| |
| |||||||
Log-Analyse und Auswertung: W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSIWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.04.2015, 20:28
| #1 |
 |  W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Seit dem letzten Wochenende kämpfe ich mit einem (oder mehreren?) Troyaner(n?). Das erste, wovor Avira Antivirus Pro mich warnte war: „TR/Crypt.XPACK.Gen“. Weil er diesen aber nicht in die Quarantäne verschob und offensichtlich auch nicht gelöscht hat (Störungen bei der Google-Suche, Störungen, wenn ich versuchte Internetadressen aus Worddokumenten heraus zu öffnen, Störungen bei Avira-Updates), habe ich Malwarebytes-Anitmalware heruntergeladen. Dieses Programm fand ganz vieles von/ mit „Conduit“ / „Search Protect“ (einmal ca. 100 Dateien …, einmal 704), die ich gelöscht habe (bei den 704 habe ich 586 sicher gelöscht, beim Rest ist es unklar, Malwarebytes fand danach aber nichts mehr). Avira fand danach aber noch einige „conduit“- Sachen, die ich auch löschte. Danach gab es keine Störungen mehr bei der Google-Suche oder dem Öffnen von Internet-Adressen aus Worddokumenten. Gestern fand Avira beim Echtzeit-Scan dann Trojaner mit „brantall“ ohne Meldung zu machen. Ich entdeckte es unter „Ereignisse“. Ab 16.54 Uhr finden sich mehrere unterschiedliche Dateien der Art: „In der Datei 'C:\Windows\Temp\tmp00004c87\tmp00096951' wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Brantall.A.7' [trojan] gefunden.“ Ausgeführte Aktion: Übergeben an Scanner bzw. Zugriff verweigert Das Letzte was ich mir davor heruntergeladen hatte war Emsisoft Anti-Malware - Version 9.0 von der Seite chip.de. (Auch diese fand immer noch Sachen von „Conduit“ und „Search Protect“, ebenso wie zuvor der ESET Online Scanner, den ich davor über Mittag laufen hatte.) Seit der ersten Trojaner-Meldung hat Avira Probleme mit dem selbsttätigen Updaten (mal klappte es mal nicht). Seit spätestens gestern kann ich Avira auch nicht mehr deaktivieren, keine Einstellungen ändern und keine manuellen Updates machen (Meldung, dass Verbindung zum Internet nicht hergestellt werden kann, obwohl eine aktive Internetverbindung besteht. Habe ich vielleicht etwas Falsches in Quarantäne verschoben oder gelöscht?). Und wenn ich den Avira Antivirus Pro deaktivieren will (vorhin, für GMER) oder Einstellungen ändern, bekomme ich nun die Meldung: „Auf das angegebene Gerät, bzw. den Pfad … kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigung …“ Vor der Installierung von ESET und EMSI-Antimalware, funktionierte wenigstens das noch problemlos … Habe versucht, ob sich durch den RKiller (von bleeping Computer) daran etwas ändert, ohne Erfolg. Habe nun die in der allgemeinen Anleitung von Euch erbetenen Scans gemacht (GMER funktionierte, aber ich konnte weder Avira noch EMSI dazu deaktivieren, nur die Firewall) und stelle sie hier ein. (Wenn gewünscht, ich habe mir von allen Suchläufen mit den verschiedenen Programmen vor dem Löschen der Sachen aus der Quarantäne Kopien gemacht. Manche Sachen sind auch noch in der Quarantäne, wo ich mir nicht sicher war … ich bin ja nur eine einfache PC-Userin … das ist aber extrem viel … Ich poste hier erstmal nur die Sachen aus der allgemeinen Anleitung und das was aktuell noch gefunden wird, bzw. noch in Quarantäne ist. Avira und Malwarebytes finden aktuell nichts mehr und dort ist auch nichts mehr in Quarantäne.) 1. Defogger auf „Disable“ gestellt, Anzeigetafel bleibt schwarz, keine Info (hat er also nichts ausschalten müssen?) 2. FRST - Kopie Logfile FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2015 01
Ran by Ute (administrator) on UTE-PC on 23-04-2015 16:41:11
Running from C:\Users\Ute\Downloads
Loaded Profiles: Ute & (Available profiles: Ute)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe
(Sonic Solutions) C:\Program Files\Common Files\Sonic Shared\CineTray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_Giraffic.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Vodafone D2 GmbH) C:\Program Files\ArcorOnline\AOButler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Microsoft® Corporation) C:\Program Files\Microsoft Works\msworks.exe
(Google Inc.) C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7420448 2009-04-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-08-28] (Synaptics, Inc.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-03-12] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Arcor Online] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-07-01] (RealNetworks, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4886608 2015-03-23] (Emsisoft GmbH)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\Run: [Google Update] => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-11] (Google Inc.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\MountPoints2: {bf07c1ab-90cf-11de-900f-00245404c28c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\MountPoints2: {e4a0d476-9180-11de-9625-00245404c28c} - F:\autorun.exe
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-11] (Google Inc.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf07c1ab-90cf-11de-900f-00245404c28c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e4a0d476-9180-11de-9625-00245404c28c} - F:\autorun.exe
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google Update] => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-11] (Google Inc.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {bf07c1ab-90cf-11de-900f-00245404c28c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {e4a0d476-9180-11de-9625-00245404c28c} - F:\autorun.exe
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Google Update] => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-11] (Google Inc.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {bf07c1ab-90cf-11de-900f-00245404c28c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\MountPoints2: {e4a0d476-9180-11de-9625-00245404c28c} - F:\autorun.exe
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Google Update] => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-11] (Google Inc.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\MountPoints2: {bf07c1ab-90cf-11de-900f-00245404c28c} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\MountPoints2: {e4a0d476-9180-11de-9625-00245404c28c} - F:\autorun.exe
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-08-25]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk [2009-08-27]
ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Protect My Choices (Beta) -> {3DFCDCA1-AEAC-4302-A690-BFB683568BAA} -> C:\Program Files\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll [2013-10-29] (Digital Advertising Alliance)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-11] (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-07] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\.DEFAULT -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-3319244995-2461475978-946539677-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL [2002-12-17] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{824E9391-11B3-4B2A-BE79-7BBD70356A5D}: [NameServer] 195.50.140.180 195.50.140.114
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll [2012-08-11] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2013-07-01] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-07-01] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-31]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-01]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48"
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchURL: Default -> hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2653012
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe\2.3.15.251_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\Ute\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Protect My Choices) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2013-11-20]
CHR Extension: (RealDownloader) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
StartMenuInternet: Google Chrome.OP2KX3NVXF4LPL4IVCMTX6SAAQ - C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [815352 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [295432 2010-01-20] (Protect Software GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-21] (Avira Operations GmbH & Co. KG)
R1 Cinemsup; C:\Windows\system32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) [File not signed]
