015 12:22:17
Running from C:\Users\Stephanie\Downloads
Loaded Profiles: Stephanie (Available Profiles: Stephanie)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\FileSync\VSSService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(FileSync) C:\Program Files\FileSync\OpenAccess.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE
(Google Inc.) C:\Users\Stephanie\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TARNHTU.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TARNHTU.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\odscanui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dominik Reichl) C:\Program Files\KeePass Password Safe 2\KeePass.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [342360 2013-11-29] (Lenovo.)
HKLM\...\Run: [PWMTRV] => rundll32 "C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL",PwrMgrBkGndMonitor
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1918176 2015-02-02] (Bitdefender)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2015-02-02] (Bitdefender)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-11-14] (Bitdefender)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Livedrive] => C:\Program Files\FileSync\OpenAccess.exe [1588904 2013-11-22] (FileSync)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE [220800 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Google Update] => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-07] (Google Inc.)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [Google+ Auto Backup] => C:\Users\Stephanie\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Run: [GoogleChromeAutoLaunch_15A09AB4B2860ED1D468C1D57628C0D5] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2015-02-02] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-11-14] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-02] (Microsoft Corporation)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BackupOverlay] -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files\FileSync\Extensions.dll [2013-11-22] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files\FileSync\Extensions.dll [2013-11-22] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files\FileSync\Extensions.dll [2013-11-22] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files\FileSync\Extensions.dll [2013-11-22] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files\FileSync\Extensions.dll [2013-11-22] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4222683380-241142296-947392436-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-4222683380-241142296-947392436-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKU\S-1-5-21-4222683380-241142296-947392436-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
SearchScopes: HKU\S-1-5-21-4222683380-241142296-947392436-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-11-14] (Bitdefender)
BHO: BrowserHelper Class -> {EDF48A39-1442-463F-9F4E-F376A78D034A} -> C:\Program Files\FileSync\ExplorerExtensions.dll [2013-11-22] (Livedrive Internet Ltd)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\2wrw8mii.default
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4222683380-241142296-947392436-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4222683380-241142296-947392436-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman [2014-03-02]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-02]

