bastifantast | 16.01.2015 14:26 | FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by x (administrator) on X-THINK on 16-01-2015 14:17:17
Running from C:\Users\x\Downloads
Loaded Profiles: x (Available profiles: x)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(SIEMENS AG) C:\Program Files (x86)\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(SIEMENS AG) C:\Program Files (x86)\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Common Files\Siemens\SQLANY\dbsrv9.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SIEMENS AG) C:\Program Files (x86)\Siemens\Step7\S7BIN\s7hspsvx.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7epasrv64x.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\pniomgr.exe
(SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2009-12-11] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [S7UB Start] => C:\Program Files (x86)\Common Files\Siemens\S7ubtoox\s7ubtstx.exe [102453 2010-06-03] (SIEMENS AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\Run: [Personal ID] => C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2014-07-05] (coolspot AG, Düsseldorf)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {931BC5E7-4222-4C37-8C7B-5B13E65BBEB4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM-x32 -> {6DB94B0A-C3BF-413E-A0D0-FF8C210C7D58} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004 -> {998432D3-902D-4E81-AFDB-0DA7EC43EFD0} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\fqkiMcMH.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\fqkiMcMH.default\extensions\abs@avira.com [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\x\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-13]
CHR Extension: (YouTube) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-13]
CHR Extension: (Adblock Plus) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-13]
CHR Extension: (Google-Suche) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-13]
CHR Extension: (Avira Browserschutz) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-13]
CHR Extension: (Click&Clean) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-01-13]
CHR Extension: (Google Wallet) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR Extension: (Google Mail) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 almservice; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [1542792 2011-10-28] (SIEMENS AG) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-06-24] (Lenovo.)
S3 EPLAN Client Service; C:\Program Files\EPLAN\Common\EClientService.exe [549800 2014-03-03] (EPLAN Software & Service GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSSQL$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 MSSQL$PCOMMERCIAL_1; C:\Program Files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S4 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6807656 2009-10-27] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [331512 2009-12-08] (QUALCOMM, Inc.)
R2 s7hspsvx; C:\Program Files (x86)\Siemens\Step7\s7bin\s7hspsvx.exe [61493 2011-10-31] (SIEMENS AG) [File not signed]
R2 s7oiehsx64; C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [139864 2011-11-03] (SIEMENS AG)
R2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe [229976 2011-11-03] (SIEMENS AG)
S4 SQLAgent$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S4 SQLAgent$PCOMMERCIAL_1; C:\Program Files\Microsoft SQL Server\MSSQL10.PCOMMERCIAL_1\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 dpmconv; C:\Windows\System32\DRIVERS\dpmconv.sys [259072 2011-04-19] (SIEMENS AG)
S3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2009-12-08] (QUALCOMM Incorporated)
S3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [240640 2009-12-08] (QUALCOMM Incorporated)
S3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [121216 2009-12-08] (QUALCOMM Incorporated)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
R3 s7odpx2x64; C:\Windows\System32\DRIVERS\s7odpx2x64.sys [71168 2011-10-20] (SIEMENS AG)