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-23] (Emsisoft GmbH)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-04-05] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-29] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-23 16:41 - 2015-04-23 16:41 - 00034455 _____ () C:\Users\Ute\Downloads\FRST.txt
2015-04-23 16:40 - 2015-04-23 16:41 - 00000000 ____D () C:\FRST
2015-04-23 16:38 - 2015-04-23 16:39 - 01139200 _____ (Farbar) C:\Users\Ute\Downloads\FRST.exe
2015-04-23 16:27 - 2015-04-23 16:27 - 00000468 _____ () C:\Users\Ute\Downloads\defogger_disable.log
2015-04-23 16:27 - 2015-04-23 16:27 - 00000000 _____ () C:\Users\Ute\defogger_reenable
2015-04-23 16:24 - 2015-04-23 16:24 - 00050477 _____ () C:\Users\Ute\Downloads\Defogger.exe
2015-04-23 15:17 - 2015-04-23 15:17 - 00000194 _____ () C:\Users\Ute\Downloads\hosts-perm (1).bat
2015-04-23 12:12 - 2015-04-23 12:12 - 00000194 _____ () C:\Users\Ute\Downloads\hosts-perm.bat
2015-04-22 17:34 - 2015-04-22 17:34 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-22 15:44 - 2015-04-22 15:44 - 00000888 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-04-22 15:44 - 2015-04-22 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-04-22 15:43 - 2015-04-23 16:18 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-04-22 15:43 - 2015-03-23 23:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-04-22 10:57 - 2015-04-22 10:57 - 00000000 ____D () C:\Program Files\ESET
2015-04-22 02:13 - 2015-04-22 02:31 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-04-22 00:02 - 2015-04-22 00:02 - 00000000 ____D () C:\Users\Ute\AppData\Local\CrashDumps
2015-04-21 22:44 - 2015-04-21 22:44 - 00000000 ____D () C:\Users\Ute\Documents\RogueKiller_bundle_10.6[1]
2015-04-21 15:48 - 2015-04-23 15:25 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-21 15:48 - 2015-04-21 20:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-21 13:54 - 2015-04-21 13:55 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Ute\Downloads\tdsskiller.exe
2015-04-21 12:24 - 2015-04-21 12:24 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-19 14:34 - 2015-04-23 12:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 14:33 - 2015-04-19 14:33 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-04-19 14:33 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-19 14:33 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-19 14:33 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-19 14:12 - 2015-04-19 14:17 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ute\Downloads\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-04-10 18:51 - 2015-04-11 02:11 - 00000000 ____D () C:\Users\Ute\meine Lernkartei
2015-04-10 18:36 - 2015-04-10 20:17 - 00000270 _____ () C:\Users\Ute\konfig.new
2015-04-10 18:30 - 2015-04-10 21:22 - 00000000 ____D () C:\Users\Ute\Tutorial
2015-04-10 18:30 - 2015-04-10 18:30 - 00000552 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Lernkartei.lnk
2015-04-10 18:30 - 2015-04-10 18:30 - 00000542 _____ () C:\Users\Public\Desktop\Lernkartei.lnk
2015-04-02 21:00 - 2015-04-02 21:00 - 00029633 _____ () C:\Users\Ute\Downloads\content_de.gadget
2015-03-25 20:08 - 2015-04-04 19:34 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\MuseScore
2015-03-25 20:08 - 2015-03-25 20:08 - 00000000 ____D () C:\Users\Ute\Documents\MuseScore2
2015-03-25 20:08 - 2015-03-25 20:08 - 00000000 ____D () C:\Users\Ute\AppData\Local\MuseScore
2015-03-25 20:07 - 2015-03-25 20:07 - 00000918 _____ () C:\Users\Ute\Desktop\MuseScore 2.lnk
2015-03-25 20:07 - 2015-03-25 20:07 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2015-03-25 20:06 - 2015-03-25 20:07 - 00000000 ____D () C:\Program Files\MuseScore 2
2015-03-25 17:33 - 2015-03-25 18:06 - 54878208 _____ () C:\Users\Ute\Downloads\MuseScore-2.0.0.msi
2015-03-24 03:13 - 2015-03-25 19:08 - 01541408 _____ () C:\Users\Ute\Downloads\C2-ToreAsgards_Briefingbilder.zip
2015-03-24 03:13 - 2015-03-24 03:14 - 03026405 _____ () C:\Users\Ute\Downloads\sagaLandscapes1.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-23 16:36 - 2009-08-26 19:59 - 00000000 ____D () C:\Users\Ute\Documents\Eigene Dokumente
2015-04-23 16:27 - 2009-08-24 15:51 - 00000000 ____D () C:\Users\Ute
2015-04-23 16:19 - 2013-07-29 22:15 - 00000000 ____D () C:\Program Files\Giraffic
2015-04-23 16:12 - 2013-07-29 22:15 - 00000000 ____D () C:\ProgramData\Giraffic
2015-04-23 15:47 - 2006-11-02 14:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 15:47 - 2006-11-02 14:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 15:15 - 2009-06-16 03:06 - 01971536 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 03:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\it-IT
2015-04-23 03:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-04-23 03:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-22 13:06 - 2011-02-11 08:45 - 00000000 ____D () C:\Users\Ute\Documents\zu Spielen u. Sonstiges
2015-04-22 03:43 - 2009-09-13 01:24 - 00000000 ____D () C:\Windows\Minidump
2015-04-21 21:48 - 2009-08-24 15:51 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-04-21 00:18 - 2008-01-21 05:02 - 01394628 _____ () C:\Windows\PFRO.log
2015-04-20 18:43 - 2009-06-15 11:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-20 18:40 - 2014-06-27 20:25 - 00000000 ____D () C:\Program Files\Drakensang - Am Fluss der Zeit
2015-04-20 18:36 - 2009-08-27 22:06 - 00000000 ____D () C:\XP-Spiele
2015-04-20 18:33 - 2011-01-17 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-04-20 18:33 - 2011-01-17 18:31 - 00000000 ____D () C:\Program Files\Purplehills
2015-04-20 06:50 - 2013-10-31 15:33 - 00000000 ____D () C:\Users\Ute\AppData\Local\NativeMessaging
2015-04-19 21:22 - 2014-04-02 15:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\TB
2015-04-19 16:05 - 2012-05-23 23:59 - 00000000 ____D () C:\ProgramData\YTD YouTube Downloader & Converter
2015-04-15 17:06 - 2013-07-18 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 16:54 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-11 15:49 - 2009-08-26 20:00 - 00000000 ____D () C:\Users\Ute\Documents\Eigene Gedichte
2015-04-10 20:17 - 2011-05-15 10:49 - 00000270 _____ () C:\Users\Ute\konfig.dat
2015-04-02 14:19 - 2014-05-13 20:17 - 00000000 ____D () C:\Users\Ute\Documents\Musik Flöte Gitarre alg
2015-03-27 18:55 - 2014-11-06 23:40 - 00000282 _____ () C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3319244995-2461475978-946539677-1000.job
==================== Files in the root of some directories =======
2009-11-07 00:27 - 2007-03-14 12:49 - 0010752 _____ (Arcor Online GmbH) C:\Users\Ute\AppData\Local\cmdial32.dll
2014-03-02 13:49 - 2014-03-02 13:49 - 0000552 _____ () C:\Users\Ute\AppData\Local\d3d8caps.dat
2009-08-24 19:11 - 2013-09-07 22:38 - 0009216 _____ () C:\Users\Ute\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-15 11:24 - 2009-06-15 11:24 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-06-15 11:21 - 2009-06-15 11:22 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2009-06-15 11:16 - 2009-06-15 11:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-06-15 11:22 - 2009-06-15 11:24 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2009-06-15 11:18 - 2009-06-15 11:21 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Files to move or delete:
====================
C:\Users\Ute\AxInterop.WMPLib.dll
C:\Users\Ute\Interop.WMPLib.dll
C:\Users\Ute\konfig.dat
C:\Users\Ute\Lernkartei.exe
Some content of TEMP:
====================
C:\Users\Ute\AppData\Local\Temp\avgnt.exe
C:\Users\Ute\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Ute\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-23 10:19
==================== End Of Log ============================
--- --- --- Ich breche mal hier ab, da die Vorschau sagt, dass es sonst zu lang sei ... Ich poste den Rest, sobald mir jemand antwortet. Traue mich gerade nicht, es auf mehrere Posts aufzuteilen, damit es nicht so aussieht, als wäre das Problem schon in Arbeit. Wäre schön, wenn mir jemand helfen könnte! Schon mal herzlichen Dank im Voraus! Undine Geändert von Undine R (23.04.2015 um 20:34 Uhr) |
|
23.04.2015, 20:33
| #2 |
| /// the machine /// TB-Ausbilder    | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI hi,
__________________dann poste mal 
__________________ |
|
23.04.2015, 21:43
| #3 |
| |  W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI In Ordnung, hier geht es weiter 1. Teil:
