Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing...


  • This topic is locked This topic is locked
120 replies to this topic

#1 Leinad78

Leinad78

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 12 June 2016 - 11:51 PM

Good morning,

 

I made a terrible mistake and used Spyhunter to check my computer for malware and now i get the bootloop, similar to this guy here:

 

http://www.bleepingcomputer.com/forums/t/444580/stop-c0000135-the-program-cant-start-because-hs-is-missing-try-resintalling-the-program/

 

I´ve downloaded Farbar Recovery Scan Tool and did a Scan and Search. Would anyone be able to assist me get it back working :(
 
I´ll attach the scan and search.
 
Kind regards and thanks in advance.

Attached Files


Edited by Leinad78, 12 June 2016 - 11:51 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 15 June 2016 - 03:16 PM

Greetings Leinad78 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please run this program for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
S2 BBDemon; "C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe" -service [X]
S3 CPUgenieDriver; \??\C:\Users\DF\Downloads\Acer\W_CPUgenie1.5x86x64\CPUgenie 1.5 (x86+x64) - ?????\CPUgenie64\NBFreezer.sys [X]
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]
S4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 WinRing0_1_2_0; \??\C:\Users\DF\AppData\Local\Temp\tmp4817.tmp [X]
2016-05-11 14:40 - 2016-05-11 14:41 - 00000000 ____D C:\Program Files (x86)\GUMA62D.tmp
2016-04-23 10:40 - 2016-04-23 10:40 - 00000000 ____D C:\Users\DF\Downloads\PhotoZoom_Pro_6.0.8__2015__+_Cracked
2016-04-23 10:38 - 2016-04-23 10:39 - 02826625 _____ C:\Users\DF\Downloads\PhotoZoom_Pro_6.0.8__2015__+_Cracked..rar
C:\Users\DF\tsMS.reg
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1072296 2016-06-07] (Enigma Software Group USA, LLC.)
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Program Files\Enigma Software Group
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-06-07] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-07] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
2016-06-07 10:34 - 2016-06-07 10:34 - 00003242 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-06-07 10:34 - 2016-06-07 09:34 - 00008192 _____ C:\shldr.mbr
2016-06-07 10:33 - 2016-06-07 12:35 - 00059137 _____ C:\spyhunter.fix
2016-06-07 10:33 - 2016-06-07 10:35 - 00000000 ___HD C:\aoWFqQe6chlvKrn9
2016-06-07 09:38 - 2016-06-07 09:38 - 00000000 _____ C:\autoexec.bat
2016-06-07 09:37 - 2016-06-07 09:37 - 00022704 _____ C:\Windows\System32\Drivers\EsgScanner.sys
2016-06-07 09:34 - 2016-06-07 09:38 - 00001047 _____ C:\Users\DF\Desktop\SpyHunter.lnk
2016-06-07 09:34 - 2016-06-07 09:34 - 00000000 ____D C:\Users\DF\AppData\Roaming\Enigma Software Group
2016-06-07 09:33 - 2016-06-07 09:34 - 00000000 ____D C:\sh4ldr
2016-06-07 09:32 - 2016-06-07 09:37 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-06-07 09:12 - 2016-06-07 09:21 - 00000000 ____D C:\Users\DF\AppData\Local\FreeFixer
2016-06-07 09:12 - 2016-06-07 09:12 - 00000000 ____D C:\Users\DF\AppData\Roaming\FreeFixer
2016-06-07 09:11 - 2016-06-07 09:12 - 02687418 _____ (Kephyr) C:\Users\DF\Downloads\freefixersetup.exe
2016-05-11 14:40 - 2016-05-11 14:41 - 00000000 ____D C:\Program Files (x86)\GUMA62D.tmp
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your computer boot properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Leinad78

Leinad78
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 16 June 2016 - 02:59 AM

Hello Gary,

 

thanks for your assistance. My name is Daniel :)

 

I´ve done the fix as you described, the Computer does run into System Startup repair, no matter if i do a normal boot or a safe boot (from there it won´t go any further and it can´t repair itself).

 

I hope ist not to much hassle as my System language is german :(

 

Here´s the fixlog you requested:

 

Thanks again for taking the time to help a stupid fella like me :)

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016
durchgeführt von SYSTEM (2016-06-16 07:46:52) Run:1
Gestartet von H:\
Start-Modus: Recovery
==============================================

