| |
| |||||||
Log-Analyse und Auswertung: W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSIWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.04.2015, 20:28
| #1 |
 |  W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Seit dem letzten Wochenende kämpfe ich mit einem (oder mehreren?) Troyaner(n?). Das erste, wovor Avira Antivirus Pro mich warnte war: „TR/Crypt.XPACK.Gen“. Weil er diesen aber nicht in die Quarantäne verschob und offensichtlich auch nicht gelöscht hat (Störungen bei der Google-Suche, Störungen, wenn ich versuchte Internetadressen aus Worddokumenten heraus zu öffnen, Störungen bei Avira-Updates), habe ich Malwarebytes-Anitmalware heruntergeladen. Dieses Programm fand ganz vieles von/ mit „Conduit“ / „Search Protect“ (einmal ca. 100 Dateien …, einmal 704), die ich gelöscht habe (bei den 704 habe ich 586 sicher gelöscht, beim Rest ist es unklar, Malwarebytes fand danach aber nichts mehr). Avira fand danach aber noch einige „conduit“- Sachen, die ich auch löschte. Danach gab es keine Störungen mehr bei der Google-Suche oder dem Öffnen von Internet-Adressen aus Worddokumenten. Gestern fand Avira beim Echtzeit-Scan dann Trojaner mit „brantall“ ohne Meldung zu machen. Ich entdeckte es unter „Ereignisse“. Ab 16.54 Uhr finden sich mehrere unterschiedliche Dateien der Art: „In der Datei 'C:\Windows\Temp\tmp00004c87\tmp00096951' wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Brantall.A.7' [trojan] gefunden.“ Ausgeführte Aktion: Übergeben an Scanner bzw. Zugriff verweigert Das Letzte was ich mir davor heruntergeladen hatte war Emsisoft Anti-Malware - Version 9.0 von der Seite chip.de. (Auch diese fand immer noch Sachen von „Conduit“ und „Search Protect“, ebenso wie zuvor der ESET Online Scanner, den ich davor über Mittag laufen hatte.) Seit der ersten Trojaner-Meldung hat Avira Probleme mit dem selbsttätigen Updaten (mal klappte es mal nicht). Seit spätestens gestern kann ich Avira auch nicht mehr deaktivieren, keine Einstellungen ändern und keine manuellen Updates machen (Meldung, dass Verbindung zum Internet nicht hergestellt werden kann, obwohl eine aktive Internetverbindung besteht. Habe ich vielleicht etwas Falsches in Quarantäne verschoben oder gelöscht?). Und wenn ich den Avira Antivirus Pro deaktivieren will (vorhin, für GMER) oder Einstellungen ändern, bekomme ich nun die Meldung: „Auf das angegebene Gerät, bzw. den Pfad … kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigung …“ Vor der Installierung von ESET und EMSI-Antimalware, funktionierte wenigstens das noch problemlos … Habe versucht, ob sich durch den RKiller (von bleeping Computer) daran etwas ändert, ohne Erfolg. Habe nun die in der allgemeinen Anleitung von Euch erbetenen Scans gemacht (GMER funktionierte, aber ich konnte weder Avira noch EMSI dazu deaktivieren, nur die Firewall) und stelle sie hier ein. (Wenn gewünscht, ich habe mir von allen Suchläufen mit den verschiedenen Programmen vor dem Löschen der Sachen aus der Quarantäne Kopien gemacht. Manche Sachen sind auch noch in der Quarantäne, wo ich mir nicht sicher war … ich bin ja nur eine einfache PC-Userin … das ist aber extrem viel … Ich poste hier erstmal nur die Sachen aus der allgemeinen Anleitung und das was aktuell noch gefunden wird, bzw. noch in Quarantäne ist. Avira und Malwarebytes finden aktuell nichts mehr und dort ist auch nichts mehr in Quarantäne.) 1. Defogger auf „Disable“ gestellt, Anzeigetafel bleibt schwarz, keine Info (hat er also nichts ausschalten müssen?) 2. FRST - Kopie Logfile FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2015 01
Ran by Ute (administrator) on UTE-PC on 23-04-2015 16:41:11
Running from C:\Users\Ute\Downloads
Loaded Profiles: Ute & (Available profiles: Ute)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe
(Sonic Solutions) C:\Program Files\Common Files\Sonic Shared\CineTray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_Giraffic.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Vodafone D2 GmbH) C:\Program Files\ArcorOnline\AOButler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Microsoft® Corporation) C:\Program Files\Microsoft Works\msworks.exe