R3 s7oppinx64; C:\Windows\System32\DRIVERS\s7oppinx64.sys [107520 2011-10-20] (SIEMENS AG)
R3 s7oserix64; C:\Windows\System32\Drivers\s7oserix64.sys [121344 2011-05-06] (SIEMENS AG)
R3 s7osmcax64; C:\Windows\System32\DRIVERS\s7osmcax64.sys [195584 2011-09-29] (SIEMENS AG)
R3 s7osobux64; C:\Windows\System32\DRIVERS\s7osobux64.sys [152576 2011-05-06] (SIEMENS AG)
R3 s7otmcd64x; C:\Windows\System32\Drivers\s7otmcd64x.sys [199680 2011-05-06] (SIEMENS AG)
R3 s7otranx64; C:\Windows\System32\DRIVERS\s7otranx64.sys [260096 2011-05-06] (SIEMENS AG)
R3 s7otsadx64; C:\Windows\System32\DRIVERS\s7otsadx64.sys [192000 2011-09-29] (SIEMENS AG)
S3 s7oupc2x64; C:\Windows\System32\DRIVERS\s7oupc2x64.sys [28672 2011-09-29] (SIEMENS AG) [File not signed]
R2 s7ousbu64x; C:\Windows\System32\DRIVERS\s7ousbu64x.sys [193024 2011-09-29] (SIEMENS AG)
R2 s7sn2srtx; C:\Windows\System32\DRIVERS\s7sn2srtx.sys [83032 2011-06-16] (SIEMENS AG)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R2 SNTIE; C:\Windows\System32\DRIVERS\sntie.sys [179288 2011-10-11] (SIEMENS AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vsnl2ada; C:\Windows\System32\DRIVERS\vsnl2ada.sys [120832 2011-04-19] (SIEMENS AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-16 14:17 - 2015-01-16 14:17 - 00000000 ____D () C:\Users\x\Downloads\FRST-OlderVersion
2015-01-15 19:29 - 2015-01-15 18:56 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-15 18:57 - 2015-01-15 19:32 - 00021020 _____ () C:\zoek-results.log
2015-01-15 18:56 - 2015-01-15 19:22 - 00000000 ____D () C:\zoek_backup
2015-01-15 18:53 - 2015-01-15 18:53 - 00003322 _____ () C:\Users\x\Desktop\a.txt
2015-01-15 18:20 - 2015-01-15 18:21 - 01295360 _____ () C:\Users\x\Downloads\zoek.exe
2015-01-15 18:15 - 2015-01-16 14:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 18:15 - 2015-01-15 18:15 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-15 18:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-15 18:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-15 18:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 18:13 - 2015-01-15 18:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 21:16 - 2015-01-14 21:16 - 00044699 _____ () C:\ComboFix.txt
2015-01-14 20:04 - 2015-01-14 20:04 - 05609736 ____R (Swearware) C:\Users\x\Desktop\ComboFix.exe
2015-01-14 18:47 - 2015-01-14 21:16 - 00000000 ____D () C:\Qoobox
2015-01-14 18:47 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-14 18:47 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-14 18:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-14 18:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-14 18:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-14 18:47 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-14 18:47 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-14 18:47 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-14 18:46 - 2015-01-14 21:12 - 00000000 ____D () C:\Windows\erdnt
2015-01-14 18:05 - 2015-01-14 18:05 - 00044369 _____ () C:\Users\x\Downloads\Addition.txt
2015-01-14 18:04 - 2015-01-16 14:17 - 00025739 _____ () C:\Users\x\Downloads\FRST.txt
2015-01-14 18:03 - 2015-01-16 14:17 - 02125312 _____ (Farbar) C:\Users\x\Downloads\FRST64.exe
2015-01-14 18:03 - 2015-01-16 14:17 - 00000000 ____D () C:\FRST
2015-01-14 17:02 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:02 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:02 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:02 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 17:02 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 17:02 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 17:02 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:02 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:02 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 17:02 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:02 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:02 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 17:02 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 16:57 - 2015-01-14 16:57 - 02191360 _____ () C:\Users\x\Downloads\AdwCleaner_4.107 (1).exe
