| Haferbrei | 11.01.2015 18:07 |
Fixlog: Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by SYSTEM at 2015-01-11 17:22:21 Run:1
Running from K:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-1328450750-26571623-3133941281-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1328450750-26571623-3133941281-1000\User: Group Policy restriction detected <======= ATTENTION
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2015-01-09] (AVAST Software)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
IFEO\utilman.exe: [Debugger] c:\windows\system32\cmd.exe
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-09] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-09] ()
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-09] ()
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-09] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-09] (AVAST Software)
S4 aswSP; C:\Windows\System32\Drivers\aswSP.sys [436624 2015-01-09] ()
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-09] ()
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-09] ()
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636760 2013-03-28] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
C:\Program Files\AVAST Software
C:\Users\user1\AppData\Local\Temp\jansi-32-git-MCPC-Plus-jenkins-MCPC-Plus-164-243.dll
C:\Users\user2\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\user2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptabab2.dll
C:\Users\user2\AppData\Local\Temp\~convert1692773894483522371.exe
C:\Users\user2\AppData\Local\Temp\~convert2039519410575071690.exe
C:\Users\user2\AppData\Local\Temp\~convert3847387038058224184.exe
C:\Windows\System32\Drivers\aswsnx.sys
C:\Windows\System32\Drivers\aswsnx.sys.1420820403801
C:\Windows\System32\Drivers\aswmonflt.sys
C:\Windows\System32\Drivers\aswsnx.sys.1420820401303
C:\Windows\System32\Drivers\aswSP.sys
C:\Windows\System32\aswBoot.exe
C:\Windows\System32\Drivers\aswVmm.sys
C:\Windows\System32\Drivers\aswStm.sys
C:\Windows\System32\Drivers\aswRdr2.sys
C:\Windows\System32\Drivers\aswmonflt.sys.1420820401303
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\avastSS.scr
C:\Windows\System32\Drivers\aswHwid.sys
C:\Windows\System32\Tasks\avast! Emergency Update
C:\ProgramData\AVAST Software
C:\Users\user1\Downloads\avast_free_antivirus_setup.exe
C:\Windows\System32\klogon.dll
C:\Windows\System32\DRIVERS\kl1.sys
C:\Windows\System32\DRIVERS\kl2.sys
C:\Windows\System32\DRIVERS\klif.sys
C:\Windows\System32\DRIVERS\klim6.sys
C:\Windows\System32\DRIVERS\klmouflt.sys
*****************
C:\Windows\System32\GroupPolicyUsers\S-1-5-21-1328450750-26571623-3133941281-1003\User => Moved successfully.
C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\System32\GroupPolicyUsers\S-1-5-21-1328450750-26571623-3133941281-1000\User => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utilman.exe" => Key deleted successfully.
avast! Antivirus => Service deleted successfully.
aswHwid => Service deleted successfully.
aswMonFlt => Service deleted successfully.
aswRdr => Service deleted successfully.
aswRvrt => Service deleted successfully.
aswSnx => Service deleted successfully.
aswSP => Service deleted successfully.
aswStm => Service deleted successfully.
aswVmm => Service deleted successfully.
KL1 => Service deleted successfully.
kl2 => Service deleted successfully.
KLIF => Service deleted successfully.
KLIM6 => Service deleted successfully.
klmouflt => Service deleted successfully.
C:\Program Files\AVAST Software => Moved successfully.
"C:\Users\user1\AppData\Local\Temp\jansi-32-git-MCPC-Plus-jenkins-MCPC-Plus-164-243.dll" => File/Directory not found.
"C:\Users\user2\AppData\Local\Temp\drm_dyndata_7400009.dll" => File/Directory not found.
"C:\Users\user2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptabab2.dll" => File/Directory not found.
"C:\Users\user2\AppData\Local\Temp\~convert1692773894483522371.exe" => File/Directory not found.
"C:\Users\user2\AppData\Local\Temp\~convert2039519410575071690.exe" => File/Directory not found.
"C:\Users\user2\AppData\Local\Temp\~convert3847387038058224184.exe" => File/Directory not found.
C:\Windows\System32\Drivers\aswsnx.sys => Moved successfully.
