| Klaus1801 | 11.06.2016 13:52 |
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
durchgeführt von KWAC (Administrator) auf HEIM-PC (11-06-2016 14:45:16)
Gestartet von C:\Users\KWAC\Downloads
Geladene Profile: KWAC (Verfügbare Profile: KWAC & _supereasy_1cbackup_)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Windows\jmesoft\Service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo) C:\Users\KWAC\AppData\Local\Apps\2.0\V8NTEQXV.XA2\G3DQMRQM.ZJ9\lsb...tion_91a10ba61c75c82d_0001.0004_53146ffb7155a994\LSB.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3997361003-1563497620-537380043-1001\...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3997361003-1563497620-537380043-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FamilySafetyGuide.lnk [2015-09-22]
ShortcutTarget: FamilySafetyGuide.lnk -> C:\Program Files\Lenovo\LenovoFamilySecurity\LenovoFamilySecurity.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{50b3ec54-2814-4080-971e-1254927f381a}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{fe4ce7f5-284d-48d8-9b5f-9b5b604da74f}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3997361003-1563497620-537380043-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3997361003-1563497620-537380043-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKaJBAcl6QvIXxxcMXfQLCsGdwtR_Vpwu0lbBQt3m7wDyDmDGYvZLJ2ErOkrHbubRz1Dl_V12AODElO9p79MKVHqZTdbt8ZPhQXnqCrgzWhjmths-s7xw53RHXuhFPMpdtqPn6UmF1CgqmQ,,
hxxp://www.lenovo.com
HKU\S-1-5-21-3997361003-1563497620-537380043-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {2392E253-B339-4F17-99BE-E38194604D9D} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {2392E253-B339-4F17-99BE-E38194604D9D} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3997361003-1563497620-537380043-1001 -> DefaultScope {A1A2B88D-6159-11E5-829C-C48E8F27E1F4} URL =
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3997361003-1563497620-537380043-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\KWAC\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-08-19] (RocketLife, LLP)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-05-06]
Chrome:
=======
CHR Profile: C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Google Präsentationen) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Google Drive) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Präsentationen) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-01]
CHR Extension: (Google-Suche) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Präsentationen) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-03]
CHR Extension: (Google Präsentationen) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2016-01-15]
CHR Extension: (Google Präsentationen) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Google Präsentationen) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-05-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Mail) - C:\Users\KWAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [Datei ist nicht signiert]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
S3 LSEDT; C:\Windows\System32\LSEDT.exe [32968 2015-11-15] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-26] (Maxthon)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [237488 2016-05-06] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [178872 2016-05-06] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [987568 2016-05-06] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [51288 2016-05-06] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-06] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [112520 2015-12-03] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2015-11-15] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-11 14:45 - 2016-06-11 14:45 - 00018452 _____ C:\Users\KWAC\Downloads\FRST.txt
2016-06-11 14:45 - 2016-06-11 14:45 - 00000000 ____D C:\FRST
2016-06-11 14:44 - 2016-06-11 14:44 - 02385408 _____ (Farbar) C:\Users\KWAC\Downloads\FRST64.exe
2016-06-11 13:56 - 2016-06-11 13:56 - 00328424 _____ C:\Users\KWAC\Downloads\Kreditkartenabrechnung_424201XXXXXX7000_20160610.pdf
2016-06-11 13:56 - 2016-06-11 13:56 - 00328424 _____ C:\Users\KWAC\Downloads\Kreditkartenabrechnung_424201XXXXXX7000_20160610 (1).pdf
