|
Log-Analyse und Auswertung: Win XP: GMER findet diverse SSDTWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.03.2015, 11:55 | #1 |
| Win XP: GMER findet diverse SSDT Guten Tag! Heute handelt es sich um einen Computer mit Windows XP, von dem ich befürchte, dass sich auf ihm eventuell schädliche Dinge befinden. Der Scan mit Avast brachte keine Auffälligkeiten. Im Folgenden hänge ich die Ergebnisse der Scans an, wie sie in der "Anleitung für Hilfesuchende" beschrieben sind. defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:02 on 24/03/2015 (***) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by *** (administrator) on LENOVO-*** on 24-03-2015 11:02:52 Running from C:\Dokumente und Einstellungen\***\Desktop\Prüfen Loaded Profiles: *** (Available profiles: *** & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o.) C:\Programme\AVAST Software\Avast\AvastSvc.exe (Primax Electronics Ltd.) C:\WINDOWS\system32\ico.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE () C:\Programme\Lenovo\FanSpeedControl\LenovoFSC.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.EXE (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Lenovo Group Limited) C:\Programme\Lenovo\Client Security Solution\cssauth.exe (shbox.de) C:\Programme\FreePDF_XP\fpassist.exe () C:\WINDOWS\twain_32\D66U\D066UUTY.EXE (HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (Hewlett-Packard Company) C:\Programme\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard) C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) C:\WINDOWS\system32\hphmon05.exe (SEIKO EPSON CORPORATION) C:\Programme\Epson Software\Event Manager\EEventManager.exe (Samsung Electronics Co., Ltd.) C:\Programme\Samsung\Kies\KiesTrayAgent.exe (CANON INC.) C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (Avast Software s.r.o.) C:\Programme\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIHJE.EXE () C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Programme\Windows Media Player\wmpnscfg.exe (ABBYY) C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe () C:\Programme\Canon\IJPLM\ijplmsvc.exe (InterVideo) C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe (Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe () C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe (Lenovo Group Limited) C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Microsoft Corporation) C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe () C:\WINDOWS\system32\FSRremoS.EXE (HP) C:\WINDOWS\system32\HPZipm12.exe (Primax Electronics Ltd.) C:\WINDOWS\system32\PELMICED.EXE (Nero AG) C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (CANON INC.) C:\Programme\Canon\Solution Menu EX\CNSEUPDT.EXE (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Programme\Messenger\msmsgs.exe (Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\WINDOWS\system32\ICO.EXE [53248 2008-06-27] (Primax Electronics Ltd.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16875008 2008-06-27] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.) HKLM\...\Run: [] => [X] HKLM\...\Run: [LenovoFSC] => C:\Programme\Lenovo\FanSpeedControl\LenovoFSC.exe [40960 2008-09-26] () HKLM\...\Run: [TVT Scheduler Proxy] => C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-11-24] (Lenovo Group Limited) HKLM\...\Run: [LPManager] => C:\Programme\Lenovo\LenovoCare\LPMGR.EXE [165208 2008-06-08] (Lenovo Group Limited) HKLM\...\Run: [LPMailChecker] => C:\Programme\Lenovo\LenovoCare\LPMLCHK.EXE [124248 2008-06-08] (Lenovo Group Limited) HKLM\...\Run: [cssauth] => C:\Programme\Lenovo\Client Security Solution\cssauth.exe [3073336 2008-06-13] (Lenovo Group Limited) HKLM\...\Run: [FreePDF Assistant] => C:\Programme\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [NeroFilterCheck] => C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [D066UUtility] => C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE [32768 2000-07-06] () HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [172032 2003-03-11] (HP) HKLM\...\Run: [HPHUPD05] => C:\Programme\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe [49152 2003-11-12] (Hewlett-Packard) HKLM\...\Run: [HP Component Manager] => C:\Programme\HP\hpcoretech\hpcmpmgr.exe [241664 2003-12-22] (Hewlett-Packard Company) HKLM\...\Run: [HP Software Update] => C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2003-12-05] (Hewlett-Packard) HKLM\...\Run: [HPHmon05] => C:\WINDOWS\system32\hphmon05.exe [495616 2004-02-02] (Hewlett-Packard) HKLM\...\Run: [EEventManager] => C:\Programme\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION) HKLM\...\Run: [KiesTrayAgent] => C:\Programme\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-05-04] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [CanonMyPrinter] => C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM\...\Run: [AvastUI.exe] => C:\Programme\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-24] (Avast Software s.r.o.) HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG) HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\...\Run: [EPSON SX130 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE [208384 2010-12-07] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\...\Run: [KiesHelper] => C:\Programme\Samsung\Kies\KiesHelper.exe [955792 2012-05-04] (Samsung) HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\...\Run: [KiesPDLR] => C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-05-04] () HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\...\Run: [SCOExeFileWacher] => C:\Programme\SCO\scofilwhc.exe HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\...\Run: [WMPNSCFG] => C:\Programme\Windows Media Player\WMPNSCFG.exe [204288 2009-02-04] (Microsoft Corporation) Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\Software\Microsoft\Internet Explorer\Main,Search Page = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE SearchScopes: HKU\S-1-5-21-1213230388-1417447374-3222475311-1005 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1213230388-1417447374-3222475311-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE SearchScopes: HKU\S-1-5-21-1213230388-1417447374-3222475311-1005 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programme\AVAST Software\Avast\aswWebRepIE.dll [2015-03-24] (Avast Software s.r.o.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll No File BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Programme\Windows Live Toolbar\msntb.dll No File BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-13] (Lenovo Group Limited) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation) Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll No File Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll No File Toolbar: HKU\.DEFAULT -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Toolbar: HKU\.DEFAULT -> Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll No File Toolbar: HKU\S-1-5-21-1213230388-1417447374-3222475311-1005 -> Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll No File DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll [2003-12-22] (Hewlett-Packard Company) Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5pqmiuef.default FF SearchEngineOrder.1: Ask Search FF Homepage: about:home FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin: @canon.com/EPPEX -> C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5pqmiuef.default\searchplugins\ask-search.xml [2013-12-03] FF Extension: IE Tab 2 (FF 3.6+) - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5pqmiuef.