C:\Windows\System32\Drivers\aswsnx.sys.1420820403801 => Moved successfully.
C:\Windows\System32\Drivers\aswmonflt.sys => Moved successfully.
C:\Windows\System32\Drivers\aswsnx.sys.1420820401303 => Moved successfully.
C:\Windows\System32\Drivers\aswSP.sys => Moved successfully.
C:\Windows\System32\aswBoot.exe => Moved successfully.
C:\Windows\System32\Drivers\aswVmm.sys => Moved successfully.
C:\Windows\System32\Drivers\aswStm.sys => Moved successfully.
C:\Windows\System32\Drivers\aswRdr2.sys => Moved successfully.
C:\Windows\System32\Drivers\aswmonflt.sys.1420820401303 => Moved successfully.
C:\Windows\System32\Drivers\aswRvrt.sys => Moved successfully.
C:\Windows\avastSS.scr => Moved successfully.
C:\Windows\System32\Drivers\aswHwid.sys => Moved successfully.
C:\Windows\System32\Tasks\avast! Emergency Update => Moved successfully.
C:\ProgramData\AVAST Software => Moved successfully.
"C:\Users\user1\Downloads\avast_free_antivirus_setup.exe" => File/Directory not found.
C:\Windows\System32\klogon.dll => Moved successfully.
C:\Windows\System32\DRIVERS\kl1.sys => Moved successfully.
C:\Windows\System32\DRIVERS\kl2.sys => Moved successfully.
C:\Windows\System32\DRIVERS\klif.sys => Moved successfully.
C:\Windows\System32\DRIVERS\klim6.sys => Moved successfully.
C:\Windows\System32\DRIVERS\klmouflt.sys => Moved successfully.
==== End of Fixlog 17:22:23 ====
FRST.txt:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by user1 (administrator) on user1SEINER on 11-01-2015 18:00:25
Running from J:\
Loaded Profile: user1 (Available profiles: user1 & user2 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.WINCCPLUSMIG2008\MSSQL\Binn\sqlservr.exe
(Siemens AG) C:\Program Files\Common Files\Siemens\AlmPanelPlugin\ALMPanelPlugin.exe
() C:\Program Files (x86)\USB Server 2\NPW\NPWService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Siemens AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe
(Siemens AG) C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Siemens AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7epasrv64x.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1328450750-26571623-3133941281-1000\...\Run: [] => [X]
HKU\S-1-5-21-1328450750-26571623-3133941281-1000\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKU\S-1-5-21-1328450750-26571623-3133941281-1000\...\MountPoints2: {bcc10660-30fc-11e1-9351-806e6f6e6963} - D:\setup.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user1\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1328450750-26571623-3133941281-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-1328450750-26571623-3133941281-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/34
URLSearchHook: HKU\S-1-5-21-1328450750-26571623-3133941281-1000 - (No Name) - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1328450750-26571623-3133941281-1000 -> DefaultScope {BF60F087-5485-4488-B7AC-ACB12BAF5602} URL = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
SearchScopes: HKU\S-1-5-21-1328450750-26571623-3133941281-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1328450750-26571623-3133941281-1000 -> {BF60F087-5485-4488-B7AC-ACB12BAF5602} URL = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=
SearchScopes: HKU\S-1-5-21-1328450750-26571623-3133941281-1000 -> {FB37D52D-358A-475E-9994-51877A4A17D8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=F7E0452B-5B38-4945-BA9E-88F828A0AD22&apn_sauid=0D57585A-CD55-48E2-A332-F1755433C729
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1328450750-26571623-3133941281-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5-x64 07 C:\Program Files (x86)\USB Server 2\NPW\NPWprint.dll [195584] (Elite Silicon Technology Inc.)
