| Fenderbaum | 20.02.2015 21:03 |
Hoffe das passt so:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by CHH (administrator) on CHH-THINK on 20-02-2015 20:52:30
Running from C:\Users\CHH\Downloads
Loaded Profiles: CHH (Available profiles: CHH)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2565793784-2453713635-887743555-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2565793784-2453713635-887743555-1000\...\MountPoints2: {41991ef1-8757-11e1-9e40-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2565793784-2453713635-887743555-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2565793784-2453713635-887743555-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-2565793784-2453713635-887743555-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-2565793784-2453713635-887743555-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2565793784-2453713635-887743555-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2565793784-2453713635-887743555-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2565793784-2453713635-887743555-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deAT500
SearchScopes: HKU\S-1-5-21-2565793784-2453713635-887743555-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deAT500
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-2565793784-2453713635-887743555-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-20]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\CHH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CHH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]
CHR Extension: (Kaspersky Protection) - C:\Users\CHH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-20]
CHR Extension: (Google Wallet) - C:\Users\CHH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - No Path
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-12-20] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-12-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 20:52 - 2015-02-20 20:54 - 00021472 _____ () C:\Users\CHH\Downloads\FRST.txt
2015-02-20 20:52 - 2015-02-20 20:52 - 00000000 ____D () C:\FRST
2015-02-20 20:49 - 2015-02-20 20:50 - 02086912 _____ (Farbar) C:\Users\CHH\Downloads\FRST64.exe
2015-02-17 19:05 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 19:05 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 19:05 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 19:05 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-14 08:57 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-14 08:57 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 08:57 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-14 08:57 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 03:05 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-13 03:05 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-13 03:05 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-13 03:05 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-13 03:05 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-13 03:05 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-13 03:05 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-13 03:04 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 16:58 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 16:58 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 16:58 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 16:58 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 16:58 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 16:58 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 16:58 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 16:58 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 16:58 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 16:58 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 16:58 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 16:58 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 16:58 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 16:58 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 16:58 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 16:58 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 16:58 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 16:58 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 16:58 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 16:58 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 16:58 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 16:58 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 16:58 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 16:58 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 16:58 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 16:58 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 16:58 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 16:58 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 16:58 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 16:58 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 16:58 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 16:58 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 16:58 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 16:58 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 16:58 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 16:58 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 16:58 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 16:58 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 16:58 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 16:58 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 16:58 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 16:58 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 16:58 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 16:58 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 16:58 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 16:58 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 16:58 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 16:58 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 16:58 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 16:58 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 16:58 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 16:58 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 16:58 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 16:58 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 16:58 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 16:58 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 16:58 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 16:58 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 16:58 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 16:58 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 16:58 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 16:58 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 16:58 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 16:58 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 16:58 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 16:58 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 16:58 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 16:58 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 16:58 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 16:58 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 16:58 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 16:58 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 16:58 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 16:58 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 16:56 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 16:56 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 16:56 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 16:53 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 16:53 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 16:53 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 16:53 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 16:53 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 16:53 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 16:53 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 16:53 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 16:53 