Chrome: 
=======
CHR Profile: C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-09-12]
CHR Extension: (Google Docs) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-02]
CHR Extension: (Google Drive) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-02]
CHR Extension: (QuickPin) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhogoimaoahmedeeahleijnpljdbammj [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
CHR Extension: (Google Search) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
CHR Extension: (Bookmark Manager) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Pin It Button) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-05-24]
CHR Extension: (Pinterest Image Expander) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjfcepcgakkhodjinacolfaeimnedbg [2014-05-24]
CHR Extension: (Pixlr Touch Up) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2015-01-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR Extension: (Page Monitor) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-07-21]
CHR Extension: (Gmail) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]
CHR HKLM\...\Chrome\Extension: [-4222683380-241142296-947392436-1000] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2015-02-02]
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2015-02-02]
CHR HKU\S-1-5-21-4222683380-241142296-947392436-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-11-14] (Bitdefender)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-25] (SEIKO EPSON CORPORATION)
R2 FileSyncVSSService; C:\Program Files\FileSync\VSSService.exe [157352 2013-11-22] ()
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [110128 2014-05-27] (Lenovo Group Limited)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664856 2013-12-09] (Lenovo Group Limited)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [24120 2014-02-14] ()
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [116208 2014-06-10] (Lenovo Group Limited)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-11-14] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1302784 2015-02-02] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1073160 2015-02-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [528248 2014-11-14] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-27] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299144 2012-11-10] (EldoS Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [408280 2015-02-02] (BitDefender S.R.L.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 12:22 - 2015-06-03 12:24 - 00019493 _____ () C:\Users\Stephanie\Downloads\FRST.txt
2015-06-03 12:21 - 2015-06-03 12:22 - 00000000 ____D () C:\FRST
2015-06-03 12:21 - 2015-06-03 12:21 - 01147392 _____ (Farbar) C:\Users\Stephanie\Downloads\FRST.exe
2015-05-22 12:44 - 2015-05-22 12:45 - 00149896 _____ () C:\Windows\Minidump\052215-17940-01.dmp
2015-05-22 12:44 - 2015-05-22 12:44 - 236522717 _____ () C:\Windows\MEMORY.DMP
2015-05-22 12:44 - 2015-05-22 12:44 - 00000000 ____D () C:\Windows\Minidump
2015-05-18 22:25 - 2015-05-18 22:25 - 00030731 _____ () C:\Users\Stephanie\Downloads\pacifico (1).zip
2015-05-18 22:21 - 2015-05-18 22:21 - 00000000 ____D () C:\Users\Stephanie\Downloads\pacifico
2015-05-18 22:20 - 2015-05-18 22:20 - 00083451 _____ () C:\Users\Stephanie\Downloads\pacifico.zip
2015-05-12 23:14 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 20:24 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 20:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 20:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 20:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 20:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 20:24 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 20:24 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 20:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 20:24 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 20:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 20:24 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 20:24 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 20:24 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 20:24 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 20:24 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 20:24 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 20:24 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 20:24 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 20:24 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 20:24 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 20:24 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 20:24 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 20:24 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 20:24 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 20:23 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 20:23 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 20:23 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 20:23 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 20:23 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 20:23 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 20:23 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 20:23 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 20:23 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 20:23 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 20:23 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 20:23 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 20:23 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 20:23 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 20:23 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 20:23 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 20:23 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 20:23 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 20:23 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 20:23 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 20:23 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 20:23 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 20:23 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 20:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 20:23 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 20:23 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 12:18 - 2014-06-07 22:38 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000UA.job
2015-06-03 12:13 - 2014-03-01 22:11 - 01360750 _____ () C:\Windows\WindowsUpdate.log
2015-06-03 12:01 - 2014-03-02 13:59 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 10:20 - 2009-07-14 06:34 - 00015776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 10:20 - 2009-07-14 06:34 - 00015776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 10:13 - 2014-11-09 21:41 - 00000000 ___RD () C:\Users\Stephanie\Google Drive
2015-06-03 10:13 - 2014-04-15 22:44 - 00000000 ___RD () C:\Users\Stephanie\Dropbox
2015-06-03 10:13 - 2014-04-15 22:24 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Dropbox
2015-06-03 10:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-03 10:10 - 2009-07-14 06:39 - 00069866 _____ () C:\Windows\setupact.log
2015-06-02 21:18 - 2014-06-07 22:38 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000Core.job
2015-06-01 20:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-06-01 13:45 - 2014-11-09 23:03 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\KeePass
2015-05-30 22:04 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-26 09:10 - 2014-03-02 14:00 - 00002128 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-25 23:19 - 2014-11-09 21:35 - 00008414 _____ () C:\Users\Stephanie\Documents\WM.kdbx
2015-05-24 21:42 - 2014-03-01 22:33 - 00000000 ____D () C:\ProgramData\lenovo
2015-05-22 12:00 - 2014-11-20 11:04 - 00000000 ____D () C:\Users\Stephanie\Documents\Nachahmer
2015-05-22 11:49 - 2014-03-02 22:35 - 00000000 ____D () C:\Users\Stephanie\Documents\Marketing
2015-05-21 16:34 - 2015-03-02 22:51 - 00000000 ____D () C:\Users\Stephanie\Documents\Katharina Klett
2015-05-21 10:22 - 2014-03-01 22:21 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 11:03 - 2014-06-02 21:29 - 00000000 ____D () C:\Users\Stephanie\Documents\Wholesale
2015-05-19 07:58 - 2009-07-14 06:33 - 00444952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 22:54 - 2014-03-01 22:35 - 00120856 _____ () C:\Users\Stephanie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-18 13:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-05-17 19:56 - 2014-03-02 13:59 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-13 21:41 - 2014-03-02 23:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 17:33 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 09:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-13 08:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-12 23:14 - 2014-03-02 15:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 23:04 - 2014-03-02 15:11 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-11 08:33 - 2014-08-28 21:49 - 00000376 _____ () C:\Users\Stephanie\AppData\Roamingprivacy.xml
2015-05-10 20:55 - 2014-11-09 21:40 - 00002007 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-10 20:55 - 2014-11-09 21:40 - 00002005 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-10 20:55 - 2014-11-09 21:40 - 00001995 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-10 20:55 - 2014-11-09 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-07 21:23 - 2014-04-15 22:44 - 00001035 _____ () C:\Users\Stephanie\Desktop\Dropbox.lnk
2015-05-07 21:23 - 2014-04-15 22:27 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-04 10:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\LiveKernelReports