2015-01-13 19:34 - 2015-01-13 19:34 - 00000000 ____D () C:\Users\x\Documents\ProcAlyzer Dumps
2015-01-13 19:31 - 2015-01-13 19:31 - 00000340 _____ () C:\Users\x\Downloads\ClickClean-v8.4-Options.json
2015-01-13 18:56 - 2015-01-13 18:57 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\x\Downloads\spybot-2.4.exe
2015-01-13 18:51 - 2015-01-13 18:51 - 00000000 ____D () C:\Users\x\AppData\Roaming\ProductData
2015-01-13 18:50 - 2015-01-13 18:51 - 00000000 ____D () C:\ProgramData\IObit
2015-01-13 18:49 - 2015-01-13 18:50 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-13 18:49 - 2015-01-13 18:49 - 00000000 ____D () C:\Users\x\AppData\Roaming\IObit
2015-01-13 18:48 - 2015-01-13 18:49 - 17086240 _____ (IObit) C:\Users\x\Downloads\iobituninstaller41.exe
2015-01-13 18:46 - 2015-01-13 18:49 - 132469808 _____ (AVAST Software) C:\Users\x\Downloads\avast_free_antivirus_setup_10.2208.712 (1).exe
2015-01-13 18:40 - 2015-01-13 18:40 - 00001645 _____ () C:\Users\x\Downloads\software_removal_tool.log
2015-01-13 18:17 - 2015-01-13 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-13 16:29 - 2015-01-13 16:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 16:28 - 2015-01-13 16:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-13 16:19 - 2015-01-13 16:19 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\x\Downloads\SpyHunter-Installer.exe
2015-01-13 16:16 - 2015-01-13 16:16 - 00880784 _____ (Google Inc.) C:\Users\x\Downloads\ChromeSetup.exe
2015-01-11 13:37 - 2015-01-11 13:34 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-11 13:35 - 2015-01-11 13:35 - 00000000 ____D () C:\Users\x\AppData\Roaming\Mozilla
2015-01-11 13:34 - 2015-01-11 13:34 - 00000000 ____D () C:\Users\x\AppData\Roaming\Avira
2015-01-11 13:28 - 2015-01-11 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-11 13:26 - 2015-01-11 13:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-11 13:26 - 2015-01-11 13:35 - 00000000 ____D () C:\ProgramData\Avira
2015-01-11 13:26 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-11 13:26 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-11 13:26 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-11 13:08 - 2015-01-11 13:08 - 02191360 _____ () C:\Users\x\Downloads\adwcleaner_4.107.exe
2015-01-11 13:05 - 2015-01-11 13:07 - 87836524 _____ (AVAST Software) C:\Users\x\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-01-11 12:58 - 2015-01-16 14:13 - 00001176 _____ () C:\Windows\setupact.log
2015-01-11 12:58 - 2015-01-15 20:05 - 00162294 _____ () C:\Windows\PFRO.log
2015-01-11 12:58 - 2015-01-11 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 12:57 - 2015-01-11 12:57 - 00000000 ____D () C:\Users\Public\Documents\Siemens
2015-01-11 12:52 - 2015-01-11 12:53 - 00000000 ____D () C:\Users\x\Documents\Reg
2015-01-11 11:37 - 2015-01-11 11:42 - 154051656 _____ () C:\Users\x\Downloads\avira_free_antivirus468_de.exe
2015-01-11 11:33 - 2015-01-11 11:33 - 00000000 _____ () C:\autoexec.bat
2015-01-02 16:59 - 2015-01-02 16:59 - 00000000 ____D () C:\Users\x\AppData\Local\freecad
2015-01-02 13:15 - 2015-01-02 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.14
2015-01-02 13:15 - 2015-01-02 13:15 - 00000682 _____ () C:\Users\x\Desktop\FreeCAD.lnk
2014-12-26 13:35 - 2014-12-26 13:35 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 13:21 - 2014-12-26 13:21 - 00000000 ____D () C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 12:55 - 2014-12-26 12:55 - 00000000 ____D () C:\Windows\UbiSoft
2014-12-26 12:43 - 2014-12-26 12:43 - 00000000 ____D () C:\Users\x\AppData\Roaming\TuneUp Software
2014-12-26 12:43 - 2014-12-26 12:43 - 00000000 ____D () C:\Users\x\AppData\Local\TuneUp Software
2014-12-26 12:42 - 2014-12-26 12:43 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-12-26 12:42 - 2014-12-26 12:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-12-20 18:10 - 2014-07-10 11:23 - 00083632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$KNXETS4-sqlctr10.52.4033.0.dll