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 16:53 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 16:53 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 16:53 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 16:53 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 16:53 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 16:53 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 16:53 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 16:53 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 16:53 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 16:53 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 16:53 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 16:53 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 16:53 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 16:53 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 16:53 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 16:53 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 16:53 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 16:53 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 16:53 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 16:52 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 16:52 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-05 14:23 - 2015-02-05 14:23 - 00025288 _____ () C:\Users\CHH\Documents\Jahresplanung Aso 1 klasse.odt
2015-02-05 10:51 - 2015-02-05 10:51 - 06103040 _____ () C:\Program Files (x86)\GUTC067.tmp
2015-02-05 10:51 - 2015-02-05 10:51 - 00000000 ____D () C:\Program Files (x86)\GUMC066.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 20:54 - 2012-10-29 15:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-20 20:52 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 20:52 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 20:46 - 2015-01-07 20:17 - 02025679 _____ () C:\Windows\WindowsUpdate.log
2015-02-20 20:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-20 20:08 - 2012-04-16 01:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 20:01 - 2012-12-27 14:09 - 00000252 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2015-02-20 19:12 - 2015-01-05 19:19 - 00004368 _____ () C:\Windows\setupact.log
2015-02-20 19:04 - 2014-12-20 15:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-20 18:15 - 2012-04-16 01:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 18:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-19 15:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-14 12:32 - 2015-01-09 20:41 - 00028918 _____ () C:\Users\CHH\Documents\Vorbereitung Patrick 1a.odt
2015-02-14 08:19 - 2009-07-14 05:45 - 00320976 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 08:12 - 2014-12-21 07:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-14 08:12 - 2014-05-10 10:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 03:33 - 2013-08-23 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 03:08 - 2012-07-11 07:34 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 10:45 - 2012-10-29 15:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 10:45 - 2012-10-29 15:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 10:45 - 2012-10-29 15:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2014-02-16 08:06 - 2014-02-16 08:06 - 49940480 _____ () C:\Program Files (x86)\GUT27DF.tmp
2015-02-05 10:51 - 2015-02-05 10:51 - 6103040 _____ () C:\Program Files (x86)\GUTC067.tmp
2014-03-25 18:53 - 2014-12-25 11:54 - 0007596 _____ () C:\Users\CHH\AppData\Local\Resmon.ResmonCfg
2012-12-27 14:03 - 2012-12-27 14:03 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-20 20:32
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by CHH at 2015-02-20 20:55:50
Running from C:\Users\CHH\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-2565793784-2453713635-887743555-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{A44E788F-6294-8952-1571-27E41F42F59C}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.892-110914m-126879C-Lenovo - Advanced Micro Devices, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2000633086.48.56.13309170 - Audible, Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.82.27 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2100 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2565793784-2453713635-887743555-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2520 - HYBRIDWEB.de)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin TOPO Österreich v2 (HKLM-x32\...\{7AA38575-25A1-4C2F-B40B-2188EB73FF0E}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{07A8ED9E-B98E-437F-B750-241B412BE924}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HOFER Bestellsoftware 4.13.0 (HKLM-x32\...\HOFER Bestellsoftware) (Version: 4.13.0 - ORWO Net)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{D8057953-CCF0-48B3-B61D-762C580B2A10}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
INSTAR Camera Tool (HKLM-x32\...\{630473B5-3AA9-4477-B6DD-F9EA5BEEDD42}) (Version: 2.0.1.0 - INSTAR)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 1.6.0.4 - Suyin Optronics Corp.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.10 - Lenovo)
Lenovo Solution Center (HKLM\...\{828CE72E-718B-4FDC-A469-8DE674CE8C4D}) (Version: 1.0.006.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{AD130AB4-E88C-48F4-8353-B7395A4A82D1}) (Version: 3.2.0003.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
OSM generic routable(Hungary) (HKLM-x32\...\OSM generic routable(Hungary)) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.2.10687 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2565793784-2453713635-887743555-1000\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2100 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.64.00.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - AMD (amdsata) HDC (04/07/2010 1.2.001.197) (HKLM\...\3D5883D4EEEDE8214CC2E81FE1EDC4A8B4FCF5DB) (Version: 04/07/2010 1.2.001.197 - AMD)
Windows-Treiberpaket - AMD USB (03/30/2010 1.0.0.5) (HKLM\...\D38587A239DFF85877AA1BCAA58B37B5CF7A6AF5) (Version: 03/30/2010 1.0.0.5 - AMD)
Windows-Treiberpaket - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2565793784-2453713635-887743555-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\CHH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2565793784-2453713635-887743555-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2565793784-2453713635-887743555-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2565793784-2453713635-887743555-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2565793784-2453713635-887743555-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2565793784-2453713635-887743555-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2565793784-2453713635-887743555-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2565793784-2453713635-887743555-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2565793784-2453713635-887743555-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-01-2015 14:59:28 Windows Update
15-01-2015 03:01:13 Windows Update
20-01-2015 15:31:06 Windows Update
28-01-2015 14:38:17 Windows Update
05-02-2015 13:09:11 Windows Update
10-02-2015 15:29:05 Windows Update
13-02-2015 03:02:31 Windows Update
16-02-2015 03:01:59 Windows Update
18-02-2015 19:50:55 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {36918BD4-96CE-43B7-9FC0-1B6139C4E55E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {5502E5AB-BA50-4343-B136-C8F2074D19F0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7991C4F6-0F98-4B28-9720-79F7F9A69F72} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {7CF2E05B-5FFD-44C1-8DA3-C6ED0FF6EB35} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2013-02-05] (Lenovo)
Task: {A46DEB7E-9697-4F39-8BF2-13D9D845AC55} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {BEBDEBDB-FAF7-455A-ACBC-EF0F051EC382} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D5CA4228-1560-4FB4-BEB2-422B859D616F} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {E3BC9EC2-6A22-4894-A286-0DA745573B38} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {EBC36378-340A-49E4-871E-430FD2597FB5} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2013-02-05] (Lenovo)
Task: {F78BBEEC-5D42-435F-9C90-42BCB55AA5E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17] (Google Inc.)