(Google Inc.) C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7420448 2009-04-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-08-28] (Synaptics, Inc.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-03-12] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Arcor Online] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-07-01] (RealNetworks, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4886608 2015-03-23] (Emsisoft GmbH)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\Run: [Google Update] => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-11] (Google Inc.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\MountPoints2: {bf07c1ab-90cf-11de-900f-00245404c28c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\MountPoints2: {e4a0d476-9180-11de-9625-00245404c28c} - F:\autorun.exe
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-11] (Google Inc.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf07c1ab-90cf-11de-900f-00245404c28c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e4a0d476-9180-11de-9625-00245404c28c} - F:\autorun.exe
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google Update] => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-11] (Google Inc.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {bf07c1ab-90cf-11de-900f-00245404c28c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {e4a0d476-9180-11de-9625-00245404c28c} - F:\autorun.exe
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Google Update] => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-11] (Google Inc.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {bf07c1ab-90cf-11de-900f-00245404c28c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {e4a0d476-9180-11de-9625-00245404c28c} - F:\autorun.exe
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Google Update] => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-11] (Google Inc.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\MountPoints2: {bf07c1ab-90cf-11de-900f-00245404c28c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\MountPoints2: {e4a0d476-9180-11de-9625-00245404c28c} - F:\autorun.exe
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-08-25]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk [2009-08-27]
ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Protect My Choices (Beta) -> {3DFCDCA1-AEAC-4302-A690-BFB683568BAA} -> C:\Program Files\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll [2013-10-29] (Digital Advertising Alliance)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-11] (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-07] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\.DEFAULT -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-3319244995-2461475978-946539677-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL [2002-12-17] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{824E9391-11B3-4B2A-BE79-7BBD70356A5D}: [NameServer] 195.50.140.180 195.50.140.114
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll [2012-08-11] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2013-07-01] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-07-01] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-31]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-01]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48"
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchURL: Default -> hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2653012
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe\2.3.15.251_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\Ute\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Protect My Choices) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2013-11-20]
CHR Extension: (RealDownloader) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
StartMenuInternet: Google Chrome.OP2KX3NVXF4LPL4IVCMTX6SAAQ - C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [815352 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [295432 2010-01-20] (Protect Software GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-21] (Avira Operations GmbH & Co. KG)
R1 Cinemsup; C:\Windows\system32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) [File not signed]