__________________Addition.txt - Logfilekopie (sorry wegen der ganzen Spiele und massenweise Spiel-Ergänzungskarten - "Mapperteam" und andere -, dadurch wird das hier ewig lang ...) FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-04-2015 01
Ran by Ute at 2015-04-23 16:42:45
Running from C:\Users\Ute\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AbenteuerInMirquidiMapperteam 2-1-0 (HKLM\...\AbenteuerInMirquidiMapperteam) (Version: - )
Acey Deucy Backgammon (HKLM\...\Acey Deucy Backgammon) (Version: - )
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.3.300.270 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
AlixCatanlogik 2-1-0 (HKLM\...\AlixCatanlogik) (Version: - )
AlixDerletzteBaum 2-1-0 (HKLM\...\AlixDerletzteBaum) (Version: - )
AlixDie10Schwestern 2-1-0 (HKLM\...\AlixDie10Schwestern) (Version: - )
AlixDieDrittePisastudie 2-1-0 (HKLM\...\AlixDieDrittePisastudie) (Version: - )
AlixDiePerlenkette 2-1-0 (HKLM\...\AlixDiePerlenkette) (Version: - )
AlixDieVerbannung 2-1-0 (HKLM\...\AlixDieVerbannung) (Version: - )
AlixDieZweitePisastudie 2-1-0 (HKLM\...\AlixDieZweitePisastudie) (Version: - )
AlixEinigkeit 2-1-0 (HKLM\...\AlixEinigkeit) (Version: - )
AlixEinPiratenleben 2-1-0 (HKLM\...\AlixEinPiratenleben) (Version: - )
AlixFerienlager 2-1-0 (HKLM\...\AlixFerienlager) (Version: - )
AlixGarion1 2-1-0 (HKLM\...\AlixGarion1) (Version: - )
AlixGarion2 2-1-0 (HKLM\...\AlixGarion2) (Version: - )
AlixGarion3 2-1-0 (HKLM\...\AlixGarion3) (Version: - )
AlixGarion4 2-1-0 (HKLM\...\AlixGarion4) (Version: - )
AlixGarion5 2-1-0 (HKLM\...\AlixGarion5) (Version: - )
AlixGarion6 2-1-0 (HKLM\...\AlixGarion6) (Version: - )
AlixGarion7 2-1-0 (HKLM\...\AlixGarion7) (Version: - )
AlixGespaltenesLand 2-1-0 (HKLM\...\AlixGespaltenesLand) (Version: - )
AlixHochzeit 2-1-0 (HKLM\...\AlixHochzeit) (Version: - )
AlixLogikhochzeiten 2-1-0 (HKLM\...\AlixLogikhochzeiten) (Version: - )
AlixMeisterdruide 2-1-0 (HKLM\...\AlixMeisterdruide) (Version: - )
AlixMorgana1 2-1-0 (HKLM\...\AlixMorgana1) (Version: - )
AlixMorgana2 2-1-0 (HKLM\...\AlixMorgana2) (Version: - )
AlixMorgana3 2-1-0 (HKLM\...\AlixMorgana3) (Version: - )
AlixMorgana4 2-1-0 (HKLM\...\AlixMorgana4) (Version: - )
AlixMorgana5 2-1-0 (HKLM\...\AlixMorgana5) (Version: - )
AlixMorgana6 2-1-0 (HKLM\...\AlixMorgana6) (Version: - )
AlixNeueInseln 2-1-0 (HKLM\...\AlixNeueInseln) (Version: - )
AlixOstern08Freitag 2-1-0 (HKLM\...\AlixOstern08Freitag) (Version: - )
AlixPisastudie 2-1-0 (HKLM\...\AlixPisastudie) (Version: - )
AlixPossibilities3 2-1-0 (HKLM\...\AlixPossibilities3) (Version: - )
AlixStreithammel 2-1-0 (HKLM\...\AlixStreithammel) (Version: - )
AlixSturmflu 2-1-0 (HKLM\...\AlixSturmflu) (Version: - )
AlixVulkanausbruch 2-1-0 (HKLM\...\AlixVulkanausbruch) (Version: - )
AlixWege1 2-1-0 (HKLM\...\AlixWege1) (Version: - )
AlixWege2 2-1-0 (HKLM\...\AlixWege2) (Version: - )
AlixWege3 2-1-0 (HKLM\...\AlixWege3) (Version: - )
AlixWeihnachts-b-engel 2-1-0 (HKLM\...\AlixWeihnachts-b-engel) (Version: - )
AlixWeihnachtslogik 2-1-0 (HKLM\...\AlixWeihnachtslogik) (Version: - )
AlixWeihnachtslogistik 2-1-0 (HKLM\...\AlixWeihnachtslogistik) (Version: - )
AlixWeihnachtsproduktion 2-1-0 (HKLM\...\AlixWeihnachtsproduktion) (Version: - )
AlixWeihversandhandel 2-1-0 (HKLM\...\AlixWeihversandhandel) (Version: - )
angeldragonZweiBrueder 2-1-0 (HKLM\...\angeldragonZweiBrueder) (Version: - )
AnguaEasterbunnysearch 2-1-0 (HKLM\...\AnguaEasterbunnysearch) (Version: - )
AnguaTommyDesertTrading 2-1-0 (HKLM\...\AnguaTommyDesertTrading) (Version: - )
AnguaTommyLibellulesKindergarden 2-1-0 (HKLM\...\AnguaTommyLibellulesKindergarden) (Version: - )
AnguaTommyTradingEmpire 2-1-1 (HKLM\...\AnguaTommyTradingEmpire) (Version: - )
AnguaTommyVikingsRecipe 2-1-0 (HKLM\...\AnguaTommyVikingsRecipe) (Version: - )
AnonymusDerTraeumer 2-1-0 (HKLM\...\AnonymusDerTraeumer) (Version: - )
AnonymusNeueHeimat 2-1-0 (HKLM\...\AnonymusNeueHeimat) (Version: - )
AntheaAufDerWalz 2-1-0 (HKLM\...\AntheaAufDerWalz) (Version: - )
AntheaDieEntscheidung 2-1-0 (HKLM\...\AntheaDieEntscheidung) (Version: - )
AntheaDuerre 2-1-0 (HKLM\...\AntheaDuerre) (Version: - )
AntheaFroheOstern 2-1-0 (HKLM\...\AntheaFroheOstern) (Version: - )
AntheaSilbermonBeMyValentine 2-1-0 (HKLM\...\AntheaSilbermonBeMyValentine) (Version: - )
AntheaSilbermonRobinson 2-1-0 (HKLM\...\AntheaSilbermonRobinson) (Version: - )
AntheaWintereinbruch 2-1-0 (HKLM\...\AntheaWintereinbruch) (Version: - )
Arcade Bubbles (HKLM\...\Arcade Bubbles) (Version: - )
Atheros WLAN Client (HKLM\...\{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}) (Version: 14.00.0000 - WLAN)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bärenbrüder (HKLM\...\{B489D5F8-D960-4399-9286-C59BF21991B5}) (Version: 1.0 - )
basssChainOfLife 2-1-0 (HKLM\...\basssChainOfLife) (Version: - )
basssValleyoftheTribes 2-1-0 (HKLM\...\basssValleyoftheTribes) (Version: - )
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Bjarni2Einsiedler 2-1-1 (HKLM\...\Bjarni2Einsiedler) (Version: - )
BjarniLakeDistrictMP 2-1-0 (HKLM\...\BjarniLakeDistrictMP) (Version: - )
BjarniLakeDistrictSP 2-1-0 (HKLM\...\BjarniLakeDistrictSP) (Version: - )
BuffaloFliegendeWildsau 2-1-0 (HKLM\...\BuffaloFliegendeWildsau) (Version: - )
Butterfly Magic (HKLM\...\Butterfly Magic) (Version: - )
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MG6200 series Benutzerregistrierung (HKLM\...\Canon MG6200 series Benutzerregistrierung) (Version: - )
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - )
Canon MG6200 series On-screen Manual (HKLM\...\Canon MG6200 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CarlieVonSchwedSkaergaerden 2-1-0 (HKLM\...\CarlieVonSchwedSkaergaerden) (Version: - )
Catan - Die erste Insel (HKLM\...\Catan) (Version: - )
ChavaDieBlaueLagune 2-1-0 (HKLM\...\ChavaDieBlaueLagune) (Version: - )
CobaReisezumMPderErde1 2-1-0 (HKLM\...\CobaReisezumMPderErde1) (Version: - )
CobaReisezumMPderErde2 2-1-0 (HKLM\...\CobaReisezumMPderErde2) (Version: - )
CobaReisezumMPderErde3 2-1-0 (HKLM\...\CobaReisezumMPderErde3) (Version: - )
CobaReisezumMPderErde4 2-1-0 (HKLM\...\CobaReisezumMPderErde4) (Version: - )
CobaReisezumMPderErde5 2-1-0 (HKLM\...\CobaReisezumMPderErde5) (Version: - )
Collector's Edition 251 (HKLM\...\Collector's Edition 251) (Version: - )
ConanFrohesFest 2-1-0 (HKLM\...\ConanFrohesFest) (Version: - )
Corel Applications (HKLM\...\Corel Applications) (Version: - )
crassusAK2012PostVonRuprecht 2-1-0 (HKLM\...\crassusAK2012PostVonRuprecht) (Version: - )
CrassusDieHeimkehr 2-1-0 (HKLM\...\CrassusDieHeimkehr) (Version: - )
CrassusFrau gesucht 2-1-0 (HKLM\...\CrassusFrau gesucht) (Version: - )
CrassusTaugenichts 2-1-0 (HKLM\...\CrassusTaugenichts) (Version: - )
CrassusWuestenwikinger 2-1-0 (HKLM\...\CrassusWuestenwikinger) (Version: - )
CrocutaSonnenland 2-1-0 (HKLM\...\CrocutaSonnenland) (Version: - )
CultiSilberDerKleineHobbit1 2-1-0 (HKLM\...\CultiSilberDerKleineHobbit1) (Version: - )
CultiSilberDerKleineHobbit2 2-1-0 (HKLM\...\CultiSilberDerKleineHobbit2) (Version: - )
CultiSilberDerKleineHobbit3 2-1-0 (HKLM\...\CultiSilberDerKleineHobbit3) (Version: - )
CultiSilberDerKleineHobbit4 2-1-0 (HKLM\...\CultiSilberDerKleineHobbit4) (Version: - )
CultiSilberDerKleineHobbit5 2-1-0 (HKLM\...\CultiSilberDerKleineHobbit5) (Version: - )
CultiSilberDerKleineHobbit6 2-1-0 (HKLM\...\CultiSilberDerKleineHobbit6) (Version: - )
CultiSilberDerKleineHobbit7 2-1-0 (HKLM\...\CultiSilberDerKleineHobbit7) (Version: - )
CultiSilberDerKleineHobbit8 2-1-0 (HKLM\...\CultiSilberDerKleineHobbit8) (Version: - )
Cultures - Die Entdeckung Vinlands (HKLM\...\Cultures - Die Entdeckung Vinlands) (Version: - )
Cultures (HKLM\...\Cultures) (Version: - )
'Cultures Saga' (HKLM\...\'Cultures Saga') (Version: - )
CulturianerCultureshausen001 2-1-0 (HKLM\...\CulturianerCultureshausen001) (Version: - )
CulturianerCultureshausen002 2-1-0 (HKLM\...\CulturianerCultureshausen002) (Version: - )
CulturianerCultureshausen003 2-1-0 (HKLM\...\CulturianerCultureshausen003) (Version: - )
CulturianerCultureshausen004 2-1-0 (HKLM\...\CulturianerCultureshausen004) (Version: - )
CulturianerCultureshausen005 2-1-0 (HKLM\...\CulturianerCultureshausen005) (Version: - )
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2604 - CyberLink Corp.)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.3605 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2809 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2426 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1410 - CyberLink Corp.)