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-10-29] FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5pqmiuef.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-10-29] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF [2013-12-25] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-11] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-20] CHR Extension: (Google Drive) - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-20] CHR Extension: (YouTube) - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-20] CHR Extension: (Google Search) - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-20] CHR Extension: (Avast Online Security) - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-20] CHR Extension: (Google Wallet) - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-20] CHR Extension: (Gmail) - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-20] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed] R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed] S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [175616 2008-04-14] (Microsoft Corporation) [File not signed] R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed] R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-24] (Avast Software s.r.o.) R2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed] S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed] S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed] S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed] R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed] R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed] R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [127488 2008-04-14] (Microsoft Corporation) [File not signed] S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [225280 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed] S3 dmserver; C:\WINDOWS\System32\dmserver.dll [24064 2008-04-14] (Microsoft Corp.) [File not signed] R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed] S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [133120 2008-04-14] (Microsoft Corporation) [File not signed] S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed] S4 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed] R2 Eventlog; C:\WINDOWS\system32\services.exe [111104 2009-02-09] (Microsoft Corporation) [File not signed] R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed] R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Microsoft Corporation) [File not signed] S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-08-20] (Google Inc.) S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-08-20] (Google Inc.) R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed] S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed] R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed] R2 IJPLMSVC; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed] R2 IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [112152 2007-01-04] (InterVideo) R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation) R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed] R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed] R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed] S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed] S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed] S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114800 2014-12-31] (Mozilla Foundation) S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed] S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed] S3 napagent; C:\WINDOWS\System32\qagentrt.dll [294400 2008-04-14] (Microsoft Corporation) [File not signed] S3 NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed] S4 NetDDE; C:\WINDOWS\system32\netdde.exe [114176 2008-04-14] (Microsoft Corporation) [File not signed] S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [114176 2008-04-14] (Microsoft Corporation) [File not signed] S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed] R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed] R3 Nla; C:\WINDOWS\System32\mswsock.dll [247296 2008-06-20] (Microsoft Corporation) [File not signed] R3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed] S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed] S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [438272 2008-04-14] (Microsoft Corporation) [File not signed] R2 PlugPlay; C:\WINDOWS\system32\services.exe [111104 2009-02-09] (Microsoft Corporation) [File not signed] R3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65795 2003-05-14] (HP) [File not signed] R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed] R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed] S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed] R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed] S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [143360 2008-04-14] (Microsoft Corporation) [File not signed] S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed] R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed] S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed] R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed] S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation) [File not signed] R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed] S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [99840 2008-04-14] (Microsoft Corporation) [File not signed] R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [193536 2008-04-14] (Microsoft Corporation) [File not signed] R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed] R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed] R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [334336 2008-04-14] (Microsoft Corporation) [File not signed] R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Microsoft Corporation) [File not signed] R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed] R2 srservice; C:\WINDOWS\system32\srsvc.dll [171520 2008-04-14] (Microsoft Corporation) [File not signed] R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed] R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [334336 2008-04-14] (Microsoft Corporation) [File not signed] S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [94208 2008-04-14] (Microsoft Corporation) [File not signed] R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed] R3 TermService; C:\WINDOWS\System32\termsrv.dll [297472 2008-04-14] (Microsoft Corporation) [File not signed] R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Microsoft Corporation) [File not signed] R2 ThinkVantage Registry Monitor Service; c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [746808 2008-06-13] (Lenovo Group Limited) S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed] R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed] R2 TVT Backup Protection Service; C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-11-24] () [File not signed] R2 TVT Backup Service; C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-11-24] (Lenovo Group Limited) [File not signed] R2 TVT Scheduler; c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [1155072 2008-11-24] (Lenovo Group Limited) [File not signed] R2 