2016-06-11 13:20 - 2016-06-11 13:20 - 00484588 _____ C:\Users\KWAC\Downloads\happy-new-year-2010.htm
2016-06-11 08:49 - 2016-06-11 08:49 - 00000000 ___HD C:\OneDriveTemp
2016-06-06 11:49 - 2016-06-06 11:49 - 00012051 _____ C:\Users\KWAC\Downloads\893792628.pdf
2016-06-06 11:48 - 2016-06-06 11:48 - 00022295 _____ C:\Users\KWAC\Downloads\893792628_EVN.pdf
2016-06-04 17:12 - 2016-06-04 17:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-06-02 15:05 - 2016-06-02 15:05 - 00930101 _____ C:\Users\KWAC\Downloads\mandala-pferd (3)
2016-06-02 15:05 - 2016-06-02 15:05 - 00930101 _____ C:\Users\KWAC\Downloads\mandala-pferd (2)
2016-06-02 15:05 - 2016-06-02 15:05 - 00930101 _____ C:\Users\KWAC\Downloads\mandala-pferd (1)
2016-06-02 15:05 - 2016-06-02 15:05 - 00930101 _____ C:\Users\KWAC\Downloads\mandala-pferd
2016-06-02 10:43 - 2016-06-02 10:43 - 00114457 _____ C:\Users\KWAC\Downloads\ISU009000212144 (1).pdf
2016-06-02 10:43 - 2016-06-02 10:43 - 00114449 _____ C:\Users\KWAC\Downloads\ISU008001531773 (1).pdf
2016-06-02 10:41 - 2016-06-02 10:41 - 00092511 _____ C:\Users\KWAC\Downloads\ISU008001531300 (1).pdf
2016-06-02 10:37 - 2016-06-02 10:37 - 00119193 _____ C:\Users\KWAC\Downloads\ISU008001531304 (1).pdf
2016-06-02 10:31 - 2016-06-02 10:31 - 00114509 _____ C:\Users\KWAC\Downloads\ISU009000212143 (1).pdf
2016-06-02 10:30 - 2016-06-02 10:30 - 00119165 _____ C:\Users\KWAC\Downloads\ISU008001531774 (1).pdf
2016-06-02 10:24 - 2016-06-02 10:24 - 00114347 _____ C:\Users\KWAC\Downloads\ISU003000198417.pdf
2016-05-30 17:16 - 2016-05-30 17:16 - 01473544 _____ C:\Users\KWAC\Downloads\Microsoft NET Framework - CHIP-Installer.exe
2016-05-28 11:14 - 2016-05-28 11:14 - 09363890 _____ C:\Users\KWAC\Downloads\rewe-schuerholz (1).pdf
2016-05-28 11:13 - 2016-05-28 11:13 - 09363890 _____ C:\Users\KWAC\Downloads\rewe-schuerholz.pdf
2016-05-26 14:48 - 2016-05-26 14:49 - 50284752 _____ (Microsoft Corporation) C:\Users\KWAC\Downloads\MouseKeyboardCenter_64bit_DEU_2.3.188 (1).exe
2016-05-26 13:08 - 2016-05-26 13:08 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2016-05-26 13:08 - 2016-05-26 13:08 - 00001830 _____ C:\Users\KWAC\Desktop\Google Earth Pro.lnk
2016-05-26 13:08 - 2016-05-26 13:08 - 00000000 ____D C:\Users\KWAC\AppData\LocalLow\Google
2016-05-26 13:06 - 2016-05-26 13:06 - 01473544 _____ C:\Users\KWAC\Downloads\Vollversion Google Earth Pro - CHIP-Installer.exe
2016-05-21 18:43 - 2016-05-21 18:43 - 00000000 ____D C:\Users\KWAC\AppData\Roaming\Lenovo
2016-05-21 18:43 - 2016-05-21 18:43 - 00000000 ____D C:\Users\KWAC\.QtWebEngineProcess
2016-05-21 18:43 - 2016-05-21 18:43 - 00000000 ____D C:\Users\KWAC\.LSC
2016-05-21 17:34 - 2016-05-21 17:34 - 00002169 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2016-05-19 14:10 - 2016-05-19 14:10 - 00365364 _____ C:\WINDOWS\Minidump\051916-17828-01.dmp
2016-05-19 14:06 - 2016-05-19 14:06 - 00000000 __SHD C:\found.006
2016-05-17 14:50 - 2016-05-17 14:50 - 00703254 _____ C:\Users\KWAC\Downloads\9783466309665_sample.pdf
2016-05-17 08:38 - 2016-05-17 08:39 - 00368796 _____ C:\WINDOWS\Minidump\051716-22000-01.dmp
2016-05-14 09:54 - 2016-05-14 09:54 - 00328675 _____ C:\Users\KWAC\Downloads\Kreditkartenabrechnung_424201XXXXXX7000_20160512.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-11 14:37 - 2015-09-18 17:14 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-11 13:46 - 2015-11-15 21:04 - 00000412 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2016-06-11 13:12 - 2016-05-06 12:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-11 09:37 - 2015-09-18 17:14 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-11 08:54 - 2015-08-03 23:03 - 00000000 ____D C:\Users\KWAC\AppData\Roaming\Nitro PDF
2016-06-11 08:52 - 2015-08-08 10:22 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E25E093D-A383-4012-B60B-8B0424698C86}
2016-06-11 08:49 - 2015-08-03 21:45 - 00000000 ___RD C:\Users\KWAC\OneDrive
2016-06-10 16:28 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-10 08:52 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-09 14:38 - 2016-04-07 15:32 - 00003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForKWAC
2016-06-09 14:38 - 2016-04-07 15:32 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKWAC.job
2016-06-09 05:32 - 2015-10-30 20:35 - 00776562 _____ C:\WINDOWS\system32\perfh007.dat