Dajana84LibEaPMaerchenland 2-1-0 (HKLM\...\Dajana84LibEaPMaerchenland) (Version: - )
DECAdry Express Business Cards 3.52 (HKLM\...\DECAdry Express Business Cards 3) (Version: - )
Deinstallation der Arcor Online Software (HKLM\...\{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1) (Version: 5.0.0.8 - Vodafone D2 GmbH)
Diamond Fall (HKLM\...\Diamond Fall) (Version: - )
Digital Advertising Alliance Protect My Choices (Beta) (HKLM\...\{2E4543DD-1526-408D-8B58-D3A2BFE322D0}) (Version: 1.4.0.0 - Digital Advertising Alliance)
DistelfinkEismeerAdvent 2-1-0 (HKLM\...\DistelfinkEismeerAdvent) (Version: - )
DistelfinkGrandauntGreta 2-1-0 (HKLM\...\DistelfinkGrandauntGreta) (Version: - )
dodieDerFreund 2-1-1 (HKLM\...\dodieDerFreund) (Version: - )
Drakensang (HKLM\...\Drakensang_is1) (Version: - dtp)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - Samsung)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.3 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.2.6 - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
EngelastraFeentaler 2-1-0 (HKLM\...\EngelastraFeentaler) (Version: - )
EngelastraOsternInGefahr 2-1-0 (HKLM\...\EngelastraOsternInGefahr) (Version: - )
ExtraLines (HKLM\...\ExtraLines_is1) (Version: - )
FiereDoveTheMaze 2-1-0 (HKLM\...\FiereDoveTheMaze) (Version: - )
FlodderBoesesErwachen 2-1-0 (HKLM\...\FlodderBoesesErwachen) (Version: - )
FlodderDEV1Aufbruch 2-1-0 (HKLM\...\FlodderDEV1Aufbruch) (Version: - )
FlodderDEV2Helluland 2-1-0 (HKLM\...\FlodderDEV2Helluland) (Version: - )
FlodderDEV3Markland 2-1-1 (HKLM\...\FlodderDEV3Markland) (Version: - )
FlodderDEV4Vinland 2-1-0 (HKLM\...\FlodderDEV4Vinland) (Version: - )
FlodderOnceUponATime 2-1-0 (HKLM\...\FlodderOnceUponATime) (Version: - ) <==== ATTENTION
FloPechMussManHaben1 2-1-0 (HKLM\...\FloPechMussManHaben1) (Version: - )
FloPechMussManHaben2 2-1-0 (HKLM\...\FloPechMussManHaben2) (Version: - )
FreyaBoloBolo 2-1-0 (HKLM\...\FreyaBoloBolo) (Version: - )
G*Power 3.1.3 (HKLM\...\{26A39957-0BE3-449B-BA6F-922C8713AB2B}) (Version: 3.1.3 - Franz Faul, Uni Kiel, Germany)
Galswin (HKLM\...\{F131DCE7-7D20-11D5-BC42-00A0C9E23766}) (Version: - )
GelbeSeiten Für Berlin 2009 (HKLM\...\{720C39E1-E698-46AA-8B81-13400AD1AC40}) (Version: - )
Google Chrome (HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
GoToMeeting 5.5.0.1133 (HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\GoToMeeting) (Version: 5.5.0.1133 - CitrixOnline)
GoToMeeting 5.5.0.1133 (HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 5.5.0.1133 - CitrixOnline)
GoToMeeting 5.5.0.1133 (HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\GoToMeeting) (Version: 5.5.0.1133 - CitrixOnline)
GoToMeeting 5.5.0.1133 (HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\GoToMeeting) (Version: 5.5.0.1133 - CitrixOnline)
GoToMeeting 5.5.0.1133 (HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\GoToMeeting) (Version: 5.5.0.1133 - CitrixOnline)
Herz77Waldschule 2-1-0 (HKLM\...\Herz77Waldschule) (Version: - )
HP Driver Diagnostics (HKLM\...\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}) (Version: 1.03.0005 - Ihr Firmenname)
HubergerDasAmulett 2-1-0 (HKLM\...\HubergerDasAmulett) (Version: - )
HubergerKalterNorden 2-1-0 (HKLM\...\HubergerKalterNorden) (Version: - )
HubergerVerfeindeteBrueder 2-1-0 (HKLM\...\HubergerVerfeindeteBrueder) (Version: - )
imagine digital freedom - Samsung (HKLM\...\{8E106A57-A17E-431D-B48F-175E42EB9F74}) (Version: 1.0.2.2 - Samsung Electronics Co. Ltd.,)
ImperatorchenWieAllesBegann 2-1-0 (HKLM\...\ImperatorchenWieAllesBegann) (Version: - )
Indeo® software (HKLM\...\Indeo® software) (Version: - )
Indiana Jack (HKLM\...\IndianaJack) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrmchenFreundschaft 2-1-0 (HKLM\...\IrmchenFreundschaft) (Version: - )
IrmchenHubergerAmbush 2-1-0 (HKLM\...\IrmchenHubergerAmbush) (Version: - )
IrmchenHubergerFriedensmelodie 2-1-0 (HKLM\...\IrmchenHubergerFriedensmelodie) (Version: - )
IrmchenKundschafterPauli 2-1-0 (HKLM\...\IrmchenKundschafterPauli) (Version: - )
IrmchenRaubritter 2-1-0 (HKLM\...\IrmchenRaubritter) (Version: - )
IronBjarniDasCulturesWintermaerchen 2-1-3 (HKLM\...\IronBjarniDasCulturesWintermaerchen) (Version: - )
IronCedriDasSchneehorn 2-1-1 (HKLM\...\IronCedriDasSchneehorn) (Version: - )
IronMaebheOk09Donnerstag 2-1-1 (HKLM\...\IronMaebheOk09Donnerstag) (Version: - )
JamalGoldsonne 2-1-0 (HKLM\...\JamalGoldsonne) (Version: - )
JamalHilfestellung 2-1-0 (HKLM\...\JamalHilfestellung) (Version: - )
JamalKaertchen 2-1-0 (HKLM\...\JamalKaertchen) (Version: - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Johnnnie21ArenaShopping 2-1-0 (HKLM\...\Johnnnie21ArenaShopping) (Version: - )
Katharina157Glueckskinder1 2-1-0 (HKLM\...\Katharina157Glueckskinder1) (Version: - )
Katharina157Glueckskinder2 2-1-0 (HKLM\...\Katharina157Glueckskinder2) (Version: - )
Katharina157Glueckskinder3 2-1-0 (HKLM\...\Katharina157Glueckskinder3) (Version: - )
KraeuterBelleIle 2-1-0 (HKLM\...\KraeuterBelleIle) (Version: - )
KraeutergBeautifulWorld 2-1-0 (HKLM\...\KraeutergBeautifulWorld) (Version: - )
KraeutergDasAbgelegeneTal 2-1-0 (HKLM\...\KraeutergDasAbgelegeneTal) (Version: - )
KraeutergDerGrosseFlussMP 2-1-0 (HKLM\...\KraeutergDerGrosseFlussMP) (Version: - )
KraeutergDerGrosseFlussSP 2-1-0 (HKLM\...\KraeutergDerGrosseFlussSP) (Version: - )
KraeutergDerWegZuDenDreiBirke 2-1-0 (HKLM\...\KraeutergDerWegZuDenDreiBirke) (Version: - )
KraeutergDieGaertnerdesSultan 2-1-0 (HKLM\...\KraeutergDieGaertnerdesSultan) (Version: - )
KraeutergDieWaben 2-1-0 (HKLM\...\KraeutergDieWaben) (Version: - )
KraeutergDieWikingerinGroenla 2-1-0 (HKLM\...\KraeutergDieWikingerinGroenla) (Version: - )
KraeutergEinerFuerAlles 2-1-0 (HKLM\...\KraeutergEinerFuerAlles) (Version: - )
KraeutergEinUnwirklichesLand 2-1-0 (HKLM\...\KraeutergEinUnwirklichesLand) (Version: - )
KraeutergEinWintertraum 2-1-0 (HKLM\...\KraeutergEinWintertraum) (Version: - )
KraeutergHaithabu 2-1-0 (HKLM\...\KraeutergHaithabu) (Version: - )
KraeutergInderNiederlande 2-1-0 (HKLM\...\KraeutergInderNiederlande) (Version: - )