2014-12-20 18:10 - 2014-07-10 11:22 - 00089264 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$KNXETS4-sqlctr10.52.4033.0.dll
2014-12-20 12:42 - 2014-12-20 12:42 - 00002153 _____ () C:\Users\Public\Desktop\SEE Electrical V7.lnk
2014-12-20 12:42 - 2014-12-20 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IGE+XAO
2014-12-20 08:28 - 2014-12-20 08:28 - 00002429 _____ () C:\Users\Public\Desktop\ETS4.lnk
2014-12-20 08:28 - 2014-12-20 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNX
2014-12-20 08:28 - 2014-12-20 08:28 - 00000000 ____D () C:\ProgramData\Elka Shared
2014-12-20 08:28 - 2014-12-20 08:28 - 00000000 ____D () C:\Program Files (x86)\ETS4
2014-12-20 08:22 - 2014-12-20 09:09 - 00000000 ____D () C:\Users\x\AppData\Local\KNX
2014-12-20 08:19 - 2014-12-20 08:28 - 00000000 ____D () C:\ProgramData\KNX
2014-12-20 08:19 - 2014-12-20 08:19 - 00000000 ____D () C:\Program Files (x86)\Ets3PlugIn
2014-12-20 08:10 - 2014-12-20 08:13 - 00000000 ____D () C:\Windows\SysWOW64\js
2014-12-20 08:10 - 2014-12-20 08:13 - 00000000 ____D () C:\Windows\SysWOW64\css
2014-12-20 08:10 - 2014-12-20 08:10 - 00000000 ____D () C:\Windows\SysWOW64\prompting
2014-12-20 08:10 - 2014-12-20 08:10 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2014-12-20 08:07 - 2012-06-29 01:22 - 00057288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.KNXETS4-sqlagtctr.dll
2014-12-20 08:07 - 2012-06-29 01:17 - 00086984 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL10_50.KNXETS4-sqlagtctr.dll
2014-12-20 08:02 - 2014-12-20 08:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-12-20 07:57 - 2014-12-20 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2014-12-17 19:33 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 19:33 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-16 14:14 - 2014-02-19 21:18 - 00000000 ___RD () C:\Users\x\Dropbox
2015-01-16 14:14 - 2014-02-19 21:12 - 00000000 ____D () C:\Users\x\AppData\Roaming\Dropbox
2015-01-16 14:13 - 2014-02-19 19:16 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 14:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 22:36 - 2010-01-22 03:07 - 01333715 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 22:22 - 2014-02-19 19:16 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 21:46 - 2012-11-26 20:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 20:14 - 2009-07-14 05:45 - 00025744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 20:14 - 2009-07-14 05:45 - 00025744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 20:12 - 2010-01-22 11:59 - 00846638 _____ () C:\Windows\system32\perfh007.dat
2015-01-15 20:12 - 2010-01-22 11:59 - 00204870 _____ () C:\Windows\system32\perfc007.dat
2015-01-15 20:12 - 2009-07-14 06:13 - 02022396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 20:00 - 2010-01-22 03:42 - 00000340 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-15 19:46 - 2012-11-26 20:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 19:46 - 2012-11-26 20:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 19:46 - 2012-11-26 20:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 19:22 - 2011-08-17 23:50 - 00000000 ____D () C:\Users\x
2015-01-15 19:22 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-15 19:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-15 19:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-15 18:57 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-14 21:54 - 2013-10-18 21:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:51 - 2011-08-19 09:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 21:16 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-14 21:11 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-14 17:26 - 2014-06-13 16:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-14 17:25 - 2014-06-13 16:10 - 00000000 ____D () C:\AdwCleaner