TVT_UpdateMonitor; C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed] R3 upnphost; C:\WINDOWS\System32\upnphost.dll [186880 2008-04-14] (Microsoft Corporation) [File not signed] S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed] S3 VSS; C:\WINDOWS\System32\vssvc.exe [292864 2008-04-14] (Microsoft Corporation) [File not signed] R2 W32Time; C:\WINDOWS\system32\w32time.dll [177152 2008-04-14] (Microsoft Corporation) [File not signed] R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed] R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [145408 2008-04-14] (Microsoft Corporation) [File not signed] S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2009-01-30] (Microsoft Corporation) [File not signed] S3 Wmi; C:\WINDOWS\System32\advapi32.dll [678400 2009-02-09] (Microsoft Corporation) [File not signed] R3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed] R2 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2009-02-04] (Microsoft Corporation) [File not signed] R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed] R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed] R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed] R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed] S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) [File not signed] R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [188800 2008-04-14] (Microsoft Corporation) [File not signed] R0 ACPIEC; C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [12160 2008-04-14] (Microsoft Corporation) [File not signed] S4 adpu160m; C:\WINDOWS\system32\DRIVERS\adpu160m.sys [101888 2001-08-17] (Microsoft Corporation) [File not signed] S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed] R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed] R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [82380 2010-09-02] (Oak Technology Inc.) [File not signed] S4 agp440; C:\WINDOWS\system32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed] S4 agpCPQ; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [44928 2008-04-13] (Microsoft Corporation) [File not signed] S4 Aha154x; C:\WINDOWS\system32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation) [File not signed] S4 aic78u2; C:\WINDOWS\system32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation) [File not signed] S4 aic78xx; C:\WINDOWS\system32\DRIVERS\aic78xx.sys [56960 2001-08-17] (Microsoft Corporation) [File not signed] S4 AliIde; C:\WINDOWS\system32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.) [File not signed] S4 alim1541; C:\WINDOWS\system32\DRIVERS\alim1541.sys [42752 2008-04-13] (Microsoft Corporation) [File not signed] S4 amdagp; C:\WINDOWS\system32\DRIVERS\amdagp.sys [43008 2008-04-13] (Advanced Micro Devices, Inc.) [File not signed] S4 amsint; C:\WINDOWS\system32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation) [File not signed] S3 androidusb; C:\WINDOWS\System32\Drivers\ssadadb.sys [30312 2010-12-21] (Google Inc) [File not signed] S4 asc; C:\WINDOWS\system32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.) [File not signed] S4 asc3350p; C:\WINDOWS\system32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation) [File not signed] S4 asc3550; C:\WINDOWS\system32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.) [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-03-24] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-03-24] (Avast Software s.r.o.) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-03-24] (Avast Software s.r.o.) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-03-24] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-03-24] (Avast Software s.r.o.) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427736 2015-03-24] (Avast Software s.r.o.) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-03-24] (Avast Software s.r.o.) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208024 2015-03-24] () S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed] R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed] S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed] R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed] R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed] S4 cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed] S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation) [File not signed] S4 cd20xrnt; C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation) [File not signed] S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2008-04-14] (Microsoft Corporation) [File not signed] R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation) [File not signed] R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation) [File not signed] S3 CmBatt; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [13952 2008-04-14] (Microsoft Corporation) [File not signed] S4 CmdIde; C:\WINDOWS\system32\DRIVERS\cmdide.sys [6656 2001-08-18] (CMD Technology, Inc.) [File not signed] R0 Compbatt; C:\WINDOWS\System32\DRIVERS\compbatt.sys [10240 2008-04-14] (Microsoft Corporation) [File not signed] S4 Cpqarray; C:\WINDOWS\system32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) [File not signed] S4 dac2w2k; C:\WINDOWS\system32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation) [File not signed] S4 dac960nt; C:\WINDOWS\system32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) [File not signed] R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed] S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [800384 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed] S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [154112 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed] S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.) [File not signed] S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed] S4 dpti2o; C:\WINDOWS\system32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation) [File not signed] S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed] S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation) [File not signed] S1 Fdc; C:\WINDOWS\system32\Drivers\Fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed] R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44672 2008-04-14] (Microsoft Corporation) [File not signed] S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed] R0 FltMgr; C:\WINDOWS\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation) [File not signed] U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation) [File not signed] R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [126336 2001-08-18] (Microsoft Corporation) [File not signed] R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed] R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider) [File not signed] R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) [File not signed] S4 hpn; C:\WINDOWS\system32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP) [File not signed] S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2003-05-14] (HP) [File not signed] S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2003-05-14] (HP) [File not signed] R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed] S4 i2omp; C:\WINDOWS\system32\DRIVERS\i2omp.sys [18560 2008-04-13] (Microsoft Corporation) [File not signed] S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52992 2008-04-14] (Microsoft Corporation) [File not signed] R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [6273504 