fixlist Inhalt:
*****************
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
S2 BBDemon; "C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe" -service [X]
S3 CPUgenieDriver; \??\C:\Users\DF\Downloads\Acer\W_CPUgenie1.5x86x64\CPUgenie 1.5 (x86+x64) - ?????\CPUgenie64\NBFreezer.sys [X]
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]
S4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 WinRing0_1_2_0; \??\C:\Users\DF\AppData\Local\Temp\tmp4817.tmp [X]
2016-05-11 14:40 - 2016-05-11 14:41 - 00000000 ____D C:\Program Files (x86)\GUMA62D.tmp
2016-04-23 10:40 - 2016-04-23 10:40 - 00000000 ____D C:\Users\DF\Downloads\PhotoZoom_Pro_6.0.8__2015__+_Cracked
2016-04-23 10:38 - 2016-04-23 10:39 - 02826625 _____ C:\Users\DF\Downloads\PhotoZoom_Pro_6.0.8__2015__+_Cracked..rar
C:\Users\DF\tsMS.reg
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1072296 2016-06-07] (Enigma Software Group USA, LLC.)
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Program Files\Enigma Software Group
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-06-07] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-07] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
2016-06-07 10:34 - 2016-06-07 10:34 - 00003242 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-06-07 10:34 - 2016-06-07 09:34 - 00008192 _____ C:\shldr.mbr
2016-06-07 10:33 - 2016-06-07 12:35 - 00059137 _____ C:\spyhunter.fix
2016-06-07 10:33 - 2016-06-07 10:35 - 00000000 ___HD C:\aoWFqQe6chlvKrn9
2016-06-07 09:38 - 2016-06-07 09:38 - 00000000 _____ C:\autoexec.bat
2016-06-07 09:37 - 2016-06-07 09:37 - 00022704 _____ C:\Windows\System32\Drivers\EsgScanner.sys
2016-06-07 09:34 - 2016-06-07 09:38 - 00001047 _____ C:\Users\DF\Desktop\SpyHunter.lnk
2016-06-07 09:34 - 2016-06-07 09:34 - 00000000 ____D C:\Users\DF\AppData\Roaming\Enigma Software Group
2016-06-07 09:33 - 2016-06-07 09:34 - 00000000 ____D C:\sh4ldr
2016-06-07 09:32 - 2016-06-07 09:37 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-06-07 09:12 - 2016-06-07 09:21 - 00000000 ____D C:\Users\DF\AppData\Local\FreeFixer
2016-06-07 09:12 - 2016-06-07 09:12 - 00000000 ____D C:\Users\DF\AppData\Roaming\FreeFixer
2016-06-07 09:11 - 2016-06-07 09:12 - 02687418 _____ (Kephyr) C:\Users\DF\Downloads\freefixersetup.exe
2016-05-11 14:40 - 2016-05-11 14:41 - 00000000 ____D C:\Program Files (x86)\GUMA62D.tmp
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Schlüssel erfolgreich entfernt
BBDemon => Dienst erfolgreich entfernt
CPUgenieDriver => Dienst erfolgreich entfernt
iocbios2 => Dienst erfolgreich entfernt
klkbdflt2 => Dienst erfolgreich entfernt
pccsmcfd => Dienst erfolgreich entfernt
Tablet2k => Dienst erfolgreich entfernt
WinRing0_1_2_0 => Dienst erfolgreich entfernt
C:\Program Files (x86)\GUMA62D.tmp => erfolgreich verschoben
C:\Users\DF\Downloads\PhotoZoom_Pro_6.0.8__2015__+_Cracked => erfolgreich verschoben
C:\Users\DF\Downloads\PhotoZoom_Pro_6.0.8__2015__+_Cracked..rar => erfolgreich verschoben
C:\Users\DF\tsMS.reg => erfolgreich verschoben
SDScannerService => Dienst erfolgreich entfernt
SDUpdateService => Dienst erfolgreich entfernt
SDWSCService => Dienst erfolgreich entfernt
SpyHunter 4 Service => Dienst erfolgreich entfernt
C:\Program Files (x86)\Spybot - Search & Destroy 2 => erfolgreich verschoben
C:\Program Files\Enigma Software Group => erfolgreich verschoben
esgiguard => Dienst erfolgreich entfernt
EsgScanner => Dienst erfolgreich entfernt
C:\Windows\System32\DRIVERS\EsgScanner.sys => erfolgreich verschoben
C:\Windows\System32\Tasks\SpyHunter4Startup => erfolgreich verschoben
C:\shldr.mbr => erfolgreich verschoben
C:\spyhunter.fix => erfolgreich verschoben
C:\aoWFqQe6chlvKrn9 => erfolgreich verschoben
C:\autoexec.bat => erfolgreich verschoben
"C:\Windows\System32\Drivers\EsgScanner.sys" => nicht gefunden.
C:\Users\DF\Desktop\SpyHunter.lnk => erfolgreich verschoben
C:\Users\DF\AppData\Roaming\Enigma Software Group => erfolgreich verschoben
C:\sh4ldr => erfolgreich verschoben
"C:\Program Files\Enigma Software Group" => nicht gefunden.
C:\Users\DF\AppData\Local\FreeFixer => erfolgreich verschoben
C:\Users\DF\AppData\Roaming\FreeFixer => erfolgreich verschoben
C:\Users\DF\Downloads\freefixersetup.exe => erfolgreich verschoben
"C:\Program Files (x86)\GUMA62D.tmp" => nicht gefunden.

==== Ende von Fixlog 07:46:52 ====


Edited by Leinad78, 16 June 2016 - 03:05 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 16 June 2016 - 08:31 AM

Greetings Daniel,

You are not stupid at all. Once I completely wiped my hard drive to "solve a problem" and lost my information only to find out later I didn't need to! That was not too bright. :)

Please do this.

===================================================

System Restore from System Recovery Options

--------------------

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item
  • Select English as the keyboard language settings, and then click Next
  • Select the operating system you want to repair, and then click Next
  • Select your user account an click Next
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc
  • Restart your computer
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD see here
  • Click Repair your computer
  • Select English as the keyboard language settings, and then click Next
  • Select the operating system you want to repair, and then click Next
  • Select your user account and click Next
Once you are in the System Recovery Options menu you will get the following options:


Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select System Restore (please be patient as it may take a minute or two to load)
  • Select Next
  • Check Show restore points older than 5 days
  • Left click on the Restore Point dated prior to the onset of your symptoms, then click Next
  • If you receive a caution screen, make sure your System Drive (C:) is checked, then click Next
  • Click Finish and allow System Restore to run
  • After your computer reboots see if you can boot normally or if necessary in Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are you able to boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Leinad78

Leinad78
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 16 June 2016 - 10:06 AM

Hello Gary,

 

unfortunally there is no restore point showing up. Its like in the thread i mentioned in the first post :(



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 16 June 2016 - 12:40 PM

OK, please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2016-06-07 10:33
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Can you boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Leinad78

Leinad78
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 16 June 2016 - 01:18 PM

Hello Gary,

 

I did the fix, it didn´t Change any behaviour of the Computer unfortunally :(

No recovery Points found and doesn´t boot into Windows :(

 

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016
durchgeführt von SYSTEM (2016-06-16 18:11:17) Run:2
Gestartet von H:\
Start-Modus: Recovery
==============================================

fixlist Inhalt:
*****************
LastRegBack: 2016-06-07 10:33
*****************

DEFAULT => erfolgreich kopiert zu System32\config\HiveBackup
DEFAULT => erfolgreich wiederhergestellt Von Sicherung der Registry
SAM => erfolgreich kopiert zu System32\config\HiveBackup
SAM => erfolgreich wiederhergestellt Von Sicherung der Registry
SECURITY => erfolgreich kopiert zu System32\config\HiveBackup
SECURITY => erfolgreich wiederhergestellt Von Sicherung der Registry
SOFTWARE => erfolgreich kopiert zu System32\config\HiveBackup
SOFTWARE => erfolgreich wiederhergestellt Von Sicherung der Registry
SYSTEM => erfolgreich kopiert zu System32\config\HiveBackup
SYSTEM => erfolgreich wiederhergestellt Von Sicherung der Registry

==== Ende von Fixlog 18:11:21 ====



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 16 June 2016 - 02:19 PM

OK, let's see if we can get more error information. I would also like you to run another FRST scan but rename the FRST64 file to FRST64English.exe.