==================== Files in the root of some directories =======

2015-01-09 19:53 - 2015-01-09 19:53 - 0000600 _____ () C:\Users\Stephanie\AppData\Local\PUTTY.RND
2014-03-02 14:58 - 2014-03-02 14:58 - 0685822 _____ () C:\ProgramData\1393764630.bdinstall.bin

Some files in TEMP:
====================
C:\Users\Stephanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpau6x2v.dll
C:\Users\Stephanie\AppData\Local\Temp\tidy_de.exe
C:\Users\Stephanie\AppData\Local\Temp\tidy_en.exe
C:\Users\Stephanie\AppData\Local\Temp\ydkgkeyj.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-27 10:11

==================== End of log ============================

--- --- ---

und hier die addition:FRST Additions Logfile:
[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Stephanie at 2015-06-03 12:25:02
Running from C:\Users\Stephanie\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4222683380-241142296-947392436-500 - Administrator - Disabled)
Gast (S-1-5-21-4222683380-241142296-947392436-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4222683380-241142296-947392436-1002 - Limited - Enabled)
Stephanie (S-1-5-21-4222683380-241142296-947392436-1000 - Administrator - Enabled) => C:\Users\Stephanie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
ASEOPS 9 (HKLM\...\{C9748E91-BA62-44D0-A779-24B3D29F5609}_is1) (Version: 9.0.1 - AceBIT)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.26.0.1106 - Bitdefender)
Brother P-touch Address Book 1.1 (HKLM\...\InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.100 - Brother Industries, Ltd.)
Brother P-touch Address Book 1.1 (Version: 1.1.100 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.1 (HKLM\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0200 - Brother Industries, Ltd.)
Brother QL-Series Software User's Guide (HKLM\...\InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}) (Version: 1.00.0000 - Brother Industries, Ltd.)
Brother QL-Series Software User's Guide (Version: 1.00.0000 - Brother Industries, Ltd.) Hidden
Dropbox (HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.2 - Lenovo Group Limited)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
FileSync (HKLM\...\{8E2C6AAA-9E6D-4AC4-A2E6-7696EEA4BD5D}) (Version: 1.14.8.0 - FileSync)
FileZilla Client 3.9.0.1 (HKLM\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-4222683380-241142296-947392436-1000\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
KeePass Password Safe 2.28 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Lenovo Patch Utility (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0008 - Lenovo)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo)
Tinypic 3.18 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
W-Fragen Tool (HKLM\...\W-Fragen Tool) (Version: 2.2.0 - SEARCH ONE)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4222683380-241142296-947392436-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