2008-11-03] (Intel Corporation) [File not signed] R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) [File not signed] S4 ini910u; C:\WINDOWS\system32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation) [File not signed] R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4742656 2008-06-27] (Realtek Semiconductor Corp.) [File not signed] S4 IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed] R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [40448 2008-04-14] (Microsoft Corporation) [File not signed] S3 Ip6Fw; C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed] S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation) [File not signed] S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed] R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed] R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed] S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation) [File not signed] R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37632 2008-04-14] (Microsoft Corporation) [File not signed] R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [25216 2008-04-14] (Microsoft Corporation) [File not signed] R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14720 2008-04-14] (Microsoft Corporation) [File not signed] R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed] R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed] S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2010-02-22] (MBB Incorporated) [File not signed] R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed] S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30336 2008-04-14] (Microsoft Corporation) [File not signed] R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23552 2008-04-14] (Microsoft Corporation) [File not signed] R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12288 2001-08-18] (Microsoft Corporation) [File not signed] R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation) [File not signed] S4 mraid35x; C:\WINDOWS\system32\DRIVERS\mraid35x.sys [17280 2001-08-17] (American Megatrends Inc.) [File not signed] R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation) [File not signed] R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed] S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed] S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed] S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed] R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed] R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed] R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed] R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed] R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed] R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed] R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed] R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed] R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed] R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed] S3 NSCIRDA; C:\WINDOWS\System32\DRIVERS\nscirda.sys [28672 2008-04-14] (National Semiconductor Corporation) [File not signed] R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation) [File not signed] R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed] S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation) [File not signed] S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation) [File not signed] R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80384 2008-04-14] (Microsoft Corporation) [File not signed] R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation) [File not signed] S4 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [7040 2008-04-14] (Microsoft Corporation) [File not signed] R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed] R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-18] (Microsoft Corporation) [File not signed] R0 Pcmcia; C:\WINDOWS\System32\DRIVERS\pcmcia.sys [120576 2008-04-14] (Microsoft Corporation) [File not signed] R3 pelmouse; C:\WINDOWS\System32\DRIVERS\pelmouse.sys [16768 2006-09-14] (Primax Electronics Ltd.) [File not signed] S3 pelps2m; C:\WINDOWS\System32\DRIVERS\pelps2m.sys [19818 2006-11-01] (Primax Electronics Ltd.) [File not signed] R3 pelusblf; C:\WINDOWS\System32\DRIVERS\pelusblf.sys [14592 2006-10-14] (Primax Electronics Ltd.) [File not signed] S4 perc2; C:\WINDOWS\system32\DRIVERS\perc2.sys [27296 2001-08-17] (Microsoft Corporation) [File not signed] S4 perc2hib; C:\WINDOWS\system32\DRIVERS\perc2hib.sys [5504 2001-08-17] (Microsoft Corporation) [File not signed] R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2010-06-27] (Microsoft Corporation) [File not signed] R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed] R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation) [File not signed] R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.) [File not signed] S4 ql1080; C:\WINDOWS\system32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation) [File not signed] S4 Ql10wnt; C:\WINDOWS\system32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation) [File not signed] S4 ql12160; C:\WINDOWS\system32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation) [File not signed] S4 ql1240; C:\WINDOWS\system32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation) [File not signed] S4 ql1280; C:\WINDOWS\system32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation) [File not signed] R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation) [File not signed] S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) [File not signed] R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed] R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed] R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation) [File not signed] R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation) [File not signed] R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed] R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed] R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57728 2008-04-14] (Microsoft Corporation) [File not signed] S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R3 Serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation) [File not signed] R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [65536 2008-04-14] (Microsoft Corporation) [File not signed] S4 sisagp; C:\WINDOWS\system32\DRIVERS\sisagp.sys [40960 2008-04-13] (Silicon Integrated Systems Corporation) [File not signed] S4 Sparrow; C:\WINDOWS\system32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) [File not signed] S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed] R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed] R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed] S3 ssadbus; C:\WINDOWS\System32\DRIVERS\ssadbus.sys [121064 2011-06-02] (MCCI Corporation) [File not signed] S3 ssadmdfl; C:\WINDOWS\System32\DRIVERS\ssadmdfl.sys [12776 2011-06-02] (MCCI Corporation) [File not signed] S3 ssadmdm; C:\WINDOWS\System32\DRIVERS\ssadmdm.sys [136808 2011-06-02] (MCCI Corporation) [File not signed] S3 ssadserd; C:\WINDOWS\System32\DRIVERS\ssadserd.sys [114280 2011-06-02] (MCCI Corporation) [File not signed] S3 ssudserd; C:\WINDOWS\System32\DRIVERS\ssudserd.sys [181432 2012-02-24] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 SuperIO; C:\WINDOWS\System32\DRIVERS\spio.sys [5760 2008-03-06] () [File not