2016-06-09 05:32 - 2015-10-30 20:35 - 00155874 _____ C:\WINDOWS\system32\perfc007.dat
2016-06-09 05:32 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-09 05:32 - 2015-08-03 21:39 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-09 05:26 - 2015-11-15 13:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-09 05:26 - 2015-11-15 13:22 - 00000000 ____D C:\Users\KWAC
2016-06-09 05:26 - 2015-11-15 13:16 - 00135880 _____ (Lenovo) C:\WINDOWS\system32\wpbbin.exe
2016-06-09 05:26 - 2015-08-04 00:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-08 22:38 - 2015-09-18 17:15 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 22:38 - 2015-09-18 17:15 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 20:59 - 2015-08-04 00:05 - 00000000 ___RD C:\Users\KWAC\Desktop\Gästewohnungen 2016
2016-06-05 20:42 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-04 15:42 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-04 04:53 - 2015-08-07 09:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-29 20:07 - 2015-11-15 21:04 - 00003486 _____ C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator
2016-05-29 20:07 - 2015-09-16 23:07 - 00000000 ___RD C:\Users\KWAC\Documents\RocketLifeNetwork
2016-05-29 20:07 - 2015-09-16 23:06 - 00002036 _____ C:\Users\KWAC\Desktop\HP Photo Creations.lnk
2016-05-29 20:07 - 2015-09-16 23:06 - 00000000 ____D C:\Users\KWAC\AppData\Roaming\HP Photo Creations
2016-05-29 18:46 - 2015-11-15 13:22 - 00000000 ____D C:\Users\_supereasy_1cbackup_
2016-05-26 13:08 - 2015-08-03 23:13 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-21 17:34 - 2015-03-16 20:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-05-21 17:34 - 2015-03-16 20:24 - 00000000 ____D C:\Program Files\Lenovo
2016-05-21 17:27 - 2015-03-16 20:29 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-05-19 14:10 - 2016-01-26 10:07 - 817603033 _____ C:\WINDOWS\MEMORY.DMP
2016-05-19 14:10 - 2015-12-22 09:45 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-18 14:54 - 2015-08-03 21:45 - 00002429 _____ C:\Users\KWAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-14 13:58 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-14 07:30 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-14 07:17 - 2015-08-03 18:31 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-13 23:33 - 2015-10-30 20:44 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 23:33 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-13 23:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-13 23:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 23:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-13 23:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-13 13:30 - 2015-08-07 09:24 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-09-29 17:24 - 2016-02-27 15:45 - 0001062 _____ () C:\Users\KWAC\AppData\Local\62ddddf9d461bd9633b86dd3c75a2286
2015-09-29 17:14 - 2016-04-22 14:04 - 0001062 _____ () C:\Users\KWAC\AppData\Local\998087a8e589f390f0b710fed8b8c1bf
2015-08-03 18:44 - 2015-08-03 21:04 - 0002138 _____ () C:\Users\KWAC\AppData\Local\BTServer.log
2015-09-29 17:20 - 2016-02-27 15:44 - 0001062 _____ () C:\Users\KWAC\AppData\Local\c59be68b03be09f9dbe3e1c49acbe573
2015-08-04 14:46 - 2015-08-04 14:46 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-15 13:19 - 2015-11-15 13:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\KWAC\AppData\Local\Temp\HPPSdr.exe
C:\Users\KWAC\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-06-09 13:51
==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-06-2016
durchgeführt von KWAC (2016-06-11 14:46:06)
Gestartet von C:\Users\KWAC\Downloads
Windows 10 Home Version 1511 (X64) (2015-11-15 11:38:27)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3997361003-1563497620-537380043-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3997361003-1563497620-537380043-503 - Limited - Disabled)
Gast (S-1-5-21-3997361003-1563497620-537380043-501 - Limited - Disabled)
KWAC (S-1-5-21-3997361003-1563497620-537380043-1001 - Administrator - Enabled) => C:\Users\KWAC
_supereasy_1cbackup_ (S-1-5-21-3997361003-1563497620-537380043-1004 - Administrator - Enabled) => C:\Users\_supereasy_1cbackup_
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.7.1013.0 - Lenovo Inc.)