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-23] (Emsisoft GmbH)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-04-05] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-29] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-23 16:41 - 2015-04-23 16:41 - 00034455 _____ () C:\Users\Ute\Downloads\FRST.txt
2015-04-23 16:40 - 2015-04-23 16:41 - 00000000 ____D () C:\FRST
2015-04-23 16:38 - 2015-04-23 16:39 - 01139200 _____ (Farbar) C:\Users\Ute\Downloads\FRST.exe
2015-04-23 16:27 - 2015-04-23 16:27 - 00000468 _____ () C:\Users\Ute\Downloads\defogger_disable.log
2015-04-23 16:27 - 2015-04-23 16:27 - 00000000 _____ () C:\Users\Ute\defogger_reenable
2015-04-23 16:24 - 2015-04-23 16:24 - 00050477 _____ () C:\Users\Ute\Downloads\Defogger.exe
2015-04-23 15:17 - 2015-04-23 15:17 - 00000194 _____ () C:\Users\Ute\Downloads\hosts-perm (1).bat
2015-04-23 12:12 - 2015-04-23 12:12 - 00000194 _____ () C:\Users\Ute\Downloads\hosts-perm.bat
2015-04-22 17:34 - 2015-04-22 17:34 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-22 15:44 - 2015-04-22 15:44 - 00000888 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-04-22 15:44 - 2015-04-22 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-04-22 15:43 - 2015-04-23 16:18 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-04-22 15:43 - 2015-03-23 23:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-04-22 10:57 - 2015-04-22 10:57 - 00000000 ____D () C:\Program Files\ESET
2015-04-22 02:13 - 2015-04-22 02:31 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-04-22 00:02 - 2015-04-22 00:02 - 00000000 ____D () C:\Users\Ute\AppData\Local\CrashDumps
2015-04-21 22:44 - 2015-04-21 22:44 - 00000000 ____D () C:\Users\Ute\Documents\RogueKiller_bundle_10.6[1]
2015-04-21 15:48 - 2015-04-23 15:25 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-21 15:48 - 2015-04-21 20:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-21 13:54 - 2015-04-21 13:55 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Ute\Downloads\tdsskiller.exe
2015-04-21 12:24 - 2015-04-21 12:24 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-19 14:34 - 2015-04-23 12:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 14:33 - 2015-04-19 14:33 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-04-19 14:33 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-19 14:33 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-19 14:33 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-19 14:12 - 2015-04-19 14:17 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ute\Downloads\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-04-10 18:51 - 2015-04-11 02:11 - 00000000 ____D () C:\Users\Ute\meine Lernkartei
2015-04-10 18:36 - 2015-04-10 20:17 - 00000270 _____ () C:\Users\Ute\konfig.new
2015-04-10 18:30 - 2015-04-10 21:22 - 00000000 ____D () C:\Users\Ute\Tutorial
2015-04-10 18:30 - 2015-04-10 18:30 - 00000552 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Lernkartei.lnk
2015-04-10 18:30 - 2015-04-10 18:30 - 00000542 _____ () C:\Users\Public\Desktop\Lernkartei.lnk
2015-04-02 21:00 - 2015-04-02 21:00 - 00029633 _____ () C:\Users\Ute\Downloads\content_de.gadget
2015-03-25 20:08 - 2015-04-04 19:34 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\MuseScore
2015-03-25 20:08 - 2015-03-25 20:08 - 00000000 ____D () C:\Users\Ute\Documents\MuseScore2
2015-03-25 20:08 - 2015-03-25 20:08 - 00000000 ____D () C:\Users\Ute\AppData\Local\MuseScore
2015-03-25 20:07 - 2015-03-25 20:07 - 00000918 _____ () C:\Users\Ute\Desktop\MuseScore 2.lnk
2015-03-25 20:07 - 2015-03-25 20:07 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2015-03-25 20:06 - 2015-03-25 20:07 - 00000000 ____D () C:\Program Files\MuseScore 2
2015-03-25 17:33 - 2015-03-25 18:06 - 54878208 _____ () C:\Users\Ute\Downloads\MuseScore-2.0.0.msi
2015-03-24 03:13 - 2015-03-25 19:08 - 01541408 _____ () C:\Users\Ute\Downloads\C2-ToreAsgards_Briefingbilder.zip
2015-03-24 03:13 - 2015-03-24 03:14 - 03026405 _____ () C:\Users\Ute\Downloads\sagaLandscapes1.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-23 16:36 - 2009-08-26 19:59 - 00000000 ____D () C:\Users\Ute\Documents\Eigene Dokumente
2015-04-23 16:27 - 2009-08-24 15:51 - 00000000 ____D () C:\Users\Ute
2015-04-23 16:19 - 2013-07-29 22:15 - 00000000 ____D () C:\Program Files\Giraffic