23-05-2015 22:15:45 Geplanter Prüfpunkt
01-06-2015 10:50:44 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {189DCB53-905E-418E-9BFF-A99AE2AB2644} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {1B197E5A-7D8F-4B98-A5E7-73DF573B8C41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000Core => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-07] (Google Inc.)
Task: {56B27DAB-65B0-4F3E-8A57-7A63853729EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {59A50AD5-F3CE-41E5-B3FE-1A50A0A863BB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CD748277-46A0-4BF9-BD31-3F9CB0087EE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {D7FC16FB-80E4-46A1-A3DB-E5F43664B7E5} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2014-02-14] ()
Task: {DBBE7084-7E25-4978-97DE-FDB86CAB6FE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000UA => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-07] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000Core.job => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4222683380-241142296-947392436-1000UA.job => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-14 09:52 - 2014-11-14 09:52 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-11-14 09:53 - 2014-11-14 09:53 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-03-02 14:56 - 2011-11-14 20:17 - 00132176 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-11-14 09:53 - 2014-11-14 09:53 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2015-05-07 11:55 - 2015-05-07 11:55 - 00682736 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00242_014\ashttpbr.mdl
2015-05-07 11:55 - 2015-05-07 11:55 - 00603432 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00242_014\ashttpdsp.mdl
2015-05-07 11:55 - 2015-05-07 11:55 - 02207112 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00242_014\ashttpph.mdl
2015-05-07 11:55 - 2015-05-07 11:55 - 01131304 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00242_014\ashttprbl.mdl
2014-03-01 23:03 - 2013-12-09 07:04 - 00108032 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2014-07-22 11:01 - 2014-07-22 11:01 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2013-11-22 00:47 - 2013-11-22 00:47 - 00157352 _____ () C:\Program Files\FileSync\VSSService.exe
2014-03-02 14:56 - 2013-03-25 16:16 - 00919136 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-03-02 14:56 - 2014-11-14 09:45 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2013-11-22 00:43 - 2013-11-22 00:43 - 00932864 _____ () C:\Program Files\FileSync\Localisation.dll
2011-07-28 16:20 - 2011-07-28 16:20 - 00270336 _____ () C:\Program Files\FileSync\AlphaFS.dll
2013-11-22 00:47 - 2013-11-22 00:47 - 00068776 _____ () C:\Program Files\FileSync\Native.dll
2015-02-13 13:15 - 2015-02-13 13:15 - 03219456 _____ () C:\Users\Stephanie\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2015-06-03 10:12 - 2015-06-03 10:12 - 00043008 _____ () c:\Users\Stephanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpau6x2v.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-26 09:10 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 09:10 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-06-03 10:11 - 2015-06-03 10:11 - 00098816 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32api.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00110080 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\pywintypes27.dll
2015-06-03 10:11 - 2015-06-03 10:11 - 00364544 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\pythoncom27.dll
2015-06-03 10:11 - 2015-06-03 10:11 - 00045568 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_socket.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 01161216 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_ssl.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00320512 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32com.shell.shell.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00713216 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_hashlib.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 01175040 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._core_.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00805888 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._gdi_.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00811008 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._windows_.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 01062400 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._controls_.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00735232 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._misc_.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00682496 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\pysqlite2._sqlite.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00128512 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_elementtree.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00127488 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\pyexpat.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00087552 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_ctypes.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00119808 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32file.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00108544 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32security.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00007168 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\hashobjs_ext.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00017408 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\usb_ext.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00167936 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32gui.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00018432 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32event.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00013824 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\common.time34.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00036864 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_psutil_windows.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00038912 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32inet.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00011264 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32crypt.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00070656 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._html2.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00027136 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_multiprocessing.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00020480 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\_yappi.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00035840 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32process.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00686080 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\unicodedata.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00122368 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._wizard.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00024064 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32pipe.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00010240 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\select.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00025600 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32pdh.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00525640 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\windows._lib_cacheinvalidation.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00017408 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32profile.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00022528 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\win32ts.pyd
2015-06-03 10:11 - 2015-06-03 10:11 - 00078336 _____ () C:\Users\Stephanie\AppData\Local\Temp\_MEI26002\wx._animate.pyd
2006-10-26 22:30 - 2006-10-26 22:30 - 00065312 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2006-10-27 16:35 - 2006-10-27 16:35 - 00436512 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2006-10-27 16:16 - 2006-10-27 16:16 - 00138512 _____ () C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL
2006-10-26 14:56 - 2006-10-26 14:56 - 00757008 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-02-02 15:36 - 2015-02-02 15:36 - 00430368 _____ () C:\Program Files\Bitdefender\Bitdefender\bdidntconp.dll
2014-03-02 14:56 - 2014-11-14 09:45 - 00203264 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\bdidntconp.ui
2015-05-26 09:10 - 2015-05-22 22:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Stephanie\Downloads\aseops9.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\bitdefender_isecurity.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (1).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (10).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (11).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (12).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (13).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (2).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (3).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (4).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (5).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (6).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (7).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (8).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller (9).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\epson328532eu.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\epson373086eu (1).EXE:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\epson373086eu.EXE:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\epson377777eu.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\FileZilla_3.9.0.1_win32-setup.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\Firefox Setup Stub 31.0.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\googledrivesync.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\install_reader11_de_mssd_aaa_aih.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\KeePass-2.28-Setup.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\LAN_SpeedTest (1).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\LAN_SpeedTest.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\pew51020ger (1).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\pew51020ger.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\picasa39-setup.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\qd500w550bger.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\SaveAsPDFandXPS.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\SkypeSetupFull.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\TeamViewerQS_de.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\TeamViewer_Setup_de (1).exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\TeamViewer_Setup_de.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\TinyPic - CHIP-Installer.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\w-fragen-installer.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Downloads\Windows-Setup.exe:BDU
AlternateDataStreams: C:\Users\Stephanie\Documents\windelmanufaktur (1):com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4222683380-241142296-947392436-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{22D9573D-36EA-4E3F-9E3F-FFEF0C3FEC91}] => (Allow) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FFF9485D-57B2-4F00-9227-357047BF4CAD}] => (Allow) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{35883BA5-594A-4553-AAEA-BE97EB766A9F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6C89A0E7-883A-45D7-91A1-EC5810090507}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1BFB9EFC-E3CA-42AC-85A9-A60B2325F03F}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1D57DDB5-60B0-481E-9C6B-9E0C56D41486}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2A399096-5623-43D4-BE0E-845DA56E1A8D}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0901EC7A-5C21-45FC-99B1-E3937D2DC404}] => (Allow) C:\Program Files\Lenovo\System Update\UNCServer.exe
FirewallRules: [{88757049-8050-4B38-8AAB-6B611DDD5DCA}] => (Allow) C:\Program Files\Lenovo\System Update\UNCServer.exe
FirewallRules: [{A72F529C-3444-4A13-A681-0107A2210241}] => (Allow) C:\Program Files\Lenovo\System Update\UNCServer.exe
FirewallRules: [{10EC529D-869C-41E0-99A5-55647EDEABB7}] => (Allow) C:\Program Files\Lenovo\System Update\UNCServer.exe
FirewallRules: [{1A0E0449-FA38-4B0D-B17B-5A16EB200817}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 11:39:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {dbc849dd-e6f5-45ef-9962-190448b205c1}