Beautune 1.0.5 (HKLM-x32\...\Beautune) (Version: 1.0.5 - Everimaging Co., Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
COLOR projects premium (64-Bit) (HKLM\...\COLOR_PROJECTS_1_2_C935FDA1_is1) (Version: 1.14 - Franzis Verlag GmbH)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1602 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4002 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.4002 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HDR projects darkroom (64-Bit) (HKLM\...\HDR_PROJECTS_2_0_3BF7CE82_is1) (Version: 2.26 - Franzis Verlag GmbH)
HP Officejet 5740 series - Grundlegende Software für das Gerät (HKLM\...\{4029319E-A53E-4FAA-A2FA-D0091D85EB17}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP Officejet 5740 series Hilfe (HKLM-x32\...\{0C0C43A4-CDBF-4CF6-9902-4CF6BBD09C80}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKU\S-1-5-21-3997361003-1563497620-537380043-1001\...\HP Photo Creations) (Version: 1.0.0.20722 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7104.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.7104.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3997361003-1563497620-537380043-1001\...\cbe8636f7dd0cf1d) (Version: 1.4.0.0 - Lenovo)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1.5990 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
Nitro Pro 9 (HKLM\...\{237990BC-415C-4CE8-B279-37892516D9F2}) (Version: 9.0.6.20 - Nitro)
NVIDIA Grafiktreiber 333.79 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.79 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
One Click Wipe 4.0 (HKLM\...\One Click Wipe 4_is1) (Version: - Franzis.de)
Photo BUZZER (64-Bit) (HKLM\...\EMOTION_PROJECTS_1_2_CDF5610E_is1) (Version: 1.14 - Franzis Verlag GmbH)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.802.010714 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.20.0239 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
SILVER projects premium (64-Bit) (HKLM\...\SILVER_PROJECTS_1_2_28B15F1D_is1) (Version: 1.14 - Franzis Verlag GmbH)
Studie zur Verbesserung von HP Officejet 5740 series (HKLM\...\{E49940D5-31DD-40BA-851D-3B82C4FF7A18}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
SuperEasy 1-Click Backup (HKLM\...\SuperEasy 1-Click Backup) (Version: 1.13 - SuperEasy Software GmbH & Co. KG)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.0.3 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3997361003-1563497620-537380043-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\KWAC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01E64318-5D66-4A7B-8B73-94C7513F46AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {032C6060-85E1-4E56-8432-AAE7505FD484} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {03C1B6F0-B064-4EFF-A2C2-495119380895} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)
Task: {0837B1BC-10B9-4183-A722-6422DDE21A37} - System32\Tasks\HPCeeScheduleForKWAC => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {0B9CE817-E6D4-4CC6-BA7E-2EC54A5182BC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {1F0E6EF9-8978-416A-86A5-BC31FA053A43} - System32\Tasks\HPCustParticipation HP Officejet 5740 series => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {21F4D161-9B8E-4190-9576-E266B516C6F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {225221B9-A349-453F-842D-FD49C62BBB13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {248CD582-A786-4227-A885-753C80055372} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)
Task: {2C80A323-74DD-481C-BECA-46CE219CDF4E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {3A4D661F-ED11-47C0-BA39-15057A351708} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {3E909AE2-FC28-4E12-9A64-28DE496ECCC2} - System32\Tasks\HP Photo Creations Communicator => C:\Users\KWAC\AppData\Roaming\HP Photo Creations\Communicator.exe [2016-05-29] ()
Task: {3EF5266C-2E94-4B52-B17F-A5171762C22C} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {4B7D7B25-3559-41DA-823E-596CD853BC3B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {5C3BB093-0EB9-45FE-8DBA-DF3CB9A947BD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5D2D783E-18F9-4EEA-8AB7-AC1E3272280C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {6101567E-02DB-4A89-9C70-BAF0BC76D35C} - System32\Tasks\HP AR Program Upload - 21f779ac067349d9b6e01cc4b1945820481efb35beff4915b379eed09a2fdcff => C:\Program Files\HP\HP Officejet 5740 series\bin\HPRewards.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {63C4DB88-6E7B-4EE1-875B-FCDA1C3B349A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {745B8F3C-4B09-4DFB-8A46-209D33C17A32} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {8B977677-33C7-40FB-863C-E1078D94517D} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {9C3EB649-11D8-45DD-AAD3-8EFBCFBD58CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {9EF7FDEC-BB10-4F0C-B50A-10FD78C1A0B3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {A8E57ED9-1526-4B1D-8475-3931A194A4FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {AF3BC962-17A4-46FA-885A-6760330039D6} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {B0F9F718-57D8-40B3-800F-F30B7A41A54D} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {BF2ACBB2-C9AF-4BC0-B377-A32CD9203A39} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {CED78F43-803C-4E55-B9A4-A67A4CE3441A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {D0DEF1EC-69D5-4484-BC59-C2176A70AD20} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E314D8BC-9FAE-4070-9E67-30E138AB05F8} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {EDCBE8EA-B819-4710-89D6-98E48160A4F2} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F0F68183-883B-429F-AD71-AB3DD72A0619} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FB1952BE-7EEA-4EC6-BFA6-1BF339921C2A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3997361003-1563497620-537380043-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\KWAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\KWAC\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKWAC.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-03-16 20:14 - 2011-08-16 21:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2015-03-16 20:29 - 2012-04-24 12:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-15 13:19 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-13 11:06 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 11:06 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-18 14:53 - 2016-05-18 14:53 - 00959168 _____ () C:\Users\KWAC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-12-18 13:31 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 09:31 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 09:32 - 2016-04-23 06:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-05-11 09:32 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 09:32 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 09:32 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 09:32 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-16 20:14 - 2011-08-16 21:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2016-04-19 08:46 - 2016-04-19 08:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-03 09:21 - 2016-06-03 09:27 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-03 09:21 - 2016-06-03 09:27 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 09:21 - 2016-06-03 09:27 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-04 08:30 - 2016-03-04 08:31 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-21 11:26 - 2016-01-21 11:26 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 12:45 - 2015-12-16 10:41 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
2015-03-16 20:13 - 2013-12-03 07:37 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-05-18 14:53 - 2016-05-18 14:53 - 00679624 _____ () C:\Users\KWAC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-03-16 20:14 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2016-04-19 08:46 - 2016-04-19 08:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 08:46 - 2016-04-19 08:48 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3997361003-1563497620-537380043-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\KWAC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "SuperEasy 1-Click Backup"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{15A181E1-073E-4200-BD7C-E5F9783733E4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{963A083B-1D81-406F-A14C-AC10F7D62BC6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{884E105C-A555-412D-B291-0F0DA8F9B97B}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS64E8\HPDiagnosticCoreUI.exe
FirewallRules: [{81E62EF7-3A1C-4545-958E-CB1741B24EC7}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS64E8\HPDiagnosticCoreUI.exe
FirewallRules: [{68F9CD3A-6394-473B-B7C8-AF80C1E1B032}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS6267\hppiw.exe
FirewallRules: [{872502E0-6398-4FD2-83E6-071FA445A210}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS6267\hppiw.exe
FirewallRules: [{7F5B6FA1-4CE7-4B8E-B8AB-56E764CE9EB8}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C96E2B3A-D390-475D-B188-F9D2E551F0C7}] => (Allow) LPort=5357
FirewallRules: [{5805FB60-0D46-456B-9EB6-721F8820C88A}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe
FirewallRules: [{4D1A8355-BDB9-496E-9B87-CC8B8B49AB56}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\SendAFax.exe
FirewallRules: [{C21CA92B-6B3B-43B6-AFC7-3514BB4877E1}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\DigitalWizards.exe
FirewallRules: [{FE350758-40DE-4E3F-9343-27114A3CF0D6}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxApplications.exe
FirewallRules: [{B283A5FF-F9C4-441F-9264-9F23653DE77C}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9CC5C413-35C0-4E3D-BB0F-D7A119F8AEC2}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{A7743F0A-B065-4152-BCEC-5C50F7879BCE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{A9EDB2CF-CB5D-4577-B113-87BAF8A4CA29}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F7D14ACE-16BF-43FE-90C3-22B781FFEF8F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{A3E7115F-91DC-47AF-BD3A-AFEC331B2830}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{AA6DF444-86BB-4139-8E88-15E41F75ECE7}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{CF621549-482B-45D2-82C1-2B919BE98B04}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{97AE056D-72BF-40F0-8036-6A285654B254}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8D69BD6A-81FE-46A6-B3C7-C1D04BEF6551}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS5960\HPDiagnosticCoreUI.exe