===================================================

Diagnose Blue Screen of Death (BSOD) Errors by Disabling Automatic Restart

--------------------
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • BSOD information
  • FRST report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Leinad78

Leinad78
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 17 June 2016 - 01:43 PM

Hello Gary,

 

unfortunally there are no BSOD Information as the Computer does not shut down. When it starts up, it hangs at the boot Screen and immediately goes into the recovery Screen. From there i had Access to so more Details:

 

Additional Information:

Problemereignisname: StartupRepairOffline

Problemsignatur01: 6.1.7600.16385

Problemsignatur02: 6.1.7600.16385

Problemsignatur03: unknown

Problemsignatur04: 21199857

Problemsignatur05: AutoFailover

Problemsignatur06: 2

Problemsignatur07: CorruptFile

Betriebssystemversion: 6.1.7600.2.0.0.256.1

 

Does that help anything?

 

Here´s the log from FRST you wanted:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016
Ran by SYSTEM on MININT-GAK6U0H (17-06-2016 18:34:39)
Running from H:\
Platform: Windows 7 Professional (X64) Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [WTClient] => C:\Windows\system32\WTClient.exe [41304 2012-02-27] (Tablet Driver)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687488 2015-09-09] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\DF\...\Run: [sciebo] => C:\Program Files (x86)\sciebo\sciebo.exe [35994223 2016-02-22] ()
HKU\DF\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\DF\...\Policies\system: [DisableLockWorkstation] 0
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-10-07] (Kaspersky Lab ZAO)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [317640 2015-03-30] (Intel Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [496128 2015-09-09] (Sony Corporation)
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 BBDemon; "C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe" -service [X]
S2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [X]
S2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [X]
S2 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe" [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2013-06-17] (www.winchiphead.com)
S0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-25] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-09-27] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2013-09-17] (FNet Co., Ltd.)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-08] (GFI Software)
S1 HHDNLWF; C:\Windows\System32\DRIVERS\hhdnet64.sys [37448 2016-01-27] (HHD Software Ltd.)
S3 hhdusbh64; C:\Windows\System32\DRIVERS\hhdusbh64.sys [43616 2015-10-30] (HHD Software Ltd.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-03-01] (AO Kaspersky Lab)
S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-10-21] (AO Kaspersky Lab)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-05-26] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-05-26] (AO Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-05-26] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-10-07] (AO Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
S1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2015-04-26] (hxxp://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\DRIVERS\libusb0.sys [42592 2014-02-06] (hxxp://libusb-win32.sourceforge.net)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 Spyder5; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2014-12-19] (Datacolor)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)
S3 WinDriver6; C:\Windows\SysWOW64\drivers\windrvr6.sys [191424 2008-02-19] (Jungo)
S3 CPUgenieDriver; \??\C:\Users\DF\Downloads\Acer\W_CPUgenie1.5x86x64\CPUgenie 1.5 (x86+x64) - ?????\CPUgenie64\NBFreezer.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]
S4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 WinRing0_1_2_0; \??\C:\Users\DF\AppData\Local\Temp\tmp4817.tmp [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys 4542CC17440E85D2D2D73A7D40FAED0A
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asmthub3.sys 6FE3237C1177E66437E7AD0E8AC1A6E5
C:\Windows\System32\DRIVERS\asmtxhci.sys C4043E39A2ABBC56581CA25DF161E9F7
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthAudioHF.sys 07DCB3C254D584E3949FE2C0EE3963F2
C:\Windows\System32\DRIVERS\BthAvrcp.sys 832B121E4532919CC49F2438F1DCAA21
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\Drivers\CH341S64.SYS 37C29F723A1174B21E7CC6E66D7C2C37
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cm_km.sys B2A6D2A30E93B6F215F74AC7E1733C9C
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvbflt64.sys 0C5B0DF7EF9F719EBAE9F8FE70E083A9
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\drivers\bthav.sys DF07C6D98BA7F81D0571E366B1CD6672
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 58425D987F155F44C0BD4D0DB230327E
C:\Program Files\PerformanceTest\DirectIo64.sys 8FBB1FFC6F13F9D5EE8480B36BAFFC52
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FNETTBOH_305.SYS 508401A63E6B1CBF0B9C9A011498731F
C:\Windows\System32\drivers\FNETURPX.SYS E341178C116DAC6A3A764587E68DFA7B
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\drivers\ftdibus.sys EB29B37E7A0F91987E3B01204C8B79A7
C:\Windows\System32\drivers\ftser2k.sys F1544BBC7E08BB5B9E9E97996C3FA04B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hhdnet64.sys 30DDE735DD93A1F64DCECABE6A593D2E
C:\Windows\System32\DRIVERS\hhdusbh64.sys EBE1AB6976D338E969206B468CD707F9
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\ICCWDT.sys C1010ADD3DDAE1196ED21057AF7B2AAE
C:\Windows\System32\DRIVERS\igdkmd64.sys 92C3A37EE41FF6022EC53972F63927B7
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys F242E36CDA231701CFA702641C20FAEC
C:\Windows\System32\DRIVERS\IntcDAud.sys 8AEEE0F4D210B61F917CFEA9653973C4
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iusb3hcs.sys 846354992EBB373F452EB9182D501B08
C:\Windows\System32\DRIVERS\iusb3hub.sys 1D88A23853387D34D52CC8F9DDBFC56C