Tcpip\..\Interfaces\{2EC583BC-0161-41E5-B55F-94CDE416F5FA}: [NameServer] 192.168.0.254
FireFox:
========
FF ProfilePath: C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\9ues00xz.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-1328450750-26571623-3133941281-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 almservice; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [1434848 2013-05-23] (SIEMENS AG)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
S2 HPSLPSVC; C:\Users\user1\AppData\Local\Temp\7zS232F\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MSSQL$WINCCPLUSMIG2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.WINCCPLUSMIG2008\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
R2 NPWService; C:\Program Files (x86)\USB Server 2\NPW\NPWService.exe [783360 2009-09-02] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-04-22] (PDF Complete Inc)
R2 s7oiehsx64; C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [143072 2013-07-08] (Siemens AG)
R2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64X.exe [472288 2013-07-08] (Siemens AG)
S4 SQLAgent$WINCCPLUSMIG2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.WINCCPLUSMIG2008\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 dpmconv; C:\Windows\System32\DRIVERS\dpmconv.sys [259584 2013-04-10] (Siemens AG)
R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( )
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-04-30] () [File not signed]
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-13] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-13] (Intel(R) Corporation)
S3 NgIoDriver; \??\C:\Windows\system32\drivers\ngiodriver_x64 [14864 2015-01-09] () [File not signed]
R3 NUS_Bus; C:\Windows\System32\DRIVERS\NUS_Bus.sys [30208 2010-01-28] (Elite Silicon Technology Inc.)
R3 s7odpx2x64; C:\Windows\System32\DRIVERS\s7odpx2x64.sys [71168 2012-12-19] (SIEMENS AG)
R3 s7oppinx64; C:\Windows\System32\DRIVERS\s7oppinx64.sys [107520 2012-07-24] (SIEMENS AG)
R3 s7oserix64; C:\Windows\System32\Drivers\s7oserix64.sys [121856 2012-07-24] (SIEMENS AG)
R3 s7osmcax64; C:\Windows\System32\DRIVERS\s7osmcax64.sys [199680 2012-07-24] (SIEMENS AG)
R3 s7osobux64; C:\Windows\System32\DRIVERS\s7osobux64.sys [153600 2012-07-24] (SIEMENS AG)
R3 s7otmcd64x; C:\Windows\System32\Drivers\s7otmcd64x.sys [199680 2012-07-24] (SIEMENS AG)
R3 s7otranx64; C:\Windows\System32\DRIVERS\s7otranx64.sys [260096 2012-07-24] (SIEMENS AG)
R3 s7otsadx64; C:\Windows\System32\DRIVERS\s7otsadx64.sys [196096 2012-07-24] (SIEMENS AG)
R2 s7ousbu64x; C:\Windows\System32\DRIVERS\s7ousbu64x.sys [137216 2013-06-03] (Siemens AG)
R2 s7sn2srtx; C:\Windows\System32\DRIVERS\s7sn2srtx.sys [83032 2012-05-09] (SIEMENS AG)
R2 SNTIE; C:\Windows\System32\DRIVERS\sntie.sys [286432 2013-03-22] (SIEMENS AG)
R3 vsnl2ada; C:\Windows\System32\DRIVERS\vsnl2ada.sys [128000 2013-07-01] (SIEMENS AG)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-11 17:23 - 2015-01-11 17:23 - 00285248 _____ () C:\Windows\Minidump\011115-18907-01.dmp
2015-01-10 03:52 - 2015-01-11 18:00 - 00000000 ____D () C:\FRST
2015-01-09 17:30 - 2015-01-09 17:30 - 00014864 _____ () C:\Windows\system32\Drivers\ngiodriver_x64
2015-01-09 17:22 - 2015-01-09 17:26 - 00000000 ____D () C:\Users\user1\Desktop\Festplatte-Sucherung
2015-01-09 17:21 - 2015-01-11 17:23 - 00000000 ____D () C:\Windows\Minidump
2015-01-09 17:21 - 2015-01-11 17:22 - 691995909 _____ () C:\Windows\MEMORY.DMP
2015-01-09 17:21 - 2015-01-09 17:21 - 00285248 _____ () C:\Windows\Minidump\010915-30014-01.dmp
2015-01-09 17:16 - 2015-01-09 17:18 - 131078000 _____ (AVAST Software) C:\Users\user1\Downloads\avast_free_antivirus_setup.exe
2015-01-09 17:08 - 2015-01-09 17:08 - 00042152 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2015-01-09 17:05 - 2015-01-09 17:05 - 09064712 _____ (Connectify) C:\Users\user1\Downloads\ConnectifyInstaller.exe
2015-01-06 12:50 - 2015-01-06 12:52 - 00035328 ___SH () C:\Users\user1\Documents\Thumbs.db
2015-01-05 11:16 - 2015-01-08 19:22 - 04554445 _____ () C:\Users\user1\Documents\Menschenrechte.pptx
2015-01-05 11:07 - 2015-01-05 11:08 - 00363520 _____ () C:\Users\user1\Downloads\referat_politik_und_sozialkunde.ppt
2014-12-30 19:01 - 2014-12-30 19:01 - 00015433 _____ () C:\Users\user2\Downloads\ELVIE32V346859T20141230190120R9804.zip