Task: {FE916890-D905-4064-A808-D4B61FA000C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
==================== Loaded Modules (whitelisted) ==============
2011-06-08 22:57 - 2011-06-08 22:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-04-16 01:42 - 2011-08-31 19:03 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-01-28 15:17 - 2015-01-25 22:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-28 15:17 - 2015-01-25 22:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-28 15:17 - 2015-01-25 22:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2565793784-2453713635-887743555-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\CHH\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^CHH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^CHH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - .lnk => C:\Windows\pss\Tintenwarnungen überwachen - .lnk.Startup
MSCONFIG\startupfolder: C:^Users^CHH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\CHH\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28L1FG8Q05WK:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: Spotify => "C:\Users\CHH\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\CHH\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe
==================== Accounts: =============================
Administrator (S-1-5-21-2565793784-2453713635-887743555-500 - Administrator - Disabled)
CHH (S-1-5-21-2565793784-2453713635-887743555-1000 - Administrator - Enabled) => C:\Users\CHH
Gast (S-1-5-21-2565793784-2453713635-887743555-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2565793784-2453713635-887743555-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/20/2015 08:13:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 40.0.2214.93 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14f4
Startzeit: 01d04d3f9567a6f9
Endzeit: 103
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: 8fd08a19-b934-11e4-ad8d-402cf4dfc5cb
Error: (02/20/2015 08:01:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 40.0.2214.93 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 19a4
Startzeit: 01d04d3f42ce20d8
Endzeit: 19
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: c020d156-b932-11e4-ad8d-402cf4dfc5cb
Error: (02/20/2015 07:35:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17631 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1290
Startzeit: 01d04d3bbca100d9
Endzeit: 47
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (02/20/2015 07:33:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17631 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 19e4
Startzeit: 01d04d3b9afcc554
Endzeit: 47
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (02/20/2015 07:32:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17631 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1ac0
Startzeit: 01d04d3b57df265b
Endzeit: 47
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (02/20/2015 07:16:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.
Error: (02/20/2015 06:14:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/19/2015 03:06:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/16/2015 03:03:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "D:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (02/14/2015 08:19:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (02/20/2015 06:14:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/20/2015 06:13:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.02.2015 um 18:11:07 unerwartet heruntergefahren.
Error: (02/20/2015 10:29:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WinDefend erreicht.
Error: (02/20/2015 10:29:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TPHKSVC erreicht.
Error: (02/20/2015 10:29:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (02/19/2015 03:05:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/18/2015 07:49:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (02/16/2015 02:28:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SDRSVC erreicht.
Error: (02/16/2015 02:28:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TPHKSVC erreicht.
Error: (02/16/2015 02:28:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SDRSVC erreicht.
Microsoft Office Sessions:
=========================
Error: (02/20/2015 08:13:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.9314f401d04d3f9567a6f9103C:\Program Files (x86)\Google\Chrome\Application\chrome.exe8fd08a19-b934-11e4-ad8d-402cf4dfc5cb
Error: (02/20/2015 08:01:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.9319a401d04d3f42ce20d819C:\Program Files (x86)\Google\Chrome\Application\chrome.exec020d156-b932-11e4-ad8d-402cf4dfc5cb
Error: (02/20/2015 07:35:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17631129001d04d3bbca100d947C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (02/20/2015 07:33:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1763119e401d04d3b9afcc55447C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (02/20/2015 07:32:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.176311ac001d04d3b57df265b47C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (02/20/2015 07:16:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
Error: (02/20/2015 06:14:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/19/2015 03:06:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/16/2015 03:03:22 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: D:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (02/14/2015 08:19:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2015-02-16 15:11:59.533
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-16 15:11:59.332
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-22 12:41:51.215
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-22 12:41:51.152
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 77%
Total physical RAM: 1638.67 MB
Available physical RAM: 368.04 MB
Total Pagefile: 7138.67 MB
Available Pagefile: 5116.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:271.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:3.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CFC9B7E0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: 