C:\Windows\System32\DRIVERS\iusb3xhc.sys FC5EFD7C797DF19DFB999F0605A7924E
C:\Windows\System32\DRIVERS\k57nd60a.sys 455B75C19BF3F1F2EE3AC10E1169826C
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys BEE1682DA217A4AD46C36896769AA580
C:\Windows\System32\DRIVERS\klbackupdisk.sys 86F40D79CE80ACBE6BEBAC8CE89D75A0
C:\Windows\System32\DRIVERS\klbackupflt.sys C80861511ADA03A65DC12FAA207592F8
C:\Windows\System32\DRIVERS\kldisk.sys 80D7529E1CF09261FADF55E69EFDA90B
C:\Windows\System32\DRIVERS\klflt.sys DE7D2DEDE9C9D5219AA439172BA8D21C
C:\Windows\System32\DRIVERS\klhk.sys 84A66A73DD916014D240E9DE8864B84B
C:\Windows\System32\DRIVERS\klif.sys B54F93308794842E37173152CE92F62C
C:\Windows\System32\DRIVERS\klim6.sys 4F50FD68F7F1A21AA1F811AF992574E6
C:\Windows\System32\DRIVERS\klkbdflt.sys 22C4E9381C60DA78161FA042FDBA6873
C:\Windows\System32\DRIVERS\klmouflt.sys D792857D47B8DF5BFEC02534C1933BE2
C:\Windows\System32\DRIVERS\klpd.sys F610F5F17BC87D61EF8954CCD793BAE4
C:\Windows\System32\DRIVERS\kltdi.sys B36DEE2A91F9388C4D3ED744592DE81D
C:\Windows\System32\DRIVERS\klwtp.sys 2AA3537309C2B9A7F120FB9E6A38250A
C:\Windows\System32\DRIVERS\kneps.sys 1686DE8288052316EFDD49EEA8929065
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L8042Kbd.sys F33C5D79D3273530E1892A0922283A7B
C:\Windows\System32\DRIVERS\LHidFilt.Sys B6552D382FF070B4ED34CBD6737277C0
C:\Windows\System32\DRIVERS\libusb0.sys 16E18CED459B1824234890386EE66CD5
C:\Windows\SysWOW64\DRIVERS\libusb0.sys C8C9800179AF00C90629514E30873D80
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 73C1F563AB73D459DFFE682D66476558
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LUsbFilt.Sys 9D9714E78EAC9E5368208649489C920E
C:\Windows\System32\DRIVERS\lvrs64.sys A401CFF74982D8DF851F20307C806073
C:\Windows\System32\DRIVERS\lvuvc64.sys 13384CB5F5813E65F31078D6ABFAAF38
C:\Windows\System32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PTSimBus.sys 5103FF107428093B8F2FC2AE42B15CC4
C:\Windows\System32\DRIVERS\PTSimHid.sys CFD91EAB9BF689E33996B339F44BE6EC
C:\Windows\System32\Drivers\PxHlpa64.sys 07D57B890DD5693A6AB660CBAE8F91B4
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ser2pl64.sys 8167B3DF18CF957BB87F328F131D5570
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dccmtr.sys 1D437579B9E02829011BE00E482C63A0
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 383C219BFA39703A5AF40F1636E3A7F8
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TClass2k.sys 72C5F0F62F10B5A0D2A4B0BC9107A50D
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\UCTblHid.sys E3D71AB2D32220068CE2592A086F44C2
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpnva64-6.sys 5B3644AB5E8E210F60869EA6895DE822
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\drivers\windrvr6.sys 82597A56652EB73A95484ADA65EB532B
C:\Windows\SysWOW64\drivers\windrvr6.sys 135B5FB324982B47758410ED5440137D
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-16 18:11 - 2016-06-16 18:11 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2016-06-15 19:57 - 2016-06-15 19:57 - 00000000 ____D C:\Temp
2016-06-15 14:27 - 2014-02-03 07:33 - 01008640 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2016-06-12 12:42 - 2016-06-17 18:34 - 00000000 ____D C:\FRST
2016-06-11 19:20 - 2016-06-11 19:20 - 00000000 ____D C:\.Trash-999
2016-06-10 09:09 - 2010-06-19 13:33 - 03955080 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2016-06-10 09:09 - 2010-06-19 13:33 - 03899784 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2016-06-10 09:09 - 2009-10-28 14:18 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2016-06-10 09:09 - 2009-07-14 08:16 - 00410624 _____ (Microsoft Corporation) C:\Windows\System32\systemcpl.dll
2016-06-10 09:09 - 2009-07-14 08:16 - 00345088 _____ (Microsoft Corporation) C:\Windows\System32\sppcommdlg.dll
2016-06-10 09:09 - 2009-07-14 08:16 - 00118784 _____ (Microsoft Corporation) C:\Windows\System32\sppwmi.dll
2016-06-10 09:09 - 2009-07-14 08:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\sppuinotify.dll
2016-06-10 09:09 - 2009-07-14 08:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\slwga.dll
2016-06-10 09:09 - 2009-07-14 08:14 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\slui.exe
2016-06-10 09:09 - 2009-07-14 08:14 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\winver.exe
2016-06-10 09:09 - 2009-06-11 04:38 - 00113629 _____ C:\Windows\System32\slmgr.vbs
2016-06-05 19:06 - 2016-06-05 19:06 - 00157532 _____ C:\Users\DF\Downloads\KomfortblinkerAudi.pdf
2016-06-05 15:39 - 2016-06-05 15:39 - 03337145 _____ C:\Users\DF\Downloads\ecusafe-2.0.0.0(1).rar
2016-06-05 15:38 - 2016-06-05 15:38 - 04702447 _____ C:\Users\DF\Downloads\gal_1260.zip
2016-06-05 15:37 - 2016-06-05 15:38 - 05038778 _____ C:\Users\DF\Downloads\galletto-1260-user-manual-files-download.rar
2016-06-03 19:39 - 2016-06-03 19:39 - 16924442 _____ (Alexey Savin ) C:\Users\DF\Downloads\FORScanSetup2.3.2.beta.exe
2016-06-01 15:35 - 2016-06-01 15:35 - 00675204 _____ C:\Users\DF\Downloads\Ford Galaxy Diagnostic OBD2 Port Location Video.mp4
2016-05-29 16:39 - 2016-05-29 16:39 - 00320239 _____ C:\Users\DF\Downloads\v3_einbau_sharan-alhambra-galaxy.pdf
2016-05-29 16:38 - 2016-05-29 16:38 - 00548680 _____ C:\Users\DF\Downloads\vanessa-heckkueche_bedienung+tipps_v2+v3.pdf
2016-05-29 16:36 - 2016-05-29 16:36 - 01523886 _____ C:\Users\DF\Downloads\schlafsystem-zur-kueche_sharan-galaxy-alhambra_aufbau_altesbj.pdf
2016-05-29 16:13 - 2016-05-29 16:13 - 00136073 _____ C:\Users\DF\Downloads\Siemens_MSSxx_Flash_Tool_1.1.1.4.rar
2016-05-29 16:13 - 2016-05-29 16:13 - 00000000 ____D C:\Users\DF\Downloads\Siemens_MSSxx_Flash_Tool_1.1.1.4
2016-05-29 15:51 - 2016-05-29 15:51 - 00000227 _____ C:\Users\DF\Downloads\Ford Galaxy 98.rar
2016-05-27 21:56 - 2016-05-27 21:56 - 06708416 _____ (Adobe System Incorporated.) C:\Users\DF\Downloads\AdobeCreativeCloudCleanerTool.exe
2016-05-27 20:17 - 2016-06-04 07:41 - 00000000 ____D C:\Users\DF\Downloads\leido ori
2016-05-27 20:16 - 2016-05-27 20:16 - 00110815 _____ C:\Users\DF\Downloads\leido ori.rar
2016-05-20 20:49 - 2016-05-20 20:49 - 00000000 ____D C:\Users\DF\Downloads\FI