2015-01-14 16:56 - 2014-06-13 16:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-13 18:28 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\x\AppData\Local\Adobe
2015-01-13 18:17 - 2014-02-19 19:16 - 00000000 ____D () C:\Users\x\AppData\Local\Google
2015-01-13 18:17 - 2014-02-19 19:16 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-13 16:56 - 2014-02-28 17:44 - 00000000 ____D () C:\Users\x\AppData\Roaming\vlc
2015-01-13 16:17 - 2014-02-19 19:16 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-13 16:17 - 2014-02-19 19:16 - 00003844 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-11 12:42 - 2014-08-01 16:17 - 00000000 ____D () C:\Users\x\AppData\Roaming\Winamp
2015-01-11 12:42 - 2014-04-30 17:20 - 00000000 ____D () C:\Windows\Minidump
2015-01-08 09:55 - 2012-11-26 12:38 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 15:14 - 2010-01-22 03:40 - 00000000 ____D () C:\Program Files (x86)\AT&T
2015-01-03 15:13 - 2014-03-12 19:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-03 15:11 - 2011-08-17 23:51 - 00000998 _____ () C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-02 11:23 - 2014-02-21 08:42 - 00000000 ____D () C:\Users\x\AppData\Roaming\Skype
2014-12-26 12:33 - 2014-02-28 19:42 - 00000000 ____D () C:\Users\x\.gimp-2.8
2014-12-26 12:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-26 10:44 - 2014-11-02 15:04 - 00000000 ____D () C:\Users\x\AppData\Local\PokerStars.EU
2014-12-26 10:44 - 2014-11-02 15:03 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-12-20 18:02 - 2010-01-22 04:01 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-20 18:02 - 2010-01-22 04:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5008.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5006.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5005.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5004.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5002.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_5001.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1100.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1010.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1001.ini
2014-12-20 15:12 - 2014-02-28 16:55 - 00001764 _____ () C:\ProgramData\SEE_1000.ini
2014-12-20 12:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-12-20 08:15 - 2009-07-14 03:34 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services
2014-12-20 08:04 - 2014-10-14 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-12-20 08:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-20 08:00 - 2014-10-14 18:31 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-12-20 08:00 - 2014-10-14 18:31 - 00000000 ____D () C:\Windows\system32\1033
2014-12-19 17:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\x\AppData\Local\Temp\avgnt.exe
C:\Users\x\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpymgemv.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 21:47
==================== End Of Log ============================ --- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by x at 2015-01-16 14:18:14
Running from C:\Users\x\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Active@ File Recovery Professional 12 (HKLM\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 12 - LSoft Technologies Inc)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC)
AT&T Service Activation (HKLM-x32\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0049.00 - Lenovo Group Limited)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.4.0 - )
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dropbox (HKU\S-1-5-21-2150921082-4187140661-4272968030-1004\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Elektronischer Magnetplaner (HKLM-x32\...\magnet) (Version: - )
Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.2 - Lenovo Group Limited)
EPLAN Education 2.3 (HKLM-x32\...\EPLAN Education 2.3) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
EPLAN Education 2.3 (x32 Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG) Hidden