Error: (06/03/2015 10:11:40 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {dbc849dd-e6f5-45ef-9962-190448b205c1}

Error: (06/02/2015 09:56:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {4d56271e-fbec-4b06-8434-28b1adab65df}

Error: (06/02/2015 08:29:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {4d56271e-fbec-4b06-8434-28b1adab65df}

Error: (06/02/2015 02:01:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {bfa5bcc9-d6b0-44d3-8a22-13a6b590ae2b}

Error: (06/02/2015 11:37:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {bfa5bcc9-d6b0-44d3-8a22-13a6b590ae2b}

Error: (06/02/2015 10:19:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {bfa5bcc9-d6b0-44d3-8a22-13a6b590ae2b}

Error: (06/01/2015 08:51:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {96b37cee-0717-4e56-ae7f-0efdf19fe5d2}

Error: (06/01/2015 01:37:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {ab41f9d2-d87c-4a18-ba3f-d138ccf78c29}

Error: (06/01/2015 00:31:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {ab41f9d2-d87c-4a18-ba3f-d138ccf78c29}


System errors:
=============
Error: (06/03/2015 00:08:28 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:38:25 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:29:25 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:26:24 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:17:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:14:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:11:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:08:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 11:05:22 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/03/2015 10:56:21 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{31D1573B-67B3-4F4D-B7DF-83B2DC0081-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office:
=========================
Error: (04/22/2015 04:12:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27450 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (04/07/2015 10:19:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/07/2015 10:17:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2170 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (04/06/2015 10:26:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5872 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (02/20/2015 10:06:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 473 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (02/09/2015 09:58:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 701 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (01/29/2015 00:02:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 272 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/23/2015 00:27:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 59 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/29/2014 10:48:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 664 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (10/20/2014 11:10:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4517 seconds with 2400 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 86%
Total physical RAM: 3032.03 MB
Available physical RAM: 413.74 MB
Total Pagefile: 6062.35 MB
Available Pagefile: 2531.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.04 MB

==================== Drives ================================

Drive c: (Preload) (Fixed) (Total:143.93 GB) (Free:50.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1669C708)
Partition 1: (Active) - (Size=143.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5.1 GB) - (Type=12)

==================== End of log ============================

--- --- ---

--- --- ---

schrauber · 04.06.2015, 09:51

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

DHL Mail - Link geöffnet :-(

Plagegeister aller Art und deren Bekämpfung: DHL Mail - Link geöffnet :-(