2016-05-20 19:24 - 2016-05-20 19:24 - 00062202 _____ C:\Users\DF\Downloads\FI.rar
2016-05-18 22:41 - 2016-05-18 22:41 - 00524288 _____ C:\Users\DF\Downloads\new.bin
2016-05-18 22:35 - 2016-05-18 22:35 - 00524288 _____ C:\Users\DF\Downloads\immooffm62tu.bin
2016-05-17 21:46 - 2016-05-17 21:51 - 00000000 ____D C:\Users\DF\3DP
2016-05-17 21:45 - 2016-05-17 21:45 - 18346924 _____ C:\Users\DF\Downloads\versione-2.2.0.0update.zip
2016-05-17 21:45 - 2016-05-17 21:45 - 00000000 ____D C:\Users\DF\Downloads\versione-2.2.0.0update
2016-05-13 11:23 - 2016-05-13 11:23 - 00738880 _____ (Oracle Corporation) C:\Users\DF\Downloads\jxpiinstall(6).exe
2016-05-13 10:17 - 2016-05-13 10:44 - 564039084 _____ C:\Users\DF\Downloads\Raising and Training the Amstaff Pitbull - YouTube.mp4
2016-05-12 22:44 - 2016-05-12 22:45 - 00000000 ____D C:\Users\DF\Downloads\MS42_328i_immo_off
2016-05-12 22:44 - 2016-05-12 22:44 - 00135059 _____ C:\Users\DF\Downloads\MS42_328i_immo_off.7z
2016-05-11 14:41 - 2016-05-11 14:41 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab8ac941b87e.job
2016-04-28 20:13 - 2016-04-28 20:13 - 08345199 _____ C:\Users\DF\Downloads\BurnAware9P.rar
2016-04-28 20:13 - 2016-04-28 20:13 - 00000000 ____D C:\Users\DF\Downloads\BurnAware9P
2016-04-28 06:42 - 2016-04-28 06:42 - 00025621 _____ C:\Users\DF\Downloads\OpenMemories-Tweak-release-0.3.apk
2016-04-28 06:40 - 2016-04-28 06:42 - 00000000 ____D C:\PMCA
2016-04-28 06:36 - 2016-04-28 06:36 - 05585933 _____ C:\Users\DF\Downloads\pmca-v0.4-win(1).exe
2016-04-28 06:34 - 2016-04-28 06:34 - 03690496 _____ C:\Users\DF\Downloads\PMCADownloader(5).msi
2016-04-28 06:31 - 2016-04-28 06:31 - 05585933 _____ C:\Users\DF\Downloads\pmca-v0.4-win.exe
2016-04-23 16:12 - 2016-04-23 16:12 - 00000000 ____D C:\Users\DF\Downloads\Android
2016-04-23 16:11 - 2016-04-23 16:12 - 23577039 _____ C:\Users\DF\Downloads\Android.zip
2016-04-23 10:45 - 2016-04-23 10:45 - 00000847 _____ C:\Users\DF\Desktop\Benvista PhotoZoom.lnk
2016-04-23 10:45 - 2016-04-23 10:45 - 00000000 ____D C:\Program Files\Benvista PhotoZoom
2016-04-23 10:36 - 2016-04-23 10:37 - 24418966 _____ C:\Users\DF\Downloads\BPZP6.rar
2016-04-18 15:51 - 2016-04-18 15:51 - 00065536 _____ C:\Users\DF\Downloads\agopeng_M54B28.bin
2016-04-18 15:43 - 2016-04-18 15:43 - 00065536 _____ C:\Users\DF\Downloads\agopeng.bin
2016-04-18 14:08 - 2016-04-18 14:08 - 00640919 _____ C:\Users\DF\Downloads\ncsdummy(2).zip
2016-04-16 08:36 - 2016-04-16 08:36 - 00585476 _____ C:\Users\DF\Downloads\ME72.zip
2016-04-16 08:36 - 2016-04-16 08:36 - 00000000 ____D C:\Users\DF\Downloads\ME72
2016-04-04 21:26 - 2016-04-04 21:26 - 01192656 _____ (Adobe Systems Incorporated) C:\Users\DF\Downloads\flashplayer21_xa_install.exe
2016-04-04 20:13 - 2016-04-04 20:15 - 00065536 _____ C:\Users\DF\Downloads\read-rom_DoCr.bin
2016-04-04 20:06 - 2016-04-04 20:06 - 00065536 _____ C:\Users\DF\Downloads\read-rom.bin
2016-04-04 15:28 - 2016-04-04 15:44 - 41539497 _____ C:\Users\DF\Downloads\Facebook-5.mp4
2016-04-04 15:24 - 2016-04-04 15:27 - 36622936 _____ C:\Users\DF\Downloads\Facebook-4.mp4
2016-04-01 15:29 - 2016-04-01 15:29 - 00276372 _____ C:\Users\DF\Downloads\ASK_Remover.zip
2016-03-28 08:02 - 2016-03-28 08:02 - 00524288 _____ C:\Users\DF\Downloads\MS430056_M54B25_Logger_EWSsignature_CHK5off_RAMwritefreeread.bin
2016-03-27 07:23 - 2016-03-27 07:23 - 01048576 _____ C:\Users\DF\Downloads\extflash am29f800bb 032QN
2016-03-25 20:45 - 2016-03-25 20:45 - 00141005 _____ C:\Users\DF\Downloads\GetrieboMat(1).zip
2016-03-25 10:08 - 2016-03-25 10:08 - 00296448 _____ C:\Users\DF\Downloads\Api32.dll
2016-03-24 19:58 - 2016-03-24 19:58 - 00004417 _____ C:\Users\DF\Downloads\ifh.trc
2016-03-23 16:02 - 2016-03-23 16:02 - 00271557 _____ C:\Users\DF\Downloads\Footprints-100330.pdf
2016-03-21 14:51 - 2016-03-21 14:51 - 01530276 _____ C:\Users\DF\Downloads\hterm(1).zip
2016-03-21 14:51 - 2016-03-21 14:51 - 00000000 ____D C:\Users\DF\Downloads\hterm(1)
2016-03-21 06:53 - 2016-03-21 06:54 - 00524288 _____ C:\Users\DF\Downloads\volvo_s70EUtuned.bin
2016-03-20 15:44 - 2016-03-20 15:44 - 00067991 _____ C:\Users\DF\Downloads\termite-3.2.zip
2016-03-20 15:44 - 2016-03-20 15:44 - 00000000 ____D C:\Users\DF\Downloads\termite-3.2
2016-03-20 15:44 - 2016-03-20 15:44 - 00000000 ____D C:\Users\DF\AppData\Roaming\Termite
2016-03-20 15:43 - 2016-03-20 15:43 - 00265097 _____ C:\Users\DF\Downloads\termite-3.2.exe
2016-03-20 15:25 - 2016-03-20 15:27 - 61659284 _____ C:\Users\DF\Downloads\attitudeBunnySimplify3D_twiesner.stl
2016-03-20 15:25 - 2016-03-20 15:26 - 49599284 _____ C:\Users\DF\Downloads\attitudeBunny_twiesner.stl
2016-03-20 14:21 - 2016-03-20 14:21 - 00201860 _____ C:\Users\DF\Downloads\MS430056_M54B25_Logger_EWSsignature_CHK5off_LC_MTonly.rar
2016-03-20 12:29 - 2016-03-20 12:29 - 01149445 _____ C:\Users\DF\Downloads\Binaries-20160202.zip
2016-03-20 12:23 - 2016-03-20 12:23 - 13767776 _____ (Microsoft Corporation) C:\Users\DF\Downloads\vc_redist.x86.exe
2016-03-20 11:39 - 2016-03-20 11:39 - 00000000 ____D C:\Users\DF\Downloads\Atheros_Bluetooth_V72065_XPVistaWin7
2016-03-20 11:38 - 2016-03-20 11:38 - 00000000 ____D C:\Users\DF\Downloads\bt-6.4.4.4-wxp
2016-03-20 11:19 - 2016-03-20 11:29 - 330041796 _____ C:\Users\DF\Downloads\Atheros_Bluetooth_V72065_XPVistaWin7.zip
2016-03-20 11:19 - 2016-03-20 11:23 - 111192502 _____ C:\Users\DF\Downloads\bt-6.4.4.4-wxp.zip
2016-03-20 11:17 - 2016-03-20 11:17 - 00000000 ____D C:\Users\DF\Downloads\Bluetooth_Atheros_7.4.0000.0095_W7x64_A
2016-03-20 11:14 - 2016-03-20 11:16 - 119697479 _____ C:\Users\DF\Downloads\Bluetooth_Atheros_7.4.0000.0095_W7x64_A.zip
2016-03-19 18:50 - 2016-03-19 18:50 - 14572000 _____ (Microsoft Corporation) C:\Users\DF\Downloads\vc_redist.x64.exe
2016-03-19 18:50 - 2015-06-07 00:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-19 18:50 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-19 18:49 - 2016-03-19 18:49 - 00239318 _____ C:\Users\DF\Downloads\dcan_Tools.rar
2016-03-19 18:49 - 2016-03-19 18:49 - 00000000 ____D C:\Users\DF\Downloads\dcan_Tools