KraeutergInselwelt 2-1-0 (HKLM\...\KraeutergInselwelt) (Version: - )
KraeutergJardisdeGiverny 2-1-0 (HKLM\...\KraeutergJardisdeGiverny) (Version: - )
KraeutergMeinParadies 2-1-0 (HKLM\...\KraeutergMeinParadies) (Version: - )
KraeutergRuhigeZeiten 2-1-0 (HKLM\...\KraeutergRuhigeZeiten) (Version: - )
KraeutergWikingerAufDenKanare 2-1-0 (HKLM\...\KraeutergWikingerAufDenKanare) (Version: - )
KraeutergWikingerIn Daenemark 2-1-0 (HKLM\...\KraeutergWikingerIn Daenemark) (Version: - )
KraeutergWikingerInDerSchweiz 2-1-0 (HKLM\...\KraeutergWikingerInDerSchweiz) (Version: - )
KraeutergWikingerInEngland 2-1-0 (HKLM\...\KraeutergWikingerInEngland) (Version: - )
KraeutergWikingerInFinnland 2-1-0 (HKLM\...\KraeutergWikingerInFinnland) (Version: - )
KraeutergWikingerInFrance 2-1-0 (HKLM\...\KraeutergWikingerInFrance) (Version: - )
KraeutergWikingerInGermany 2-1-0 (HKLM\...\KraeutergWikingerInGermany) (Version: - )
KraeutergWikingerInGriechenla 2-1-0 (HKLM\...\KraeutergWikingerInGriechenla) (Version: - )
KraeutergWikingerInIrland 2-1-0 (HKLM\...\KraeutergWikingerInIrland) (Version: - )
KraeutergWikingerInIsland 2-1-0 (HKLM\...\KraeutergWikingerInIsland) (Version: - )
KraeutergWikingerInItalien 2-1-0 (HKLM\...\KraeutergWikingerInItalien) (Version: - )
KraeutergWikingerInMadagaskar 2-1-0 (HKLM\...\KraeutergWikingerInMadagaskar) (Version: - )
KraeutergWikingerInNorwegen 2-1-0 (HKLM\...\KraeutergWikingerInNorwegen) (Version: - )
KraeutergWikingerInOesterreic 2-1-0 (HKLM\...\KraeutergWikingerInOesterreic) (Version: - )
KraeutergWikingerInPortugal 2-1-0 (HKLM\...\KraeutergWikingerInPortugal) (Version: - )
KraeutergWikingerInSchwedenL 2-1-0 (HKLM\...\KraeutergWikingerInSchwedenL) (Version: - )
KraeutergWikingerInSpanien 2-1-0 (HKLM\...\KraeutergWikingerInSpanien) (Version: - )
KraeuterInselderTraeume 2-1-1 (HKLM\...\KraeuterInselderTraeume) (Version: - )
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version: - )
Lexicon Special Edition (HKLM\...\Lexicon Special Edition) (Version: - )
LibelleEaPAdventskalender 2-1-0 (HKLM\...\LibelleEaPAdventskalender) (Version: - )
LibelleEaPAiW1Zauberer 2-1-0 (HKLM\...\LibelleEaPAiW1Zauberer) (Version: - )
LibelleEaPAiW2Urfin 2-1-0 (HKLM\...\LibelleEaPAiW2Urfin) (Version: - )
LibelleEaPAiWu4DerFeuergottDerMarranen 2-1-0 (HKLM\...\LibelleEaPAiWu4DerFeuergottDerMarranen) (Version: - )
LibelleEaPAiWu5Arachna 2-1-0 (HKLM\...\LibelleEaPAiWu5Arachna) (Version: - )
LibelleEaPAK2012KlausDummling 2-1-0 (HKLM\...\LibelleEaPAK2012KlausDummling) (Version: - )
LibelleEaPBeiDen7Zwergen 2-1-0 (HKLM\...\LibelleEaPBeiDen7Zwergen) (Version: - )
LibelleEaPDasWolkenschaf 2-1-0 (HKLM\...\LibelleEaPDasWolkenschaf) (Version: - )
LibelleEaPDerVerzauberteNussknacker 2-1-0 (HKLM\...\LibelleEaPDerVerzauberteNussknacker) (Version: - )
LibelleEaPDie7UnterirdischenKoenige 2-1-0 (HKLM\...\LibelleEaPDie7UnterirdischenKoenige) (Version: - )
LibelleEaPDieverlorenenWunschz 2-1-0 (HKLM\...\LibelleEaPDieverlorenenWunschz) (Version: - )
LibelleEaPEinDutzendAlles 2-1-0 (HKLM\...\LibelleEaPEinDutzendAlles) (Version: - )
LibelleEaPHerrscherVonMandala 2-1-0 (HKLM\...\LibelleEaPHerrscherVonMandala) (Version: - )
LibelleEaPKleineInselKerkyra 2-1-0 (HKLM\...\LibelleEaPKleineInselKerkyra) (Version: - )
LibelleEaPMerkFixUndDieMagischenKisten 2-1-0 (HKLM\...\LibelleEaPMerkFixUndDieMagischenKisten) (Version: - )
LibelleEaPSiedelnnachWunsch 2-1-0 (HKLM\...\LibelleEaPSiedelnnachWunsch) (Version: - )
LibelleEaPStonehenge 2-1-0 (HKLM\...\LibelleEaPStonehenge) (Version: - )
LibelleFelixBlumen fuerPuenky 2-1-1 (HKLM\...\LibelleFelixBlumen fuerPuenky) (Version: - )
LunaticHandelskarte 2-1-0 (HKLM\...\LunaticHandelskarte) (Version: - )
LunaticInselkarteHandel 2-1-0 (HKLM\...\LunaticInselkarteHandel) (Version: - )
MaebheAlleJahreWieder 2-1-0 (HKLM\...\MaebheAlleJahreWieder) (Version: - )
MaebheDerPfefferkuchenmann 2-1-0 (HKLM\...\MaebheDerPfefferkuchenmann) (Version: - )
MagicflameDergroessteSchatz 2-1-0 (HKLM\...\MagicflameDergroessteSchatz) (Version: - )
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MannyDie6HeiligenSteine 2-1-0 (HKLM\...\MannyDie6HeiligenSteine) (Version: - )
MannyDievergesseneInsel 2-1-0 (HKLM\...\MannyDievergesseneInsel) (Version: - )
MannyNeueWelt 2-1-0 (HKLM\...\MannyNeueWelt) (Version: - )
MannyTupacAmaru 2-1-0 (HKLM\...\MannyTupacAmaru) (Version: - )
Mapperteam07. Drachenland 2-1-0 (HKLM\...\Mapperteam07. Drachenland) (Version: - )
MapperteamAegypten 2-1-1 (HKLM\...\MapperteamAegypten) (Version: - )
MapperteamAmazonen 2-1-0 (HKLM\...\MapperteamAmazonen) (Version: - )
MapperteamAmRandDerWelt 2-1-0 (HKLM\...\MapperteamAmRandDerWelt) (Version: - )
MapperteamAtlantis 2-1-0 (HKLM\...\MapperteamAtlantis) (Version: - )
MapperteamAufDemDachDerWelt 2-1-0 (HKLM\...\MapperteamAufDemDachDerWelt) (Version: - )
MapperteamAufUndDavon 2-1-0 (HKLM\...\MapperteamAufUndDavon) (Version: - )
MapperteamAustralien 2-1-0 (HKLM\...\MapperteamAustralien) (Version: - )
MapperteamAuswanderer 2-1-0 (HKLM\...\MapperteamAuswanderer) (Version: - )
MapperteamBeiMani 2-1-0 (HKLM\...\MapperteamBeiMani) (Version: - )
MapperteamBjarniInEngland 2-1-0 (HKLM\...\MapperteamBjarniInEngland) (Version: - )
MapperteamBjarnisVerhaengnis 2-1-0 (HKLM\...\MapperteamBjarnisVerhaengnis) (Version: - )
MapperteamBombenstimmungInMarburg 2-1-0 (HKLM\...\MapperteamBombenstimmungInMarburg) (Version: - )
MapperteamChaosUmsBockbier 2-1-0 (HKLM\...\MapperteamChaosUmsBockbier) (Version: - )
MapperteamCyraunddieMapper 2-1-0 (HKLM\...\MapperteamCyraunddieMapper) (Version: - )
MapperteamDasFehlendePasswort 2-1-1 (HKLM\...\MapperteamDasFehlendePasswort) (Version: - )
MapperteamDasFest 2-1-0 (HKLM\...\MapperteamDasFest) (Version: - )
MapperteamDasGeheimnisderMaya 2-1-0 (HKLM\...\MapperteamDasGeheimnisderMaya) (Version: - )
MapperteamDasGrosseGwerchVonNaermberch 2-1-0 (HKLM\...\MapperteamDasGrosseGwerchVonNaermberch) (Version: - )
MapperteamDasImpressum 2-1-0 (HKLM\...\MapperteamDasImpressum) (Version: - )
MapperteamDerFjord 2-1-0 (HKLM\...\MapperteamDerFjord) (Version: - )
MapperteamDerMeisterdieb 2-1-2 (HKLM\...\MapperteamDerMeisterdieb) (Version: - )