FirewallRules: [{06C1C653-B8FB-483E-BF64-424EBEFD55BA}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS5960\HPDiagnosticCoreUI.exe
FirewallRules: [{6FD3A7CE-E7E1-405D-A5A0-3D49E8750C94}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS59C6\HPDiagnosticCoreUI.exe
FirewallRules: [{CEB7E6E6-687C-4005-9F31-A756051A6F86}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS59C6\HPDiagnosticCoreUI.exe
FirewallRules: [{69D41C21-0777-4CAF-A689-7A7BF7EDBEF3}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS3C01\HPDiagnosticCoreUI.exe
FirewallRules: [{7C6335CC-2F00-4EA2-9120-4BE3D7EBBF0A}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS3C01\HPDiagnosticCoreUI.exe
FirewallRules: [{A64AE4FE-8BF5-4A04-90F2-E7C386559683}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS3C50\HPDiagnosticCoreUI.exe
FirewallRules: [{B3C1132C-10F8-4747-902E-6B6600AE3C03}] => (Allow) C:\Users\KWAC\AppData\Local\Temp\7zS3C50\HPDiagnosticCoreUI.exe
FirewallRules: [{9B52B537-4237-4DCA-981F-BBF7A05B3A21}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
21-05-2016 17:33:52 Installed Lenovo Solution Center.
31-05-2016 14:34:33 Geplanter Prüfpunkt
09-06-2016 15:11:46 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/11/2016 08:54:06 AM) (Source: HP Active Health) (EventID: 401) (User: )
Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
Error: (06/11/2016 08:53:58 AM) (Source: HP Active Health) (EventID: 1100) (User: )
Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
bei HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
Error: (06/11/2016 08:53:45 AM) (Source: HP Active Health) (EventID: 1101) (User: )
Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
Error: (06/10/2016 09:37:16 AM) (Source: HP Active Health) (EventID: 401) (User: )
Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
Error: (06/10/2016 09:37:15 AM) (Source: HP Active Health) (EventID: 1100) (User: )
Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
bei HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
Error: (06/10/2016 09:37:13 AM) (Source: HP Active Health) (EventID: 1101) (User: )
Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
Error: (06/10/2016 08:46:04 AM) (Source: HP Active Health) (EventID: 401) (User: )
Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
Error: (06/10/2016 08:46:03 AM) (Source: HP Active Health) (EventID: 1100) (User: )
Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
bei HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
Error: (06/10/2016 08:45:47 AM) (Source: HP Active Health) (EventID: 1101) (User: )
Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
Error: (06/09/2016 03:12:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Systemfehler:
=============
Error: (06/10/2016 11:35:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_1163007" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/10/2016 11:35:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _1163007" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/10/2016 11:35:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_1163007" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/10/2016 11:35:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_1163007" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/10/2016 11:35:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/10/2016 11:12:24 PM) (Source: DCOM) (EventID: 10016) (User: Heim-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Heim-PCKWACS-1-5-21-3997361003-1563497620-537380043-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
Error: (06/10/2016 11:12:24 PM) (Source: DCOM) (EventID: 10016) (User: Heim-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Heim-PCKWACS-1-5-21-3997361003-1563497620-537380043-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
Error: (06/10/2016 09:32:47 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (06/10/2016 12:40:24 PM) (Source: DCOM) (EventID: 10016) (User: Heim-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Heim-PCKWACS-1-5-21-3997361003-1563497620-537380043-1001LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
Error: (06/10/2016 09:11:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_e648b4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2016-05-15 08:41:49.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-14 07:16:57.466
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-13 13:19:45.587
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-06 12:43:50.427
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-15 08:31:38.406
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-14 10:24:41.989
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-14 08:32:14.508
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-25 09:24:07.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-12 10:42:24.809
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-10 05:48:05.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 8140.05 MB
Verfügbarer physikalischer RAM: 6122.52 MB
Summe virtueller Speicher: 9420.05 MB
Verfügbarer virtueller Speicher: 6978.61 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:849.12 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 730B5EED)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
Hinweis:
FRST 32-Bit | FRST 64-Bit
AdwCleaner auf deinen Desktop.