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-16 07:46 - 2013-03-02 11:24 - 00000000 ____D C:\users\DF
2016-06-08 16:28 - 2013-03-30 09:45 - 01392206 _____ C:\Windows\ntbtlog.txt
2016-06-07 12:35 - 2013-03-02 12:54 - 00000000 ____D C:\Program Files (x86)\Winamp
2016-06-07 10:28 - 2013-03-02 12:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-07 10:06 - 2015-10-16 07:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-07 09:53 - 2015-10-07 17:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-07 09:39 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\System32\perfh007.dat
2016-06-07 09:39 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\System32\perfc007.dat
2016-06-07 09:39 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\System32\PerfStringBackup.INI
2016-06-07 09:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-06-07 09:38 - 2009-07-14 05:45 - 00024944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-07 09:38 - 2009-07-14 05:45 - 00024944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-07 09:36 - 2015-04-25 19:55 - 00000000 __SHD C:\Users\DF\IntelGraphicsProfiles
2016-06-07 09:36 - 2013-03-02 12:26 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-07 09:36 - 2013-03-02 12:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-07 09:36 - 2013-03-02 12:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-07 09:35 - 2016-02-04 17:13 - 00000000 ____D C:\Users\DF\AppData\Local\sciebo
2016-06-07 09:35 - 2013-03-04 15:38 - 00000000 ____D C:\Users\DF\AppData\Local\Adobe
2016-06-07 09:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-07 09:34 - 2013-09-08 10:42 - 00000000 ____D C:\ProgramData\TEMP
2016-06-07 09:33 - 2013-03-02 11:16 - 00285747 _____ C:\shldr
2016-06-07 09:05 - 2015-04-18 08:00 - 00000000 ____D C:\Users\DF\Desktop\Alte Firefox-Daten
2016-05-29 13:51 - 2013-03-02 12:54 - 00000000 ____D C:\Users\DF\AppData\Roaming\Winamp
2016-05-27 22:23 - 2014-07-06 12:44 - 00000000 ____D C:\Users\DF\Documents\Adobe
2016-05-27 22:23 - 2013-03-20 15:52 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-27 22:23 - 2013-03-02 12:59 - 00000000 ____D C:\Users\DF\AppData\Roaming\Adobe
2016-05-27 22:23 - 2013-03-02 12:26 - 00000000 ____D C:\ProgramData\Adobe
2016-05-27 21:55 - 2013-03-04 15:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-27 20:48 - 2014-04-09 20:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-05-27 18:55 - 2013-03-24 12:25 - 00000000 ____D C:\Users\DF\AppData\Roaming\vlc
2016-05-27 18:51 - 2015-12-07 19:15 - 00000049 _____ C:\Users\DF\Downloads\FILES.LST
2016-05-26 07:57 - 2015-10-07 17:52 - 00943536 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2016-05-26 07:57 - 2015-06-11 18:32 - 00049240 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klim6.sys
2016-05-26 07:56 - 2015-07-04 01:18 - 00237480 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klhk.sys