2014-12-28 16:12 - 2014-12-28 18:07 - 00016312 _____ () C:\Users\user2\Documents\St Anna_12_2014.xlsx
2014-12-26 18:51 - 2014-12-26 18:51 - 00000000 ____D () C:\Users\Gemeinsame Daten\user1
2014-12-26 18:48 - 2014-12-26 18:48 - 00139008 _____ () C:\Users\Konto\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 18:48 - 2014-12-26 18:48 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1898CF1-5248-4C91-BF14-2F0A32C1CEA5}
2014-12-26 18:48 - 2014-12-26 18:48 - 00001423 _____ () C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 18:48 - 2014-12-26 18:48 - 00000000 ____D () C:\Users\Konto\AppData\Roaming\Adobe
2014-12-26 18:47 - 2014-12-26 18:48 - 00000000 ____D () C:\Users\Konto
2014-12-26 18:47 - 2014-12-26 18:47 - 00000680 __RSH () C:\Users\Konto\ntuser.pol
2014-12-26 18:47 - 2014-12-26 18:47 - 00000020 ___SH () C:\Users\Konto\ntuser.ini
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\Vorlagen
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\Startmenü
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\Netzwerkumgebung
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\Lokale Einstellungen
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\Eigene Dateien
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\Druckumgebung
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\Documents\Eigene Musik
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\Documents\Eigene Bilder
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\AppData\Local\Verlauf
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\AppData\Local\Anwendungsdaten
2014-12-26 18:47 - 2014-12-26 18:47 - 00000000 _SHDL () C:\Users\Konto\Anwendungsdaten
2014-12-26 18:47 - 2012-01-14 12:07 - 00000000 ____D () C:\Users\Konto\AppData\Local\Microsoft Help
2014-12-26 18:47 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-26 18:47 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-26 18:22 - 2014-12-26 18:22 - 00001705 _____ () C:\Users\user1\Downloads\Add-Take-Ownership-Option.zip
2014-12-26 18:22 - 2014-12-26 18:22 - 00000000 ____D () C:\Users\user1\Downloads\Add-Take-Ownership-Option
2014-12-26 18:18 - 2014-12-26 18:18 - 00000622 _____ () C:\Users\user1\Downloads\TakeOwnership.zip
2014-12-26 18:18 - 2014-12-26 18:18 - 00000000 ____D () C:\Users\user1\Downloads\TakeOwnership
2014-12-26 18:13 - 2014-12-26 18:41 - 00000000 ____D () C:\Users\user1\Desktop\Fotos
2014-12-26 17:23 - 2015-01-08 20:29 - 00000000 ____D () C:\Users\Gemeinsame Daten\Dokumente
2014-12-26 17:17 - 2014-12-27 15:58 - 00000000 ____D () C:\Users\Gemeinsame Daten\Fotos
2014-12-26 17:09 - 2014-12-27 15:30 - 00000000 ____D () C:\Users\Gemeinsame Daten
2014-12-18 01:39 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 01:39 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-12 02:22 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-11 18:01 - 2012-08-26 18:07 - 00000340 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-01-11 17:59 - 2014-06-06 20:59 - 00006824 _____ () C:\Windows\setupact.log
2015-01-11 17:59 - 2011-12-05 20:31 - 00000000 ____D () C:\ProgramData\PDFC
2015-01-11 17:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 17:58 - 2013-03-29 10:50 - 01303539 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 17:55 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 17:55 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 17:51 - 2011-12-05 20:05 - 00769182 _____ () C:\Windows\system32\perfh007.dat
2015-01-11 17:51 - 2011-12-05 20:05 - 00176392 _____ () C:\Windows\system32\perfc007.dat
2015-01-11 17:51 - 2009-07-14 06:13 - 01817346 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 17:23 - 2012-01-14 11:45 - 00000336 __RSH () C:\Users\user1\ntuser.pol
2015-01-11 17:23 - 2011-12-27 18:53 - 00000000 ____D () C:\Users\user1
2015-01-09 17:21 - 2010-11-21 04:47 - 00255174 _____ () C:\Windows\PFRO.log
2015-01-09 17:16 - 2013-06-18 18:39 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-09 17:02 - 2012-01-14 10:30 - 00000000 ____D () C:\Users\user2\Documents\Outlook-Dateien
2015-01-09 16:04 - 2012-01-07 12:47 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2AB9307B-EA5D-45BE-912C-02FB8EB4741B}
2015-01-08 19:49 - 2012-01-20 16:38 - 00000000 ____D () C:\Users\user2\Documents\Excel Diverse