2015-04-23 16:12 - 2013-07-29 22:15 - 00000000 ____D () C:\ProgramData\Giraffic
2015-04-23 15:47 - 2006-11-02 14:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 15:47 - 2006-11-02 14:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 15:15 - 2009-06-16 03:06 - 01971536 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 03:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\it-IT
2015-04-23 03:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-04-23 03:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-22 13:06 - 2011-02-11 08:45 - 00000000 ____D () C:\Users\Ute\Documents\zu Spielen u. Sonstiges
2015-04-22 03:43 - 2009-09-13 01:24 - 00000000 ____D () C:\Windows\Minidump
2015-04-21 21:48 - 2009-08-24 15:51 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-04-21 00:18 - 2008-01-21 05:02 - 01394628 _____ () C:\Windows\PFRO.log
2015-04-20 18:43 - 2009-06-15 11:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-20 18:40 - 2014-06-27 20:25 - 00000000 ____D () C:\Program Files\Drakensang - Am Fluss der Zeit
2015-04-20 18:36 - 2009-08-27 22:06 - 00000000 ____D () C:\XP-Spiele
2015-04-20 18:33 - 2011-01-17 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-04-20 18:33 - 2011-01-17 18:31 - 00000000 ____D () C:\Program Files\Purplehills
2015-04-20 06:50 - 2013-10-31 15:33 - 00000000 ____D () C:\Users\Ute\AppData\Local\NativeMessaging
2015-04-19 21:22 - 2014-04-02 15:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\TB
2015-04-19 16:05 - 2012-05-23 23:59 - 00000000 ____D () C:\ProgramData\YTD YouTube Downloader & Converter
2015-04-15 17:06 - 2013-07-18 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 16:54 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-11 15:49 - 2009-08-26 20:00 - 00000000 ____D () C:\Users\Ute\Documents\Eigene Gedichte
2015-04-10 20:17 - 2011-05-15 10:49 - 00000270 _____ () C:\Users\Ute\konfig.dat
2015-04-02 14:19 - 2014-05-13 20:17 - 00000000 ____D () C:\Users\Ute\Documents\Musik Flöte Gitarre alg
2015-03-27 18:55 - 2014-11-06 23:40 - 00000282 _____ () C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3319244995-2461475978-946539677-1000.job
==================== Files in the root of some directories =======
2009-11-07 00:27 - 2007-03-14 12:49 - 0010752 _____ (Arcor Online GmbH) C:\Users\Ute\AppData\Local\cmdial32.dll
2014-03-02 13:49 - 2014-03-02 13:49 - 0000552 _____ () C:\Users\Ute\AppData\Local\d3d8caps.dat
2009-08-24 19:11 - 2013-09-07 22:38 - 0009216 _____ () C:\Users\Ute\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-15 11:24 - 2009-06-15 11:24 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-06-15 11:21 - 2009-06-15 11:22 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2009-06-15 11:16 - 2009-06-15 11:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-06-15 11:22 - 2009-06-15 11:24 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2009-06-15 11:18 - 2009-06-15 11:21 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Files to move or delete:
====================
C:\Users\Ute\AxInterop.WMPLib.dll
C:\Users\Ute\Interop.WMPLib.dll
C:\Users\Ute\konfig.dat
C:\Users\Ute\Lernkartei.exe
Some content of TEMP:
====================
C:\Users\Ute\AppData\Local\Temp\avgnt.exe
C:\Users\Ute\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Ute\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-23 10:19
==================== End Of Log ============================
--- --- --- Ich breche mal hier ab, da die Vorschau sagt, dass es sonst zu lang sei ... Ich poste den Rest, sobald mir jemand antwortet. Traue mich gerade nicht, es auf mehrere Posts aufzuteilen, damit es nicht so aussieht, als wäre das Problem schon in Arbeit. Wäre schön, wenn mir jemand helfen könnte! Schon mal herzlichen Dank im Voraus! Undine Geändert von Undine R (23.04.2015 um 20:34 Uhr) |
| Themen zu W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI |
| adobe, antivirus, avg, avira, brantall[trojan], browser, canon, computer, conduit/searchprotect, defender, desktop, einstellungen, home, installation, kaspersky, logfile, musik, programm, realtek, registry, roguekiller, services.exe, software, störungen, svchost.exe, system, temp, tr/crypt.xpack.gen, tr/crypt.xpack.gen' [trojan], trojaner, windows, windows vista home basic, ändern |
Baum-Darstellung