Some files in TEMP:
====================
C:\Users\DF\AppData\Local\Temp\avgnt.exe

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2016-06-10 09:09] - [2009-10-28 14:18] - 0285696 ____A (Microsoft Corporation) 37CDB7E72EB66BA85A87CBE37E7F03FD

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-06-15 14:27] - [2014-02-03 07:33] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2013-03-09 13:42] - [2013-03-13 18:58] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {3fafdbf9-8322-11e2-be40-935b2497cb44}
displayorder            {3fafdbfa-8322-11e2-be40-935b2497cb44}
                        {3fafdbfd-8322-11e2-be40-935b2497cb44}
                        {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {3fafdbfa-8322-11e2-be40-935b2497cb44}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
testsigning             No
osdevice                partition=C:
systemroot              \Windows
resumeobject            {3fafdbf9-8322-11e2-be40-935b2497cb44}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\3fafdbfb-8322-11e2-be40-935b2497cb44\Winre.wim,{3fafdbfc-8322-11e2-be40-935b2497cb44}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\3fafdbfb-8322-11e2-be40-935b2497cb44\Winre.wim,{3fafdbfc-8322-11e2-be40-935b2497cb44}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {3fafdbfd-8322-11e2-be40-935b2497cb44}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows 7 Professional (wiederhergestellt)
locale                  de-DE
osdevice                unknown
systemroot              \Windows

Windows-Startladeprogramm
-------------------------
Bezeichner              {3fafdbfe-8322-11e2-be40-935b2497cb44}

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Professional (wiederhergestellt)
locale                  de-DE
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows

Windows-Startladeprogramm
-------------------------
Bezeichner              {3fafdc01-8322-11e2-be40-935b2497cb44}
device                  ramdisk=[C:]\Recovery\3fafdbfb-8322-11e2-be40-935b2497cb44\Winre.wim,{3fafdc02-8322-11e2-be40-935b2497cb44}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (wiederhergestellt)
locale                 
osdevice                ramdisk=[C:]\Recovery\3fafdbfb-8322-11e2-be40-935b2497cb44\Winre.wim,{3fafdc02-8322-11e2-be40-935b2497cb44}
systemroot              \windows
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {3fafdbf9-8322-11e2-be40-935b2497cb44}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {3fafdbfc-8322-11e2-be40-935b2497cb44}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3fafdbfb-8322-11e2-be40-935b2497cb44\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {3fafdbff-8322-11e2-be40-935b2497cb44}
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\3fafdbfb-8322-11e2-be40-935b2497cb44\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {3fafdc02-8322-11e2-be40-935b2497cb44}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3fafdbfb-8322-11e2-be40-935b2497cb44\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 15309.71 MB
Available physical RAM: 14176.52 MB
Total Virtual: 15307.86 MB
Available Virtual: 14172.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.94 GB) (Free:321.29 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:976.56 GB) (Free:369.76 GB) NTFS
Drive e: () (Fixed) (Total:976.56 GB) (Free:684.37 GB) NTFS
Drive f: (Fotos) (Fixed) (Total:841.27 GB) (Free:306.81 GB) NTFS
Drive h: (PATRIOT) (Removable) (Total:7.21 GB) (Free:6.74 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 37B0F9B2)
Partition 1: (Active) - (Size=476.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 880893E4)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: D4AF0D39)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=07 NTFS)

LastRegBack: 2016-06-07 10:33

==================== End of FRST.txt ============================



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 17 June 2016 - 07:39 PM

Please do these this.

===================================================

Farbar's Recovery Scan Tool - Run Fix and sfc Scan in Recovery Environment

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
S2 BBDemon; "C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe" -service [X]
S2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [X]
S2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [X]
S2 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe" [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
S3 CPUgenieDriver; \??\C:\Users\DF\Downloads\Acer\W_CPUgenie1.5x86x64\CPUgenie 1.5 (x86+x64) - ?????\CPUgenie64\NBFreezer.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]
S4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 WinRing0_1_2_0; \??\C:\Users\DF\AppData\Local\Temp\tmp4817.tmp [X]
C:\Users\DF\AppData\Local\Temp\avgnt.exe
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Close the FRST screen and return to the Command Prompt
  • Type the following (there is a space before each "/") after the Command Prompt and hit Enter (if you receive an error message replace C:\ with D:\)

sfc.exe /scannow /offbootdir=c:\ /offwindir=c:\windows

  • After completion atempt to boot your computer into Normal Mode of if unsuccessful, Safe Mode and monitor the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Can you boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Leinad78

Leinad78
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 18 June 2016 - 01:11 AM

Hello Gary,

 

i got an error doing the sfc which i Show in german and will try to translate as best as i can:

 

"Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern

 

Die Plattformarchitektur des Offlineabbilds stimmt nicht mit der Architektur des aktiven Systems überein. Dies wird nicht für die Systemreparatur unterstützt."

 

"Searching for System will be started. This may take a while.

 

The architecture of the offline System does not correspond to the architecture of the active System. This is not supported by the systemrepair."

 

Using d: instead of c: didn´t help either as c: is my main SSD where Windows is stored.