EPLAN Help de-DE 2.3 (HKLM-x32\...\{098E9513-C101-479F-A492-12300DE3B2DD}) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
EPLAN License Client (HKLM-x32\...\{0100BD88-3990-431F-9175-AB60E31AFFDE}) (Version: 9.1.11.44101 - EPLAN Software & Service GmbH & Co. KG)
EPLAN Platform 2.3 (HKLM-x32\...\{E31472AD-7381-4A37-AB5B-18379C35A336}) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
EPLAN Trial Education Data 2.3 (HKLM-x32\...\{E330FDB1-CC1B-4E02-8E26-4D3D4F74212F}) (Version: 2.3.5.7352 - EPLAN Software & Service GmbH & Co. KG)
Framework PCSoft (HKLM-x32\...\{F23EF286-3554-45EF-A65D-6218EB1DBE37}) (Version: 1.00.0000 - hager)
Free Billiards 2008 (HKLM-x32\...\Free Billiards 2008_is1) (Version: - )
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video to MP3 Converter version 5.0.52.1111 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.52.1111 - DVDVideoSoft Ltd.)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hager prerequisites (HKLM-x32\...\{98C64AD3-6A1D-4737-9ED8-06A73741550C}) (Version: 1.00.0000 - hager)
Integrated Camera Driver Installer Package Ver.1.1.0.17 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.17 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.172 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.172 - InterVideo Inc.) Hidden
IP Camera Adapter (HKLM-x32\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster3_is1) (Version: 3.3 - Smart Projects)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KNX eteC Falcon Runtime v2.1 (x32 Version: 2.1.5213.27900 - KNX Association cvba) Hidden
KNX ETS4 (HKLM-x32\...\KNX ETS4) (Version: 4.1.3614.46489 - KNX Association cvba)
KNX ETS4 (x32 Version: 4.1.3614.46489 - KNX Association cvba) Hidden
KNX ETS4 Additional Runtime (x32 Version: 4.0.0.0 - KNX Association cvba) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5396.31 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0003.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
LOGO!Soft Comfort V7.0 (HKLM\...\LOGO!Soft Comfort V7.0 ) (Version: 7.0.0.0 - Siemens AG)
LOGO!Soft Comfort V7.1 (HKLM\...\LOGO!Soft Comfort V7.1 ) (Version: 7.1.0.0 - Siemens AG)
LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Mobile Broadband Connect (HKLM-x32\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.0.0.24 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Personal ID (HKLM-x32\...\{F722209B-739E-40E4-ADB1-062BD032A0DB}) (Version: 1.8.5.202 - coolspot AG)
PKZIP Server for Windows 12.40.0008 (HKLM-x32\...\{134A51EB-1BBB-4249-BAF5-494C3D186A06}) (Version: 12.40.0008 - PKWARE, Inc)
Qualcomm Gobi 2000 Package for Lenovo (HKLM-x32\...\{6CA29A45-EF6D-4F73-997E-7CE03DBD4B69}) (Version: 1.1.80 - QUALCOMM)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Screen Antics 2.1 (HKLM-x32\...\Screen Antics) (Version: 2.1 - Jaap van Wingerden)
SEE Electrical V7 (HKLM-x32\...\{640A67B2-2CE3-4980-89FF-CFBBBC051D3E}) (Version: 7.10.4141 - IGE+XAO)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Siemens Automation License Manager (Version: 05.01.0100 - Siemens AG) Hidden
Siemens Automation License Manager V5.1 + SP1 (HKLM\...\{8D2E0408-8D61-4A53-B0DB-2AD670A38624}LicenseManager) (Version: 05.01.0100 - Siemens AG)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{F1412D98-F30E-49EF-9566-4E0A59835725}) (Version: 6.2.00 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_2 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_2) (HKLM-x32\...\{86AF14D7-1617-41D6-A930-8CB5B6E85797}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
SIMATIC STEP 7 (x32 Version: 05.05.0200 - Siemens AG) Hidden
SIMATIC STEP 7 V5.5 + SP2 Professional 2010 SR2 (HKLM-x32\...\{7B427E8E-F76D-4C8C-B155-7F24DF46DB67}STEP7) (Version: 05.05.0200 - Siemens AG)
SIMATIC Device Drivers (Version: 01.00.0200 - Siemens AG) Hidden
SIMATIC NCM FWL 64 (Version: 05.05.0100 - Siemens AG) Hidden
SIMATIC PLCSIM 64 (Version: 01.00.0001 - Siemens AG) Hidden
SIMATIC S7-GRAPH (x32 Version: 05.03.0700 - Siemens AG) Hidden