MapperteamDerSchwarzeTod 2-1-0 (HKLM\...\MapperteamDerSchwarzeTod) (Version: - )
MapperteamDie10Gebote 2-1-0 (HKLM\...\MapperteamDie10Gebote) (Version: - )
MapperteamDieSavannenOstafrika 2-1-0 (HKLM\...\MapperteamDieSavannenOstafrika) (Version: - )
MapperteamDjinne 2-1-0 (HKLM\...\MapperteamDjinne) (Version: - )
MapperteamEntfuehrtundGetrennt 2-1-0 (HKLM\...\MapperteamEntfuehrtundGetrennt) (Version: - )
MapperteamEroberer 2-1-0 (HKLM\...\MapperteamEroberer) (Version: - )
MapperteamExcalibur 2-1-1 (HKLM\...\MapperteamExcalibur) (Version: - )
MapperteamHansebundUndLikedeelers 2-1-0 (HKLM\...\MapperteamHansebundUndLikedeelers) (Version: - )
MapperteamHeldOhneErinnerung 2-1-0 (HKLM\...\MapperteamHeldOhneErinnerung) (Version: - )
MapperteamImElbtal 2-1-0 (HKLM\...\MapperteamImElbtal) (Version: - )
MapperteamImpressum 2-1-0 (HKLM\...\MapperteamImpressum) (Version: - )
MapperteamImpressum08 2-1-0 (HKLM\...\MapperteamImpressum08) (Version: - )
MapperteamImpressum2010 2-1-0 (HKLM\...\MapperteamImpressum2010) (Version: - )
MapperteamInBavaria 2-1-0 (HKLM\...\MapperteamInBavaria) (Version: - )
MapperteamInDubai 2-1-0 (HKLM\...\MapperteamInDubai) (Version: - )
MapperteamInFranken 2-1-0 (HKLM\...\MapperteamInFranken) (Version: - )
MapperteamInKuba 2-1-0 (HKLM\...\MapperteamInKuba) (Version: - )
MapperteamKatastrophentalEifel 2-1-0 (HKLM\...\MapperteamKatastrophentalEifel) (Version: - )
MapperteamLandDesRot 2-1-0 (HKLM\...\MapperteamLandDesRot) (Version: - )
MapperteamLangerLulatschInBredullje 2-1-0 (HKLM\...\MapperteamLangerLulatschInBredullje) (Version: - )
MapperteamLondon 2-1-0 (HKLM\...\MapperteamLondon) (Version: - )
MapperteamManibeidenDrachen 2-1-0 (HKLM\...\MapperteamManibeidenDrachen) (Version: - )
MapperteamManibeimHoehlengeist 2-1-0 (HKLM\...\MapperteamManibeimHoehlengeist) (Version: - )
MapperteamMexiko 2-1-0 (HKLM\...\MapperteamMexiko) (Version: - )
MapperteamNachVinland 2-1-0 (HKLM\...\MapperteamNachVinland) (Version: - )
MapperteamOrakelsuche 2-1-0 (HKLM\...\MapperteamOrakelsuche) (Version: - )
MapperteamPiratenbraeute 2-1-0 (HKLM\...\MapperteamPiratenbraeute) (Version: - )
MapperteamRaeuberspukImHuy 2-1-0 (HKLM\...\MapperteamRaeuberspukImHuy) (Version: - )
MapperteamReisemitHindernissen 2-1-0 (HKLM\...\MapperteamReisemitHindernissen) (Version: - )
MapperteamSchaetzederKaribik 2-1-0 (HKLM\...\MapperteamSchaetzederKaribik) (Version: - )
MapperteamSigurdsReiseDurchTirol 2-1-0 (HKLM\...\MapperteamSigurdsReiseDurchTirol) (Version: - )
MapperteamStadtrundgang 2-1-0 (HKLM\...\MapperteamStadtrundgang) (Version: - )
MapperteamSuchenachHeimdall 2-1-0 (HKLM\...\MapperteamSuchenachHeimdall) (Version: - )
MapperteamSuedamerika 2-1-0 (HKLM\...\MapperteamSuedamerika) (Version: - )
MapperteamSuedlichVom GlamourGuelleGranaten 2-1-0 (HKLM\...\MapperteamSuedlichVom GlamourGuelleGranaten) (Version: - )
MapperteamSuedlichVom SigurdUndDerKaiser 2-1-0 (HKLM\...\MapperteamSuedlichVom SigurdUndDerKaiser) (Version: - )
MapperteamSuedlichVom TreffpunktAirport 2-1-0 (HKLM\...\MapperteamSuedlichVom TreffpunktAirport) (Version: - )
MapperteamSuedlichVom WeisswurstAequator 2-1-0 (HKLM\...\MapperteamSuedlichVom WeisswurstAequator) (Version: - )
MapperteamUnterNordlichtern 2-1-0 (HKLM\...\MapperteamUnterNordlichtern) (Version: - )
MapperteamVerraeterundVerbuendete 2-1-1 (HKLM\...\MapperteamVerraeterundVerbuendete) (Version: - )
MapperteamVordemFest 2-1-0 (HKLM\...\MapperteamVordemFest) (Version: - )
MapperteamWaehrendBjarnischlie 2-1-0 (HKLM\...\MapperteamWaehrendBjarnischlie) (Version: - )
MapperteamZufluchtbeiFreunden 2-1-0 (HKLM\...\MapperteamZufluchtbeiFreunden) (Version: - )
MapperteamZwischenstop 2-1-0 (HKLM\...\MapperteamZwischenstop) (Version: - )
Max Mix Foto (HKLM\...\Max Mix Foto) (Version: - )
Megamind (HKLM\...\Megamind) (Version: - )
Melisendre3Haselnuesse 2-1-0 (HKLM\...\Melisendre3Haselnuesse) (Version: - )
MelisendreSterntaler 2-1-0 (HKLM\...\MelisendreSterntaler) (Version: - )
MelisendreUnglueckKomplett 2-1-1 (HKLM\...\MelisendreUnglueckKomplett) (Version: - )
MessiCulturianerOK10Montag 2-1-0 (HKLM\...\MessiCulturianerOK10Montag) (Version: - )
messiGoldsuche 2-1-2 (HKLM\...\messiGoldsuche) (Version: - )
MessiOk09Samstag 2-1-0 (HKLM\...\MessiOk09Samstag) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft AutoRoute 2002 (HKLM\...\{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}) (Version: 9.00.17.0200 - Microsoft)
Microsoft Encarta Professional 2005 (HKLM\...\{054400C0-64A6-4248-A026-9745C1E9E159}) (Version: 2005 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Picture It! Foto 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE132}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{1D1D8ADC-BF08-4E61-9393-5FA305B16864}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{5C759B74-34F4-43C6-A5D9-039CB754C5E9}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Works 2003-Setup-Start (HKLM\...\Works2003Setup) (Version: - )
Microsoft Works 7.0 (HKLM\...\{EDDDC607-91D9-4758-9F57-265FDCD8A772}) (Version: 07.02.0702 - Microsoft Corporation)
Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM\...\{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}) (Version: 2.0.0.0000 - Microsoft Corporation)
Minigolf Pro (HKLM\...\Minigolf Pro) (Version: - )
MoltWinterWonderland 2-1-0 (HKLM\...\MoltWinterWonderland) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 2 (HKLM\...\{36F8DD90-CE12-11E4-8830-0800200C9A66}) (Version: 2.0.0 - Werner Schweer and Others)
NeisianMaebheOstern08Montag 2-1-0 (HKLM\...\NeisianMaebheOstern08Montag) (Version: - )
NeoBall (HKLM\...\NeoBall) (Version: - )
NoLimitDie5Amulette 2-1-0 (HKLM\...\NoLimitDie5Amulette) (Version: - )
OK10FreitagSommersprosseNejira 2-1-0 (HKLM\...\OK10FreitagSommersprosseNejira) (Version: - )
OK10SonntagSaCoMa 2-1-0 (HKLM\...\OK10SonntagSaCoMa) (Version: - )
Ostern08DonnersPuenkyDodie 2-1-0 (HKLM\...\Ostern08DonnersPuenkyDodie) (Version: - )
PCTroubleshooting (HKLM\...\{68CAE442-579C-4D84-AA5F-253852522ED5}) (Version: 2.0.0.4 - Samsung Electronics Co.,LTD.)