2015-01-08 19:28 - 2012-01-20 16:22 - 00000000 ____D () C:\Users\user2\Documents\Word Diverse
2015-01-06 07:46 - 2012-01-03 20:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 12:27 - 2014-10-23 17:02 - 00000000 ___RD () C:\Users\user2\Dropbox
2015-01-04 12:27 - 2014-10-23 17:00 - 00000000 ____D () C:\Users\user2\AppData\Roaming\Dropbox
2015-01-04 12:25 - 2012-01-14 17:44 - 00001330 __RSH () C:\Users\user2\ntuser.pol
2015-01-04 12:25 - 2012-01-07 12:47 - 00000000 ____D () C:\Users\user2
2015-01-03 12:39 - 2013-06-19 18:41 - 00000000 ____D () C:\Users\user1\Documents\Flight Simulator X-Dateien
2015-01-02 16:26 - 2013-10-19 13:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-27 15:35 - 2012-01-21 18:59 - 00000000 ____D () C:\TEMP
2014-12-26 12:23 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-15 07:13 - 2013-05-31 16:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-15 07:13 - 2013-05-31 16:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 03:00 - 2013-05-31 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 03:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 03:15 - 2014-10-17 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 09:13 - 2014-10-23 17:02 - 00001031 _____ () C:\Users\user2\Desktop\Dropbox.lnk
2014-12-12 09:13 - 2014-10-23 17:01 - 00000000 ____D () C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Some content of TEMP:
====================
C:\Users\user1\AppData\Local\Temp\jansi-32-git-MCPC-Plus-jenkins-MCPC-Plus-164-243.dll
C:\Users\user2\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\user2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptabab2.dll
C:\Users\user2\AppData\Local\Temp\~convert1692773894483522371.exe
C:\Users\user2\AppData\Local\Temp\~convert2039519410575071690.exe
C:\Users\user2\AppData\Local\Temp\~convert3847387038058224184.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 00:31
==================== End Of Log ============================
--- --- ---
Addition.txt: HTML-Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by user1 at 2015-01-11 18:01:49
Running from J:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.0.0.7 - Aerosoft)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
Ask Toolbar Updater (HKU\S-1-5-21-1328450750-26571623-3133941281-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{4184CC37-1C6E-7609-3F4D-67270084B088}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Baumaschinen-Simulator 2012 Version 1.0 (HKLM-x32\...\{80AA446A-3269-4843-8418-D26240DD9071}_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
BurnAware Free 4.8 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware Technologies)
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version: - astragon)
Cobra 11 - Burning Wheels (remove only) (HKLM-x32\...\BurningWheels) (Version: - )
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.835 - Corel Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Direkt Foto System 3.x (HKLM-x32\...\fotoCharly3_is1) (Version: - )
Fairground 2 Version 1.0 (HKLM-x32\...\{FBFCAE99-9D45-4F88-B18C-D6D0EAD2C15F}_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
GeoGebraPrim (HKU\S-1-5-21-1328450750-26571623-3133941281-1000\...\GeoGebraPrim) (Version: - International GeoGebra Institute)
HappyFoto-Designer 5.1 (HKLM-x32\...\HappyFoto-Designer_is1) (Version: - )
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Performance Advisor (HKLM-x32\...\{C1347D45-C69E-4688-80F4-BAC4C5081EE5}) (Version: 1.3.2905 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.8812 - HP)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.6.0.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Intel)
Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JClic author (HKU\S-1-5-21-1328450750-26571623-3133941281-1000\...\JClic author) (Version: - XTEC)
Kaspersky PURE 2.0 (HKLM-x32\...\InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}) (Version: 12.0.2.733 - Kaspersky Lab)
Kaspersky PURE 2.0 (x32 Version: 12.0.2.733 - Kaspersky Lab) Hidden
KYOCERA Client Tool (HKLM\...\KYOCERA Client Tool) (Version: 1.0.0026 - KYOCERA Document Solutions Inc.)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