SIMATIC S7-GRAPH V5.3 + SP7 Professional 2010 SR2 (HKLM-x32\...\{4FF24C45-A4EE-4A99-B287-E3468EC41CBD}S7GRAPH) (Version: 05.03.0700 - Siemens AG)
SIMATIC S7-PCT (x32 Version: 02.03.0000 - Siemens AG) Hidden
SIMATIC S7-PCT V2.3 Professional 2010 SR2 (HKLM-x32\...\{06AF0F82-E926-48A6-8C5F-ECB195DB2CB4}S7PCT) (Version: 02.03.0000 - Siemens AG)
SIMATIC S7-PLCSIM (x32 Version: 5.4.0502 - Siemens AG) Hidden
SIMATIC S7-PLCSIM V5.4 + SP5 + Upd2 Professional 2010 SR2 (HKLM-x32\...\{1CBF27F6-24A4-488D-940A-678F1C691C49}PLCSim) (Version: 5.4.0502 - Siemens AG)
SIMATIC S7-SCL (x32 Version: 5.3.6.0 - Siemens AG) Hidden
SIMATIC S7-SCL V5.3 + SP6 Professional 2010 SR2 (HKLM-x32\...\{5B1B0682-EEC6-4EDD-BAB0-3FEC2E55090D}SCL) (Version: 5.3.6.0 - Siemens AG)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{8C7750D1-ADE6-4DAD-A54E-871EB2ABFE98}) (Version: 2.50 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Intel (e1kexpress) Net (12/01/2009 11.5.7.0) (HKLM\...\B65F6B58F0E37352721284FE7F009532B5DF1D2C) (Version: 12/01/2009 11.5.7.0 - Intel)
Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
ZPlan (HKLM-x32\...\{B8A8AF33-800B-49DC-AF54-EE642A3C3066}) (Version: 1.0.1407.1107 - Hager)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150921082-4187140661-4272968030-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
15-01-2015 18:57:08 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-01-14 21:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C60B7FB-264C-4E33-99CD-590CC997F3E9} - System32\Tasks\LaunchCSS => C:\PROGRAM FILES\LENOVO\CLIENT SECURITY SOLUTION\cssauth.exe [2011-06-10] (Lenovo Group Limited)
Task: {1B8A97AE-4C2B-4F23-A2B3-5C8DCAEAB435} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {22F1B871-8A53-459B-9B85-43DAA0FAF3EB} - \upfs7235 No Task File <==== ATTENTION
Task: {4049BA40-48F7-4094-BC5C-3E70E5AA1B73} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {442F485E-EA55-4B7E-986E-36258DD7F108} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-11-14] (PC-Doctor, Inc.)
Task: {461FD748-1A4C-49FE-A8A6-69CE7BE0BD88} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-06-24] (Lenovo Group Limited)
Task: {4EBB852E-0896-4BA5-981C-F503772C9CFC} - System32\Tasks\{790C4479-9298-4EE6-A9DA-E746E08AFEB4} => pcalua.exe -a "F:\Step 7\s7sp5\Install\CD_1\STEP7\Disk1\s7sdd\setup.exe" -d "F:\Step 7\s7sp5\Install\CD_1\STEP7\Disk1\s7sdd"
Task: {518E63E5-969D-4E50-9E3E-9295034DE576} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {541D5419-5629-4055-AD17-667F38D626BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {5A847B5C-133C-42F1-98B4-4E7B94B6C0D8} - System32\Tasks\{173C887B-C621-4993-B5E3-F42CBBFA2C16} => pcalua.exe -a "F:\Step 7\treiber\Setup.exe" -d "F:\Step 7\treiber"
Task: {604C4976-CA2E-447C-AB01-0F833CDF6A76} - System32\Tasks\TVT\LaunchRnR
Task: {6E0C6309-52EB-4146-B1EE-20D773168A6B} - System32\Tasks\{011EADE2-F8CF-44A7-B34A-7AC4ADF9144C} => pcalua.exe -a "F:\Caddy++\CADdy++ Elektrotechnik v3.80 Full - enterprise\SETUP.EXE" -d "F:\Caddy++\CADdy++ Elektrotechnik v3.80 Full - enterprise"
Task: {A1CA3234-25AB-4241-9A9D-844234792DD3} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {AAA34DF5-45A2-4EC3-A462-1A266EDC7D17} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {D1169947-CA98-4990-BE71-C7266F1D1C50} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {D1307042-72D6-473F-A8E5-808C1FD7C2C1} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {DA5D448C-36C1-4185-A4BA-793CC9E6D61B} - System32\Tasks\{AB11FA6C-9A14-4B7D-B927-93AA27D4DDBA} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1618
Task: {DE0141DF-F7D6-458A-B529-6D8BCA52D335} - System32\Tasks\{033A4634-0BB0-4915-9214-ED93BA6B9585} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {E6521F03-247B-437E-B3CE-70B2EF2435AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {E745C36E-47E1-40C8-AF9C-CD523DE97462} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {E7D540B0-12B9-40CC-A5AD-558559632742} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdlauncher.exe [2009-11-14] (PC-Doctor, Inc.)