Pearl Poppers (HKLM\...\Pearl Poppers) (Version: - )
Phoenix21Inselhopper 2-1-1 (HKLM\...\Phoenix21Inselhopper) (Version: - )
phoenix21Steinhagel 2-1-0 (HKLM\...\phoenix21Steinhagel) (Version: - )
PimpfiBlumeVonOstaria 2-1-0 (HKLM\...\PimpfiBlumeVonOstaria) (Version: - )
PimpfiNirvana 2-1-0 (HKLM\...\PimpfiNirvana) (Version: - )
PimpfiundIchSeitGenerationen 2-1-0 (HKLM\...\PimpfiundIchSeitGenerationen) (Version: - )
PirateVille (HKLM\...\PirateVille) (Version: - )
PowerDirector (Version: 7.00.0000 - CyberLink Corp.) Hidden
pronto pummelBlaukaeppchen 2-1-0 (HKLM\...\pronto pummelBlaukaeppchen) (Version: - )
ProntoPummelDerverrueckteDruide 2-1-0 (HKLM\...\ProntoPummelDerverrueckteDruide) (Version: - )
prontopummelKlimawandel 2-1-0 (HKLM\...\prontopummelKlimawandel) (Version: - )
prontopummelWassermann 2-1-0 (HKLM\...\prontopummelWassermann) (Version: - )
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.13 - ProtectDisc Software GmbH)
RandallFlaggDieMafia 2-1-4 (HKLM\...\RandallFlaggDieMafia) (Version: - )
RatinaZAllesWichtelOderWas 2-1-0 (HKLM\...\RatinaZAllesWichtelOderWas) (Version: - )
RatinaZDasSchicksalHacons 2-1-0 (HKLM\...\RatinaZDasSchicksalHacons) (Version: - )
RatinaZDreiBrueder 2-1-0 (HKLM\...\RatinaZDreiBrueder) (Version: - )
RatinaZEineGrosseAufgabe 2-1-0 (HKLM\...\RatinaZEineGrosseAufgabe) (Version: - )
RatinaZHaconGegenDieRiesen 2-1-0 (HKLM\...\RatinaZHaconGegenDieRiesen) (Version: - )
RatinaZHaconInAsgard 2-1-0 (HKLM\...\RatinaZHaconInAsgard) (Version: - )
RatinaZHomeSweetHome 2-1-0 (HKLM\...\RatinaZHomeSweetHome) (Version: - )
RatinaZNeuerAnfang 2-1-0 (HKLM\...\RatinaZNeuerAnfang) (Version: - )
RatinaZStreikderWichtel 2-1-0 (HKLM\...\RatinaZStreikderWichtel) (Version: - )
RatinaZWilliWichtel 2-1-0 (HKLM\...\RatinaZWilliWichtel) (Version: - )
RatinaZWuestensand 2-1-0 (HKLM\...\RatinaZWuestensand) (Version: - )
Readiris 7.5 (HKLM\...\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}) (Version: - )
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5837 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
ReddyMidisOk10Samstag 2-1-0 (HKLM\...\ReddyMidisOk10Samstag) (Version: - )
Reversi (HKLM\...\Reversi) (Version: - )
Roxio CinePlayer (HKLM\...\{26792CA7-D87A-4DBE-896B-C2F66B344511}) (Version: 2.2.0 - Roxio)
SaCoMaAufbruchMitHindernissen 2-1-0 (HKLM\...\SaCoMaAufbruchMitHindernissen) (Version: - )
SaCoMaDieBrueckeAmRhein 2-1-0 (HKLM\...\SaCoMaDieBrueckeAmRhein) (Version: - )
SaCoMaFreundschaftshilfe 2-1-1 (HKLM\...\SaCoMaFreundschaftshilfe) (Version: - )
SaCoMaGrosseTauschaktion 2-1-0 (HKLM\...\SaCoMaGrosseTauschaktion) (Version: - )
SaCoMaHeimatlos 2-1-0 (HKLM\...\SaCoMaHeimatlos) (Version: - )
SaCoMaIrland 2-1-0 (HKLM\...\SaCoMaIrland) (Version: - )
SaCoMaIsland 2-1-0 (HKLM\...\SaCoMaIsland) (Version: - )
SaCoMaLehnsherr 2-1-0 (HKLM\...\SaCoMaLehnsherr) (Version: - )
SaCoMaMaennerAlleinZuHaus 2-1-0 (HKLM\...\SaCoMaMaennerAlleinZuHaus) (Version: - )
SaCoMaOdW10Ausgesetzt 2-1-0 (HKLM\...\SaCoMaOdW10Ausgesetzt) (Version: - )
SaCoMaOdW11DieOase 2-1-0 (HKLM\...\SaCoMaOdW11DieOase) (Version: - )
SaCoMaOdW12Wuestenvolk 2-1-0 (HKLM\...\SaCoMaOdW12Wuestenvolk) (Version: - )
SaCoMaOdW13Zickzackkurs 2-1-0 (HKLM\...\SaCoMaOdW13Zickzackkurs) (Version: - )
SaCoMaOdW14Goetterheimat 2-1-0 (HKLM\...\SaCoMaOdW14Goetterheimat) (Version: - )
SaCoMaOdW15LokisEiland 2-1-0 (HKLM\...\SaCoMaOdW15LokisEiland) (Version: - )
SaCoMaOdW16Gestrandet 2-1-0 (HKLM\...\SaCoMaOdW16Gestrandet) (Version: - )
SaCoMaOdW17DieRueckkehr 2-1-1 (HKLM\...\SaCoMaOdW17DieRueckkehr) (Version: - )
SaCoMaOdW7Alpen 2-1-0 (HKLM\...\SaCoMaOdW7Alpen) (Version: - )
SaCoMaOdW9InDerNeuenWelt 2-1-0 (HKLM\...\SaCoMaOdW9InDerNeuenWelt) (Version: - )
SaCoMaRS1AufbruchNachVinland 2-1-0 (HKLM\...\SaCoMaRS1AufbruchNachVinland) (Version: - )
SaCoMaRS2MissionInVinland 2-1-1 (HKLM\...\SaCoMaRS2MissionInVinland) (Version: - )
SaCoMaRS3DieSpurDerVerwuestung 2-1-0 (HKLM\...\SaCoMaRS3DieSpurDerVerwuestung) (Version: - )
SaCoMaRS4ImLabyrinthdesweisenSchamanen 2-1-0 (HKLM\...\SaCoMaRS4ImLabyrinthdesweisenSchamanen) (Version: - )
SaCoMaRS5ImAngesichtDesFeindes 2-1-0 (HKLM\...\SaCoMaRS5ImAngesichtDesFeindes) (Version: - )
SaCoMaRS6DieBastionDesSchreckens 2-1-0 (HKLM\...\SaCoMaRS6DieBastionDesSchreckens) (Version: - )
SaCoMaRS7DieEntscheidungsschlacht 2-1-0 (HKLM\...\SaCoMaRS7DieEntscheidungsschlacht) (Version: - )
SaCoMaSindbad 2-1-0 (HKLM\...\SaCoMaSindbad) (Version: - )
SaCoMaWildschweinplage 2-1-0 (HKLM\...\SaCoMaWildschweinplage) (Version: - )
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.0 - Samsung Electronics Co., LTD)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.9 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SchnuckiWickiOstern08Ostersonntag 2-1-0 (HKLM\...\SchnuckiWickiOstern08Ostersonntag) (Version: - )
SchreibfederFrost 2-1-0 (HKLM\...\SchreibfederFrost) (Version: - )
SeaBounty (HKLM\...\SeaBounty) (Version: - )
ShaminoHammerfest 2-1-0 (HKLM\...\ShaminoHammerfest) (Version: - )
ShaminoInselspringenWS 2-1-0 (HKLM\...\ShaminoInselspringenWS) (Version: - )
Shockwave (HKLM\...\Shockwave) (Version: - )
SilbermondAlchimistin 2-1-0 (HKLM\...\SilbermondAlchimistin) (Version: - )
SilbermondFionaFionaunddieWikingerf 2-1-0 (HKLM\...\SilbermondFionaFionaunddieWikingerf) (Version: - )
SilbermondSilvermonnsGeheimnis 2-1-0 (HKLM\...\SilbermondSilvermonnsGeheimnis) (Version: - )
SilbermondStrohzuGold 2-1-0 (HKLM\...\SilbermondStrohzuGold) (Version: - )
SimonDerFinsterwald 2-1-0 (HKLM\...\SimonDerFinsterwald) (Version: - )
sprMappertea 2-1-0 (HKLM\...\sprMappertea) (Version: - )
StefanAlleZusammen 2-1-0 (HKLM\...\StefanAlleZusammen) (Version: - )
StefanAufNachTakatuka 2-1-0 (HKLM\...\StefanAufNachTakatuka) (Version: - )
StefanDerHilferuf 2-1-0 (HKLM\...\StefanDerHilferuf) (Version: - )
StefanDerHoehleneingang 2-1-0 (HKLM\...\StefanDerHoehleneingang) (Version: - )
StefanDerOffeneOzean 2-1-0 (HKLM\...\StefanDerOffeneOzean) (Version: - )
StefanDieExplosion 2-1-0 (HKLM\...\StefanDieExplosion) (Version: - )
StefanDieZollbeamten 2-1-0 (HKLM\...\StefanDieZollbeamten) (Version: - )
StefanWinterzeit 2-1-0 (HKLM\...\StefanWinterzeit) (Version: - )
Sunken Treasure (HKLM\...\Sunken Treasure) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.2 - Synaptics)
ThomasOasedesHaendlers 2-1-0 (HKLM\...\ThomasOasedesHaendlers) (Version: - )
thschlumpfAK2012Wintermaerchen 2-1-0 (HKLM\...\thschlumpfAK2012Wintermaerchen) (Version: - )
thschlumpfBummelnmitPoppy 2-1-0 (HKLM\...\thschlumpfBummelnmitPoppy) (Version: - )
timanfaya99Zaubermeister 2-1-0 (HKLM\...\timanfaya99Zaubermeister) (Version: - )
TMPlay3Home (HKLM\...\{57931112-46C4-44C9-9A5A-66A593CEDCCD}) (Version: 3.20.6000 - mdlsoft.co.uk / TaskMagic)
TommyAlleingeblieben 2-1-0 (HKLM\...\TommyAlleingeblieben) (Version: - )
TommyAnguaEineSchoeneBescherun 2-1-0 (HKLM\...\TommyAnguaEineSchoeneBescherun) (Version: - )
TommyAnguaNannyOggStreetOfLive 2-1-0 (HKLM\...\TommyAnguaNannyOggStreetOfLive) (Version: - )