LOGO!Soft Comfort V7.1 (HKLM\...\LOGO!Soft Comfort V7.1 ) (Version: 7.1.0.0 - Siemens AG)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Small Basic v1.0 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{48B08845-0CB0-45EC-893C-15319ADDA312}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MuseScore 1.2 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.2.0 - Werner Schweer and Others)
MyFreeCodec (HKU\S-1-5-21-1328450750-26571623-3133941281-1000\...\MyFreeCodec) (Version: - )
NCM GPRS 64 (Version: 01.01.0000 - Siemens AG) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
OMSI 2 (HKLM-x32\...\Steam App 252530) (Version: - MR-Software GbR)
OMSI Addon Manager Version 1.2.4 (HKLM-x32\...\{32B08666-1587-435D-988C-7958A04B218A}_is1) (Version: 1.2.4 - Jan Kiesewalter)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.50 - PDF Complete, Inc)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Politik Simulator 3 - Masters of the World (HKLM-x32\...\MOW 2013 GERMAN DL) (Version: 5.21 - Eversim)
POV-Ray for Windows v3.62 (HKLM-x32\...\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}) (Version: 3.62 - Persistence of Vision Raytracer Pty. Ltd.)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6080 - Realtek Semiconductor Corp.)
Roxio Creator Business (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3.56.24 - Roxio)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
SeCon (x32 Version: 02.00.0001 - Siemens AG) Hidden
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (HKLM-x32\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Siemens Automation License Manager (Version: 05.02.0100 - Siemens AG) Hidden
Siemens Automation License Manager V5.2 + SP1 (HKLM\...\{615F1B7D-EA2D-4242-84A0-71C2C7CE214B}LicenseManager) (Version: 05.02.0100 - Siemens AG)
Siemens Totally Integrated Automation Portal V12 (HKLM-x32\...\Siemens Installer Assistant - TIAP12) (Version: V12 - Siemens AG)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{AD4BFF44-F543-420A-9F92-E918CC40A739}) (Version: 6.2.00 - Silicon Laboratories, Inc.)
SIMATIC Device Drivers (Version: 01.02.0000 - Siemens AG) Hidden
SIMATIC Device Drivers WoW (x32 Version: 20.02.0000 - Siemens AG) Hidden
SIMATIC Event Database (x32 Version: 05.05.0300 - Siemens AG) Hidden
SIMATIC HMI License Manager Panel Plugin (x64) (Version: 11.00.0200 - Siemens AG) Hidden
SIMATIC HMI Symbol Library (x32 Version: 12.00.0100 - Siemens AG) Hidden
SIMATIC NCM FWL 64 (Version: 05.05.0400 - Siemens AG) Hidden
SIMATIC Prosave (x32 Version: 10.00.0100 - Siemens AG) Hidden
SIMATIC Prosave V10.0 incl. SP1 (HKLM-x32\...\{1A797C0B-EF7B-4687-BE26-A453BD4D41BC}Prosave) (Version: 10.00.0100 - Siemens AG)
Skigebiet Simulator 2012 (HKLM-x32\...\Skiworld Simulator 2012) (Version: - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SQL Server 2008 R2 SP1 Common Files (x32 Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (x32 Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (x32 Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version: - Unreal Software)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (HKLM\...\{8DB5B8FE-3F8A-4D9F-911C-F85473400859}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Sweet Home 3D version 3.5 (HKLM-x32\...\Sweet Home 3D_is1) (Version: - eTeks)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TIA Portal Single SetupPackage - Hardware Support Base Package 0 V12.0 (x32 Version: 12.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Hardware Support Base Package 02 V12.0 (x32 Version: 12.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Hardware Support Base Package 03 V12.0 (x32 Version: 12.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Hardware Support Base Package WCF-01 V12.0 (x32 Version: 12.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - HM All Editions Single SetupPackage V12.0 + SP1 (x32 Version: 12.00.0100 - Siemens AG) Hidden
TIA Portal Single SetupPackage - HM NoBasic Single SetupPackage V12.0 + SP1 (x32 Version: 12.00.0100 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Simatic Single SetupPackage V12.0 + SP1 (x32 Version: 12.00.0100 - Siemens AG) Hidden