Task: {EE38804D-6F3A-4917-BE75-EC842ED33683} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdlauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
==================== Loaded Modules (whitelisted) =============
2009-09-21 15:04 - 2009-09-21 15:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-22 03:20 - 2014-06-24 05:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-03-10 00:43 - 2011-03-10 00:43 - 00774144 _____ () C:\Program Files\Common Files\Siemens\SWS\PlugIns\SCP\Scpwin64.dll
2012-11-22 16:23 - 2011-02-22 18:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
2011-06-14 17:24 - 2011-06-14 17:24 - 00824320 _____ () C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\sn_regbase.dll
2015-01-13 18:17 - 2014-12-06 02:16 - 01408328 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2015-01-13 18:17 - 2014-12-06 02:16 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-13 18:17 - 2014-12-06 02:17 - 10689352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2015-01-13 18:17 - 2014-12-06 02:16 - 01856840 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-03-14 16:47 - 2014-03-14 16:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-16 14:13 - 2015-01-16 14:13 - 00043008 _____ () c:\users\x\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpymgemv.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\x\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-06-14 17:24 - 2011-06-14 17:24 - 00749568 _____ () C:\Windows\SysWOW64\sn_regbase.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: NVIDIA Performance Driver Service => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMwareHostd => 2
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
========================= Accounts: ==========================
Administrator (S-1-5-21-2150921082-4187140661-4272968030-500 - Administrator - Disabled)
Gast (S-1-5-21-2150921082-4187140661-4272968030-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2150921082-4187140661-4272968030-1007 - Limited - Enabled)
x (S-1-5-21-2150921082-4187140661-4272968030-1004 - Administrator - Enabled) => C:\Users\x
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/15/2015 06:45:49 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (01/15/2015 06:22:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (01/14/2015 09:54:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (01/14/2015 09:51:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (01/14/2015 08:11:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80070422).
Error: (01/14/2015 08:09:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80070422).
Error: (01/14/2015 08:07:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80070422).
Error: (01/14/2015 08:01:08 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/14/2015 08:01:08 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/14/2015 08:01:08 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
System errors:
=============
Error: (01/16/2015 02:17:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C285579-631C-421D-8623-4BCFE33AAEE3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/15/2015 08:09:53 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C285579-631C-421D-8623-4BCFE33AAEE3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/15/2015 07:33:49 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C285579-631C-421D-8623-4BCFE33AAEE3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/15/2015 07:29:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/15/2015 07:22:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/15/2015 07:22:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/15/2015 07:22:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/15/2015 07:22:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/15/2015 07:22:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/15/2015 06:12:41 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C285579-631C-421D-8623-4BCFE33AAEE3}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (04/25/2014 06:40:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-01-14 21:08:44.347
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-14 21:08:44.098
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 37%
Total physical RAM: 7987.67 MB
Available physical RAM: 4970.43 MB
Total Pagefile: 15973.52 MB
Available Pagefile: 12358.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:108.18 GB) (Free:35.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (SYSTEM_DRV) (Fixed) (Total:1.27 GB) (Free:0.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:9.79 GB) (Free:2.07 GB) NTFS
Drive f: (Daten) (Fixed) (Total:698.46 GB) (Free:672.4 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 0F78C1BF)
Partition 1: (Not Active) - (Size=1.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=108.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: F7199A90)
Partition 2: (Active) - (Size=698.6 GB) - (Type=OF Extended)
==================== End Of Log ============================ |