signed] R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed] S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed] S4 symc810; C:\WINDOWS\system32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.) [File not signed] S4 symc8xx; C:\WINDOWS\system32\DRIVERS\symc8xx.sys [32640 2001-08-17] (LSI Logic) [File not signed] S4 sym_hi; C:\WINDOWS\system32\DRIVERS\sym_hi.sys [28384 2001-08-17] (LSI Logic) [File not signed] S4 sym_u3; C:\WINDOWS\system32\DRIVERS\sym_u3.sys [30688 2001-08-17] (LSI Logic) [File not signed] R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed] R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed] S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed] S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed] R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed] S4 TosIde; C:\WINDOWS\system32\DRIVERS\toside.sys [4992 2001-08-18] (Microsoft Corporation) [File not signed] R2 tvtfilter; C:\WINDOWS\System32\DRIVERS\tvtfilter.sys [33536 2010-06-27] (Lenovo) [File not signed] S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation) [File not signed] S4 ultra; C:\WINDOWS\system32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.) [File not signed] R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed] S3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed] R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed] R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed] S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed] R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed] S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation) [File not signed] R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation) [File not signed] R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed] S4 viaagp; C:\WINDOWS\system32\DRIVERS\viaagp.sys [42240 2008-04-13] (Microsoft Corporation) [File not signed] S4 ViaIde; C:\WINDOWS\system32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed] R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [53760 2008-04-14] (Microsoft Corporation) [File not signed] R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed] R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed] S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2009-01-30] (Microsoft Corporation) [File not signed] R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed] S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed] R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [289024 2008-06-27] (Marvell) [File not signed] S3 ZTEusbmdm6k; C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys [105856 2010-03-02] (ZTE Incorporated) [File not signed] S3 ZTEusbser6k; C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys [105856 2010-03-02] (ZTE Incorporated) [File not signed] U5 BattC; C:\Windows\System32\Drivers\BattC.sys [16384 2008-04-14] (Microsoft Corporation) [File not signed] U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [114432 2009-12-08] (Huawei Technologies Co., Ltd.) [File not signed] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-24 11:02 - 2015-03-24 11:03 - 00000000 ____D () C:\FRST 2015-03-24 11:02 - 2015-03-24 11:02 - 00000000 _____ () C:\Dokumente und Einstellungen\***\defogger_reenable 2015-03-24 10:43 - 2015-03-24 10:43 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe 2015-03-24 10:43 - 2015-03-24 10:43 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr 2015-03-24 10:35 - 2015-03-24 10:35 - 00000000 ____D () C:\WINDOWS\CSC 2015-03-23 14:44 - 2015-03-24 10:47 - 00001040 _____ () C:\WINDOWS\system32\ICAutoUpdate.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-24 11:03 - 2010-06-27 11:20 - 00000000 ____D () C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp 2015-03-24 11:02 - 2010-06-27 11:20 - 00000000 ____D () C:\Dokumente und Einstellungen\*** 2015-03-24 10:47 - 2014-08-08 09:35 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job 2015-03-24 10:47 - 2013-12-25 19:08 - 00000308 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-03-24 10:47 - 2008-07-22 07:59 - 01267026 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-24 10:46 - 2014-08-20 10:42 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-24 10:46 - 2014-08-11 07:16 - 00000220 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job 2015-03-24 10:46 - 2010-06-27 11:20 - 00166400 _____ () C:\WINDOWS\system32\ICAutoUpdate.log.bak 2015-03-24 10:46 - 2008-07-22 08:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-03-24 10:46 - 2008-07-22 08:56 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-03-24 10:46 - 2008-07-22 08:04 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-24 10:45 - 2011-12-27 14:55 - 00115742 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat 2015-03-24 10:45 - 2010-06-27 11:20 - 00000300 ___SH () C:\Dokumente und Einstellungen\***\ntuser.ini 2015-03-24 10:45 - 2008-07-22 08:04 - 00032638 _____ () C:\WINDOWS\SchedLgU.Txt 2015-03-24 10:43 - 2014-08-18 07:19 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-03-24 10:43 - 2013-12-25 19:08 - 00427736 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-03-24 10:43 - 2013-12-25 19:08 - 00208024 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-03-24 10:43 - 2013-12-25 19:08 - 00073440 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-03-24 10:43 - 2013-12-25 19:08 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys 2015-03-24 10:43 - 2013-12-25 19:08 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys 2015-03-24 10:43 - 2013-12-25 19:08 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-03-24 10:42 - 2013-12-25 19:08 - 00788272 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-03-24 10:39 - 2011-10-27 23:29 - 00000000 _____ () C:\WINDOWS\system32\USB 2015-03-24 10:39 - 2008-07-22 08:53 - 00222574 _____ () C:\WINDOWS\setupact.log 2015-03-24 10:37 - 2008-07-22 08:04 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini 2015-03-23 15:15 - 2010-06-27 11:20 - 00000244 _____ () C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job 2015-03-23 15:11 - 2014-08-20 10:42 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-23 14:45 - 2010-07-11 22:25 - 00002477 _____ () C:\Dokumente und Einstellungen\***\Desktop\Microsoft Word.lnk 2015-03-22 10:11 - 2014-08-20 10:43 - 00001775 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk 2015-03-22 10:01 - 2008-07-22 17:47 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl 2015-03-21 10:30 - 2013-10-29 14:28 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-03-19 23:50 - 2011-12-27 14:31 - 00764302 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1213230388-1417447374-3222475311-1005-0.dat 2015-03-10 23:10 - 2014-12-29 23:35 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-10 23:06 - 2014-08-08 09:49 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-08 19:10 - 2014-08-11 07:16 - 00000214 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job 2015-03-04 09:15 - 2013-01-11 18:41 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM 2015-03-01 19:31 - 2010-09-02 17:41 - 00000332 _____ () C:\WINDOWS\Tasks\HP Usg Daily.job 2015-02-27 23:14 - 2010-10-05 12:27 - 00032411 _____ () C:\WINDOWS\SGTBox.INI ==================== Files in the root of some directories ======= 2010-07-12 21:08 - 2014-10-22 19:17 - 0040960 _____ () C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-06-27 11:20 - 2010-07-11 13:32 - 0000137 _____ () C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat Some content of TEMP: ==================== C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe [2008-07-22 17:47] - [2008-04-14 13:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\WINDOWS\system32\winlogon.exe [2008-07-22 17:47] - [2008-04-14 13:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\WINDOWS\system32\svchost.exe [2008-07-22 17:47] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\WINDOWS\system32\services.exe [2008-07-22 17:47] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc C:\WINDOWS\system32\User32.dll [2008-07-22 17:47] - [2008-04-14 13:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\WINDOWS\system32\userinit.exe [2008-07-22 17:47] - [2008-04-14 13:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\WINDOWS\system32\rpcss.dll [2008-07-22 17:47] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-07-22 17:47] - [2008-04-14 13:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by *** at 2015-03-24 11:04:05 Running from C:\Dokumente und Einstellungen\***\Desktop\Prüfen Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - ) Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: - ) Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Applian FLV Player (HKLM\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.) ArcSoft PhotoBase (HKLM\...\ArcSoft PhotoBase) (Version: - ) ArcSoft PhotoStudio 2000 (HKLM\...\ArcSoft PhotoStudio 2000) (Version: - ) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software) Benutzerhandbuch EPSON SX130 Series (HKLM\...\EPSON SX130 Series Useg) (Version: - ) bob internet (HKLM\...\bob internet) (Version: 1.9.0.0 - A1 Telekom Austria AG) bob internet (Version: 1.9.0.0 - A1 Telekom Austria AG) Hidden Caere Scan Manager 5.1 (HKLM\...\{81D62C32-0984-11D3-86CD-00105AD33021}) (Version: 5.1 - Caere Corporation) Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - ) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - ) Canon MG3100 series Benutzerregistrierung (HKLM\...\Canon MG3100 series Benutzerregistrierung) (Version: - ) Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - ) Canon MG3100 series On-screen Manual (HKLM\...\Canon MG3100 series On-screen Manual) (Version: - ) Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon ScanGear Toolbox CS 2.5 (HKLM\...\Canon ScanGear Toolbox CS) (Version: - ) Canon ScanGear Toolbox FAU 2.5 (HKLM\...\Canon ScanGear Toolbox FAU) (Version: - ) Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - ) Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.20.0023.00 - Lenovo Group Limited) DigitImg (Version: 2.00.0000 - Ihr Firmenname) Hidden Epson Easy Photo Print 2 (HKLM\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version: - SEIKO EPSON Corporation) Ergänzung zu Lenovo Care (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 3.00b - ) FanSpeedControl (HKLM\...\InstallShield_{9E3BC634-769E-4847-9530-E22433D13E45}) (Version: 1.00.00.9 - Lenovo) FanSpeedControl (Version: 1.00.00.9 - Lenovo) Hidden FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - ) Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00h - ) Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation) Hotfix für Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation) hp deskjet 3600 series (HKLM\...\hp deskjet 3600 series_Driver) (Version: - ) HP Software Update (HKLM\...\{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}) (Version: 2.0.37.20031205 - Hewlett-Packard) HP Speicher-Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1268 - InterVideo Inc.) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle) Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 3.00b - ) Lenovo System Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5122.06 - PC-Doctor, Inc.) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - DEU) (Version: - Microsoft Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office 2000 Professional (HKLM\...\{00010407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mouse Suite (HKLM\...\MouseSuite98) (Version: - ) Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\...\MyFreeCodec) (Version: - ) Nero 7 Premium (HKLM\...\{1CDFA6DE-FD15-4821-AB48-2832D6FA1031}) (Version: 7.02.5043 - Nero AG) OmniPage Pro 9.0 (HKLM\...\OmniPagePro9.0DeinstKey) (Version: - ) Pam-Storage 3.11 - PamView (HKLM\...\Pam-Storage 3.11 - PamView) (Version: - ) Photosmart 140,240,7200,7600,7700,7900 Series (HKLM\...\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}) (Version: 2.0 - Hewlett-Packard) PS240 (Version: 1.01.0000 - Hewlett-Packard) Hidden PSShortcuts (Version: 1.01.0000 - Hewlett-Packard) Hidden PSUsage (Version: 1.30.0000 - Ihr Firmenname) Hidden QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Rescue and Recovery (HKLM\...\{F151F2B3-0C32-44D3-90E2-E639B8024622}) (Version: 4.21.0030.00 - Lenovo Group Limited) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.) Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version: - Microsoft Corporation) Sicherheitsupdate für Windows Internet Explorer 7 (KB2936068) (Version: 1 - Microsoft Corporation) Hidden Sicherheitsupdate für Windows Internet Explorer 7 (KB2964358) (Version: 1 - Microsoft Corporation) Hidden Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version: - Microsoft Corporation) Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version: - Microsoft Corporation) Sicherheitsupdate für Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version: - Microsoft Corporation) Sicherheitsupdate für Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version: - Microsoft Corporation) Sicherheitsupdate für Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version: - Microsoft Corporation) Sicherheitsupdate für Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version: - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2510581) (Version: 1 - Microsoft Corporation) Hidden Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2909212) (Version: 1 - Microsoft Corporation) Hidden Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB975713) (Version: 1 - Microsoft Corporation) Hidden Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation) Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation) ThinkVantage Fingerprint Software 5.8.2 Patch 2 (HKLM\...\{ED376AFE-3068-4A0B-B4CA-CE9B245C3F08}) (Version: 5.8.2 - UPEK Inc.) ThinkVantage Technologies Welcome Message (Version: 2.01 - ) Hidden Ulead Photo Explorer 8.0 SE Basic (HKLM\...\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}) (Version: - Ulead Systems, Inc.) Ulead Photo Express 5 SE (HKLM\...\{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}) (Version: - ) Update für Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update für Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update für Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update für Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) Wallpapers (Version: - ) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) WinZip (HKLM\...