TIA Portal Single SetupPackage - STEP 7 Single SetupPackage V12.0 + SP1 (x32 Version: 12.00.0100 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Support Base Package TO-01 V12.0 (x32 Version: 12.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Support Base Package TO-02 V12.0 (x32 Version: 12.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - TIA Tour Single SetupPackage V12.0 + SP1 (x32 Version: 12.00.0100 - Siemens AG) Hidden
TIA Portal Single SetupPackage - TIACOMPCHECK Single SetupPackage V12.0 + SP1 (x32 Version: 12.00.0100 - Siemens AG) Hidden
TIA Portal Single SetupPackage - WinCC Single SetupPackage V12.0 + SP1 (x32 Version: 12.00.0100 - Siemens AG) Hidden
Totally Integrated Automation Portal V12 - TIA Portal Single SetupPackage V12.0 + SP1 (x32 Version: 12.00.0100 - Siemens AG) Hidden
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ulead Photo Express 2.0 SE (HKLM-x32\...\Ulead Photo Express 2.0 SE) (Version: - )
USB Server (HKLM-x32\...\InstallShield_{C5BB4241-A436-4243-A5F2-CEADC02BE2A4}) (Version: 0.10.0308.0040 - Ihr Firmenname)
USB Server (Version: 0.10.0308.0040 - Ihr Firmenname) Hidden
VC User 71 RTL X86 --- (x32 Version: 1.0 - redistributed from Microsoft Corporation merge modules) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
Werkfeuerwehr-Simulator 2014 Version 1.0 (HKLM-x32\...\{A98167B4-4E26-4DA4-A57C-74A3ED3C845D}_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
WinCC Runtime Advanced Simulator (x32 Version: 12.00.0000 - Siemens AG) Hidden
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
World of Subways Vol. 3 (HKLM-x32\...\{3D294F77-AD11-45A5-B56B-E0D9C63C21FF}) (Version: 1.2 - aerosoft)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00697D6C-7F02-4919-A964-C5FDF560FA5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {1A8E44BA-DF17-4B9C-A81C-2178A15BE658} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {776CF77D-F386-456B-B4B2-57751A774D13} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {DE9EF07C-A1FF-4F1C-A2DE-1EF081C53D05} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E6554B3B-86A4-45E0-BDFC-86E48B18FE43} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-08-26] ()
Task: {FCAA492D-028D-45A1-8C6B-9945FFD05062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {FD5D7E26-38E1-4B8B-A24B-303FEA4689CB} - System32\Tasks\{C5EFE734-888B-490C-A242-B429DE10B6DB} => pcalua.exe -a C:\Users\Administrator\Downloads\S2Ext-0.2.7.exe -d C:\Users\Administrator\Downloads
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
==================== Loaded Modules (whitelisted) =============
2007-05-05 19:19 - 2012-01-07 11:58 - 00033792 _____ () C:\Windows\System32\KYGALM.dll
2012-11-26 15:00 - 2012-11-26 15:00 - 00774144 _____ () C:\Program Files\Common Files\Siemens\SWS\PlugIns\SCP\Scpwin64.dll
2009-09-02 14:07 - 2009-09-02 14:07 - 00783360 _____ () C:\Program Files (x86)\USB Server 2\NPW\NPWService.exe
2009-09-02 14:07 - 2009-09-02 14:07 - 00184320 _____ () C:\Program Files (x86)\USB Server 2\NPW\NPWpsm.dll
2009-09-02 14:07 - 2009-09-02 14:07 - 00087552 _____ () C:\Program Files (x86)\USB Server 2\NPW\NPWlog.dll
2009-09-02 14:07 - 2009-09-02 14:07 - 00270848 _____ () C:\Program Files (x86)\USB Server 2\NPW\NPWdcp.dll
2009-09-02 14:07 - 2009-09-02 14:07 - 00098816 _____ () C:\Program Files (x86)\USB Server 2\NPW\NPWuntp.dll
2013-07-04 20:27 - 2013-07-04 20:27 - 00848096 _____ () C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\sn_regbase.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1328450750-26571623-3133941281-500 - Administrator - Enabled) => C:\Users\Administrator
user1 (S-1-5-21-1328450750-26571623-3133941281-1000 - Administrator - Enabled) => C:\Users\user1
Gast (S-1-5-21-1328450750-26571623-3133941281-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1328450750-26571623-3133941281-1016 - Limited - Enabled)
user2 (S-1-5-21-1328450750-26571623-3133941281-1003 - Administrator - Enabled) => C:\Users\user2
==================== Faulty Device Manager Devices =============
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Officejet 6500 E710a-f
Description: Officejet 6500 E710a-f
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HID-konforme Maus