 

Here´s the fix log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-06-2016
Ran by SYSTEM (2016-06-18 06:00:24) Run:3
Running from H:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
S2 BBDemon; "C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe" -service [X]
S2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [X]
S2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [X]
S2 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe" [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
S3 CPUgenieDriver; \??\C:\Users\DF\Downloads\Acer\W_CPUgenie1.5x86x64\CPUgenie 1.5 (x86+x64) - ?????\CPUgenie64\NBFreezer.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]
S4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 WinRing0_1_2_0; \??\C:\Users\DF\AppData\Local\Temp\tmp4817.tmp [X]
C:\Users\DF\AppData\Local\Temp\avgnt.exe
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
BBDemon => service removed successfully
MakerBot Conveyor Service => service removed successfully
nlsX86cc => service removed successfully
SDScannerService => service removed successfully
SDUpdateService => service removed successfully
SDWSCService => service removed successfully
SpyHunter 4 Service => service removed successfully
CPUgenieDriver => service removed successfully
esgiguard => service removed successfully
EsgScanner => service removed successfully
iocbios2 => service removed successfully
klkbdflt2 => service removed successfully
pccsmcfd => service removed successfully
Tablet2k => service removed successfully
WinRing0_1_2_0 => service removed successfully
C:\Users\DF\AppData\Local\Temp\avgnt.exe => moved successfully

==== End of Fixlog 06:00:24 ====



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 18 June 2016 - 09:12 AM

This is not encouraging news but I am not ready to give in just yet. Boot into the recovery environment and save the below file to your USB device. Copy and paste the contents in your reply.

C:\Windows\System32\LogFiles\Srt\SrtTrail.txt
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Leinad78

Leinad78
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 19 June 2016 - 09:16 AM

Sounds like we have a hit :)

 

Protokoll der Starthilfediagnose und -reparatur
---------------------------
Zeitpunkt des letzten erfolgreichen Starts: ‎07.‎06.‎2016 08:35:31 (GMT)
Anzahl von Reparaturversuchen: 6

Sitzungsdetails
---------------------------
Systemdatenträger = \Device\Harddisk0
Windowsverzeichnis = C:\Windows
AutoChk-Ausführung = 0
Anzahl der Fehlerursachen = 1

Durchgeführter Test:
---------------------------
Name: Nach Updates suchen
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 16 ms

Durchgeführter Test:
---------------------------
Name: Systemdatenträger-Test
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 16 ms

Durchgeführter Test:
---------------------------
Name: Datenträgerfehlerdiagnose
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 78 ms

Durchgeführter Test:
---------------------------
Name: Test der Datenträgermetadaten
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Zielbetriebssystem testen
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 31 ms

Durchgeführter Test:
---------------------------
Name: Überprüfung des Volumeinhalts
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 47 ms

Durchgeführter Test:
---------------------------
Name: Diagnose des Start-Managers
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Diagnose des Systemstartprotokolls
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Ereignisprotokolldiagnose
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 15 ms

Durchgeführter Test:
---------------------------
Name: Interne Statusüberprüfung
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Gefundene Fehlerursache:
---------------------------
Die Starthilfe konnte auch nach mehreren Versuchen die Problemursache nicht feststellen.

---------------------------
---------------------------
Sitzungsdetails
---------------------------
Systemdatenträger = \Device\Harddisk0
Windowsverzeichnis = C:\Windows
AutoChk-Ausführung = 0
Anzahl der Fehlerursachen = 1

Durchgeführter Test:
---------------------------
Name: Nach Updates suchen
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 16 ms

Durchgeführter Test:
---------------------------
Name: Systemdatenträger-Test
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Datenträgerfehlerdiagnose
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 94 ms

Durchgeführter Test:
---------------------------
Name: Test der Datenträgermetadaten
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Zielbetriebssystem testen
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 15 ms

Durchgeführter Test:
---------------------------
Name: Überprüfung des Volumeinhalts
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 47 ms

Durchgeführter Test:
---------------------------
Name: Diagnose des Start-Managers
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Diagnose des Systemstartprotokolls
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Ereignisprotokolldiagnose
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 16 ms

Durchgeführter Test:
---------------------------
Name: Interne Statusüberprüfung
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Test des Startstatus
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Statusüberprüfung für Setup
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 156 ms

Durchgeführter Test:
---------------------------
Name: Test der Registrierungsstruktur
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 920 ms

Durchgeführter Test:
---------------------------
Name: Diagnose des Windows-Startprotokolls
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 125 ms

Gefundene Fehlerursache:
---------------------------
Die für den Start erforderliche Datei "C:\Windows\system32\ntoskrnl.exe" ist beschädigt.

---------------------------
---------------------------
Sitzungsdetails
---------------------------
Systemdatenträger = \Device\Harddisk0
Windowsverzeichnis = C:\Windows
AutoChk-Ausführung = 0
Anzahl der Fehlerursachen = 1

Durchgeführter Test:
---------------------------
Name: Nach Updates suchen
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 15 ms

Durchgeführter Test:
---------------------------
Name: Systemdatenträger-Test
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Datenträgerfehlerdiagnose
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 94 ms

Durchgeführter Test:
---------------------------
Name: Test der Datenträgermetadaten
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Zielbetriebssystem testen
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 31 ms

Durchgeführter Test:
---------------------------
Name: Überprüfung des Volumeinhalts
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 47 ms

Durchgeführter Test:
---------------------------
Name: Diagnose des Start-Managers
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Diagnose des Systemstartprotokolls
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Ereignisprotokolldiagnose
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 16 ms

Durchgeführter Test:
---------------------------
Name: Interne Statusüberprüfung
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Test des Startstatus
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Durchgeführter Test:
---------------------------
Name: Statusüberprüfung für Setup
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 140 ms

Durchgeführter Test:
---------------------------
Name: Test der Registrierungsstruktur
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 4836 ms

Durchgeführter Test:
---------------------------
Name: Diagnose des Windows-Startprotokolls
Ergebnis: Erfolgreich abgeschlossen. Fehlercode =  0x0
Erstellungszeit = 0 ms

Gefundene Fehlerursache:
---------------------------
Die für den Start erforderliche Datei "C:\Windows\system32\ntoskrnl.exe" ist beschädigt.

---------------------------
---------------------------
 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 19 June 2016 - 02:02 PM

Do you recall trying any Windows activation steps recently?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Leinad78

Leinad78
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 19 June 2016 - 02:16 PM

Definately not!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users