\WinZip) (Version: - ) XP Themes (Version: 1.00.0000 - Lenovo) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1213230388-1417447374-3222475311-1005_Classes\CLSID\{3EC350A7-5C5E-4192-B734-E13722E10914}\InprocServer32 -> C:\Programme\Hewlett-Packard\HP Software Update\HPRulesEngine.dll (Hewlett-Packard Company) CustomCLSID: HKU\S-1-5-21-1213230388-1417447374-3222475311-1005_Classes\CLSID\{E6DCC6DF-2D20-751C-80F7-3D68EF91008B}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) ==================== Restore Points ========================= 25-11-2014 16:57:56 Systemprüfpunkt 27-11-2014 15:10:01 avast! antivirus system restore point 01-12-2014 15:57:25 Systemprüfpunkt 02-12-2014 15:58:50 Systemprüfpunkt 03-12-2014 17:11:12 Systemprüfpunkt 29-12-2014 23:35:07 Software Distribution Service 3.0 31-12-2014 11:37:31 Java 7 Update 71 wird installiert 01-01-2015 19:05:16 Systemprüfpunkt 07-01-2015 13:17:29 Systemprüfpunkt 10-01-2015 14:26:18 Systemprüfpunkt 11-01-2015 15:05:19 Systemprüfpunkt 14-01-2015 18:19:32 Software Distribution Service 3.0 05-02-2015 14:22:35 Systemprüfpunkt 11-02-2015 10:59:15 Software Distribution Service 3.0 23-02-2015 13:44:58 Systemprüfpunkt 06-03-2015 13:22:37 Systemprüfpunkt 09-03-2015 18:15:43 Systemprüfpunkt 10-03-2015 23:06:16 Software Distribution Service 3.0 12-03-2015 14:43:37 Systemprüfpunkt 24-03-2015 10:41:37 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-07-22 17:47 - 2008-04-14 13:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job => C:\Programme\Windows Live Toolbar\MSNTBUP.EXE Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HP Usg Daily.job => C:\Programme\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Programme\PCDR5\pcdr5cuiw32.exeK-backgroundmon scripts\backgroundmon.xml Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-24 10:43 - 2015-03-24 10:43 - 00104400 _____ () C:\Programme\AVAST Software\Avast\log.dll 2015-03-24 10:43 - 2015-03-24 10:43 - 00081728 _____ () C:\Programme\AVAST Software\Avast\JsonRpcServer.dll 2015-03-24 10:32 - 2015-03-24 10:32 - 02923008 _____ () C:\Programme\AVAST Software\Avast\defs\15032400\algo.dll 2010-07-11 11:54 - 2005-01-06 17:33 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll 2008-09-26 12:24 - 2008-09-26 12:24 - 00040960 _____ () C:\Programme\Lenovo\FanSpeedControl\LenovoFSC.exe 2008-05-23 10:40 - 2008-05-23 10:40 - 00028672 _____ () C:\Programme\Lenovo\FanSpeedControl\SpioDll.dll 2008-11-24 14:28 - 2008-11-24 14:28 - 00139264 _____ () c:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll 2010-07-12 18:36 - 2000-07-06 21:12 - 00032768 _____ () C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE 2015-03-13 22:26 - 2015-03-24 10:43 - 40540672 _____ () C:\Programme\AVAST Software\Avast\libcef.dll 2011-11-29 20:58 - 2012-05-04 06:37 - 00021392 _____ () C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 2012-05-08 23:07 - 2012-05-08 23:07 - 00115137 _____ () C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll 2013-01-11 19:06 - 2011-02-07 08:56 - 00138192 _____ () C:\Programme\Canon\IJPLM\IJPLMSVC.EXE 2008-11-24 14:34 - 2008-11-24 14:34 - 00520192 _____ () C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe 2008-11-24 14:28 - 2008-11-24 14:28 - 00139264 _____ () C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll 2010-06-27 11:00 - 2003-11-06 23:51 - 00020480 _____ () C:\WINDOWS\system32\FSRremoS.EXE 2014-12-31 11:23 - 2014-12-31 11:23 - 03758192 _____ () C:\Programme\Mozilla Firefox\mozjs.dll 2015-02-05 13:30 - 2015-02-05 13:30 - 16852144 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1213230388-1417447374-3222475311-1005\Control Panel\Desktop\\Wallpaper -> C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp DNS Servers: 10.0.0.138 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programme\Java\jre6\bin\jusched.exe" ==================== Accounts: ============================= Administrator (S-1-5-21-1213230388-1417447374-3222475311-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator ASPNET (S-1-5-21-1213230388-1417447374-3222475311-1003 - Limited - Enabled) *** (S-1-5-21-1213230388-1417447374-3222475311-1005 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\*** Gast (S-1-5-21-1213230388-1417447374-3222475311-501 - Limited - Disabled) Hilfeassistent (S-1-5-21-1213230388-1417447374-3222475311-1004 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1213230388-1417447374-3222475311-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error: (03/24/2015 10:31:23 AM) (Source: PerfNet) (EventID: 2005) (User: ) Description: Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2. Error: (03/21/2015 09:38:12 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error: (03/06/2015 01:00:16 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error: (03/02/2015 03:14:54 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. System errors: ============= Error: (03/24/2015 10:37:20 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT) Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (03/24/2015 10:36:27 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT) Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (03/22/2015 10:39:38 PM) (Source: WPDMTPDriver) (EventID: 15300) (User: ) Description: MTP WPD Driver has failed to start. Error 0x8007048f. Error: (03/15/2015 10:39:01 PM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (03/05/2015 05:16:28 PM) (Source: Print) (EventID: 6161) (User: LENOVO-***) Description: Das Dokument Menüplan für die 11.KW.pdf, im Besitz von ***, konnte nicht auf dem Drucker Canon MG3100 series Printer gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 2953040. Anzahl der gedruckten Bytes: 2952932. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\LENOVO-***. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: Menüplan für die 11.KW.pdf0. Menüplan für die 11.KW.pdf1 Error: (03/05/2015 05:15:29 PM) (Source: Print) (EventID: 6161) (User: LENOVO-***) Description: Das Dokument Menüplan für die 11.KW.pdf, im Besitz von ***, konnte nicht auf dem Drucker Canon MG3100 series Printer gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 2953040. Anzahl der gedruckten Bytes: 2952932. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\LENOVO-***. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: Menüplan für die 11.KW.pdf0. Menüplan für die 11.KW.pdf1 Error: (03/05/2015 11:23:36 AM) (Source: Print) (EventID: 6161) (User: LENOVO-***) Description: Das Dokument Menüplan für die 11.KW.pdf, im Besitz von ***, konnte nicht auf dem Drucker Canon MG3100 series Printer gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 3604480. Anzahl der gedruckten Bytes: 2952932. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\LENOVO-***. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: Menüplan für die 11.KW.pdf0. Menüplan für die 11.KW.pdf1 Error: (03/05/2015 11:20:48 AM) (Source: Print) (EventID: 6161) (User: LENOVO-***) Description: Das Dokument Menüplan für die 11.KW.pdf, im Besitz von ***, konnte nicht auf dem Drucker Canon MG3100 series Printer gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 2953040. Anzahl der gedruckten Bytes: 2952932. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\LENOVO-***. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: Menüplan für die 11.KW.pdf0. Menüplan für die 11.KW.pdf1 Error: (03/05/2015 11:20:34 AM) (Source: Print) (EventID: 6161) (User: LENOVO-***) Description: Das Dokument Menüplan für die 11.KW.pdf, im Besitz von ***, konnte nicht auf dem Drucker Canon MG3100 series Printer gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 2953040. Anzahl der gedruckten Bytes: 2952932. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\LENOVO-***. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: Menüplan für die 11.KW.pdf0. Menüplan für die 11.KW.pdf1 Error: (03/05/2015 11:19:47 AM) (Source: Print) (EventID: 6161) (User: LENOVO-***) Description: Das Dokument Menüplan für die 11.KW.pdf, im Besitz von ***, konnte nicht auf dem Drucker Canon MG3100 series Printer gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 2953040. Anzahl der gedruckten Bytes: 2952932. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\LENOVO-***. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: Menüplan für die 11.KW.pdf0. Menüplan für die 11.KW.pdf1 Microsoft Office Sessions: ========================= Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDer angegebene Server kann den angeforderten Vorgang nicht ausführen. Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDer angegebene Server kann den angeforderten Vorgang nicht ausführen. Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDer angegebene Server kann den angeforderten Vorgang nicht ausführen. Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDer angegebene Server kann den angeforderten Vorgang nicht ausführen. Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDer angegebene Server kann den angeforderten Vorgang nicht ausführen. Error: (03/24/2015 11:03:19 AM) (Source: crypt32) (EventID: 8) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. Error: (03/24/2015 10:31:23 AM) (Source: PerfNet) (EventID: 2005) (User: ) Description: Error: (03/21/2015 09:38:12 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (03/06/2015 01:00:16 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (03/02/2015 03:14:54 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz Percentage of memory in use: 81% Total physical RAM: 989.17 MB Available physical RAM: 186.12 MB Total Pagefile: 2386.14 MB Available Pagefile: 1611.18 MB Total Virtual: 2047.88 MB Available Virtual: 1934.29 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:79.28 GB) (Free:49.96 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (DATEN) (Fixed) (Total:148.4 GB) (Free:136.78 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 206B2CF5) Partition 1: (Active) - (Size=79.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=148.4 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=5.2 GB) - (Type=12) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-03-24 11:43:39 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_HD251HJ rev.1AC01116 232,89GB Running: llixi5s7.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\pwrciaog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA9A0CACC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xA9D28464] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA9A0D5AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA9A53620] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA9A196A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA9A196EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA9A19886] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA9A52FD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA9A1960E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA9A19730] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA9A19656] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA9A0DAE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA9A19840] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA9A0E398] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA9A0CB32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA9A53CE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA9A53F9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA9A11BEA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA9A53B51] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA9A539BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xA9D2853C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA9A0C71E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA9D2891E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA9A0CB98] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA9A11FE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA9A0EEDC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA9A196CA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA9A1970E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA9A198AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA9A53330] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA9A19634] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA9A114E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA9A197BE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA9A1967E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA9A118CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA9A19864] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA9D286BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA9A53837] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA9A0ECF4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA9A53689] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA9A0E84A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA9D35E74] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xA9D367E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA9A52617] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA9A0CBFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA9A0CC64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA9A0E212] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA9A0C7B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA9A0C98A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA9A53DED] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA9A0C918] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA9A0E562] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA9A0E6C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA9A0CA12] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA9A0E050] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA9A0E1F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xA9D25906] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA9A0CCCA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA9A0D606] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D98 80504680 4 Bytes JMP 96A9A11B .text ntkrnlpa.exe!ZwCallbackReturn + 2F58 80504840 4 Bytes CALL D030F1E5 .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [FE, CB, A0, A9, 64, CC, A0, ...] {DEC BL; MOV AL, [0xa0cc64a9]; TEST EAX, 0xa9a0e212} .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [62, E5, A0, A9, C4, E6, A0, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A9A0F5AD \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[472] ntdll.dll!DbgUiRemoteBreakin 7C9620EC 1 Byte [C3] .text C:\Programme\AVAST Software\Avast\AvastUI.exe[716] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1528] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys Device \FileSystem\Fastfat \Fat A7B70D20 AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
24.03.2015, 12:05 | #2 |
/// the machine /// TB-Ausbilder | Win XP: GMER findet diverse SSDT hi,
__________________Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
Themen zu Win XP: GMER findet diverse SSDT |
adobe, adware, antivirus, askbar, browser, canon, computer, cpu, desktop, einstellungen, failed, fehler, firefox, flash player, format, homepage, mozilla, msiexec.exe, newtab, realtek, registry, scan, security, services.exe, software, system, udp, windows, windows xp |