Description: HID-konforme Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/11/2015 06:01:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 05:49:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 05:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 05:29:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 05:24:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/09/2015 05:22:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/09/2015 05:21:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/08/2015 01:06:37 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/07/2015 00:20:41 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/06/2015 01:38:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm police.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: dbc
Startzeit: 01d029ad989a2027
Endzeit: 3
Anwendungspfad: C:\Program Files (x86)\Quadriga Games\Die Polizei 2013\bin.x86\police.exe
Berichts-ID:
System errors:
=============
Error: (01/11/2015 06:00:46 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/11/2015 05:48:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/11/2015 05:41:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/11/2015 05:39:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
discache
spldr
Wanarpv6
Error: (01/11/2015 05:29:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/11/2015 05:24:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/11/2015 05:23:05 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffff961000d5a88, 0x0000000000000000, 0xfffffa800762aa36, 0x0000000000000005)C:\Windows\MEMORY.DMP011115-18907-01
Error: (01/11/2015 05:23:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 09.01.2015 um 17:30:02 unerwartet heruntergefahren.
Error: (01/09/2015 05:23:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/09/2015 05:22:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
aswRdr
aswRvrt
aswSP
aswVmm
Microsoft Office Sessions:
=========================
Error: (01/11/2015 06:01:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 05:49:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 05:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 05:29:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 05:24:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/09/2015 05:22:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/09/2015 05:21:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41.manifest0
Error: (01/08/2015 01:06:37 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\fotocharlybestellsoftware\DelZip179.dllc:\program files (x86)\fotocharlybestellsoftware\DelZip179.dll8
Error: (01/07/2015 00:20:41 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\fotocharlybestellsoftware\DelZip179.dllc:\program files (x86)\fotocharlybestellsoftware\DelZip179.dll8
Error: (01/06/2015 01:38:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: police.exe0.0.0.0dbc01d029ad989a20273C:\Program Files (x86)\Quadriga Games\Die Polizei 2013\bin.x86\police.exe
CodeIntegrity Errors:
===================================
Date: 2014-05-28 15:48:04.871
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 15:48:04.808
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 15:48:02.707
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 15:48:02.643
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 15:48:00.508
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 15:48:00.444
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 15:47:58.352
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 15:47:58.291
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 15:47:56.185
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 15:47:56.122
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 8150.07 MB
Available physical RAM: 6735.35 MB
Total Pagefile: 16298.31 MB
Available Pagefile: 14757.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:463.76 GB) (Free:241.55 GB) NTFS
Drive j: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 40B71AF2)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 3.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Zur Info:
Internet braucht ca 2-3 Minuten, nach dieser Zeit (nach Anmeldung) ist es ca da.
Der Sound wie beschrieben ist immer noch da, auch nach mehrmaligem Reboot. |
aswrvrt.sys - Systemstartreperatur schlägt fehl
(https://www.trojaner-board.de/162617-aswrvrt-sys-systemstartreperatur-schlaegt-fehl.html)
+ R Taste und schreibe notepad in das Ausführen Fenster.
FRST 32-Bit | FRST 64-Bit