TommyDatingAgencyLibellule 2-1-0 (HKLM\...\TommyDatingAgencyLibellule) (Version: - )
TommyGestrandet 2-1-0 (HKLM\...\TommyGestrandet) (Version: - )
TommyGrippewelle 2-1-0 (HKLM\...\TommyGrippewelle) (Version: - )
TommyHandelswahn 2-1-0 (HKLM\...\TommyHandelswahn) (Version: - )
TommyIslandJumping 2-1-0 (HKLM\...\TommyIslandJumping) (Version: - )
TommyMexicoCanyon 2-1-0 (HKLM\...\TommyMexicoCanyon) (Version: - )
TommyNachdemFest 2-1-0 (HKLM\...\TommyNachdemFest) (Version: - )
TommyWedding 2-1-0 (HKLM\...\TommyWedding) (Version: - )
TommyWickiAnguaFreezes 2-1-0 (HKLM\...\TommyWickiAnguaFreezes) (Version: - )
TommyWickiKalikantzari 2-1-0 (HKLM\...\TommyWickiKalikantzari) (Version: - )
Treasure Mines (HKLM\...\Treasure Mines) (Version: - )
truckerDie12Monate 2-1-0 (HKLM\...\truckerDie12Monate) (Version: - )
TruckerDrachenland 2-1-0 (HKLM\...\TruckerDrachenland) (Version: - )
TruckerDrachenland2 2-1-2 (HKLM\...\TruckerDrachenland2) (Version: - )
TruckerDrachenland3 2-1-0 (HKLM\...\TruckerDrachenland3) (Version: - )
TruckerDrachenland4 2-1-0 (HKLM\...\TruckerDrachenland4) (Version: - )
TruckerDrachenland5 2-1-1 (HKLM\...\TruckerDrachenland5) (Version: - )
TruckerDrachenland6 2-1-0 (HKLM\...\TruckerDrachenland6) (Version: - )
TruckerOk09Montag 2-1-0 (HKLM\...\TruckerOk09Montag) (Version: - )
TurmwacheDerAnfang1 2-1-0 (HKLM\...\TurmwacheDerAnfang1) (Version: - )
TurmwacheDerHafen3 2-1-0 (HKLM\...\TurmwacheDerHafen3) (Version: - )
TurmwacheDerHansebund 2-1-0 (HKLM\...\TurmwacheDerHansebund) (Version: - )
TurmwacheDerTempel8 2-1-0 (HKLM\...\TurmwacheDerTempel8) (Version: - )
TurmwacheDerWald6 2-1-0 (HKLM\...\TurmwacheDerWald6) (Version: - )
TurmwacheKamp2DieWueste 2-1-0 (HKLM\...\TurmwacheKamp2DieWueste) (Version: - )
TurmwacheKamp4Kaufrausch 2-1-0 (HKLM\...\TurmwacheKamp4Kaufrausch) (Version: - )
TurmwacheKamp5Haendlersmann 2-1-0 (HKLM\...\TurmwacheKamp5Haendlersmann) (Version: - )
TurmwacheKamp7Vorbereitung 2-1-0 (HKLM\...\TurmwacheKamp7Vorbereitung) (Version: - )
UlfDieGoldsucher 2-1-0 (HKLM\...\UlfDieGoldsucher) (Version: - )
UlfFriedlicheWeihnachte 2-1-0 (HKLM\...\UlfFriedlicheWeihnachte) (Version: - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Veoh Giraffic Video Accelerator (HKLM\...\Giraffic) (Version: 0.86.412.230 - Giraffic)
Veoh Web Player (HKLM\...\Veoh Web Player Beta) (Version: 1.1.2.0000 - Veoh Networks, Inc.)
VroFlintsErbeTeil1 2-1-0 (HKLM\...\VroFlintsErbeTeil1) (Version: - )
VroFlintsErbeTeil2 2-1-0 (HKLM\...\VroFlintsErbeTeil2) (Version: - )
VroIronWiToOk09Sonntag 2-1-0 (HKLM\...\VroIronWiToOk09Sonntag) (Version: - )
WickiTiefschlaf 2-1-0 (HKLM\...\WickiTiefschlaf) (Version: - )
WickiTommyFriedersWunsch 2-1-0 (HKLM\...\WickiTommyFriedersWunsch) (Version: - )
WickiTommyOk09Freitag 2-1-0 (HKLM\...\WickiTommyOk09Freitag) (Version: - )
WietiaCulturianerOK10Donnerstag 2-1-0 (HKLM\...\WietiaCulturianerOK10Donnerstag) (Version: - )
WiSchnuMarzipania 2-1-0 (HKLM\...\WiSchnuMarzipania) (Version: - )
WolfsrudelOdinsGeschenk 2-1-0 (HKLM\...\WolfsrudelOdinsGeschenk) (Version: - )
Works Suite-Betriebssystem-Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden
WuselBadespassmit Folgen 2-1-1 (HKLM\...\WuselBadespassmit Folgen) (Version: - )
WuselDerTagNull 2-1-0 (HKLM\...\WuselDerTagNull) (Version: - )
XP-Games JRE (HKLM\...\XP-Games JRE) (Version: - )
XP-Spiele Ishido (HKLM\...\XP-Spiele Ishido) (Version: - )
XP-Spiele Shisen Metall (HKLM\...\XP-Spiele Shisen Metall) (Version: - )
xxxx 2-1-0 (HKLM\...\xxxx) (Version: - )
YaNRaeubergeschichten 2-1-0 (HKLM\...\YaNRaeubergeschichten) (Version: - )
YogiDieKameltreiber 2-1-0 (HKLM\...\YogiDieKameltreiber) (Version: - )
YTD Video Downloader 4.0 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.0 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{0C378864-D5C4-4D9C-854C-432E3BEC9CCB}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{17764098-F985-44E2-93C3-DF9B49F1CC19}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{17E67D4A-23A1-40D8-A049-EE34C0AF756A}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{294E9835-D0F1-4815-8C52-3C08FBB1403E}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{42C68651-1700-4750-A81F-A1F5110E0F66}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{4774922A-8983-4ECC-94FD-7235F06F53A1}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{51240B37-45D0-413C-BAE0-D8F3ACDC15E6}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{54BE6B6F-3056-470B-97E1-BB92E051B6C4}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{5A494E87-262C-4340-A539-2FAC0A85D935}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{5E6F22B3-7DF6-4C64-8AD0-1A6CC1351085}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{60178279-6D62-43AF-A336-77925651A4C6}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{6470DE80-1635-4B5D-93A3-3701CE148A79}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{64CB8178-1A77-4443-BE13-30BE889B99BB}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{684E4896-6EFC-4A3D-B967-6105894A6796}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{784F2933-6BDD-4E5F-B1BA-A8D99B603649}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{7CB9D4F5-C492-42A4-93B1-3F7D6946470D}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{7D4CF499-32EC-4E8E-8714-7E74303869F0}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1133\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{8877F3CD-3C29-4E2D-B7DD-70B24DF4EBD1}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{910E7ADE-7F75-402D-A4A6-BB1A82362FCA}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{93441C07-E57E-4086-B912-F323D741A9D8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{9986CC36-7FA8-4E9A-ADE1-E197FCC5484B}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{9E1DDDD2-0638-4607-B266-13FE69EDFFD3}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{9E3A85FC-1E59-4C57-ACEA-17E7D61000F1}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{A95845D8-8463-4605-B5FB-4F8CFBAC5C47}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{AA6A5B54-2ACF-4FDB-A82B-E505A5E0B65E}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{AAFBE339-5BEE-417C-BE98-218DA8512B43}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{AB049B11-607B-46C8-BBF7-F4D6AF301046}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{AB237044-8A3B-42BB-9EE1-9BFA6721D9ED}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{B2CD4730-67E7-401C-A2CB-D74715E05FA4}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{B5201019-B9A8-411C-A7AC-CEA856A63C00}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{B9C13CD0-5A97-4C6B-8A50-7638020E2462}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{BC2971B9-2A4F-44C8-8D7F-04E027544828}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{BE65189A-4770-47A0-9B7B-68827DB1C317}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{BF931895-AF82-467A-8819-917C6EE2D1F3}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{C70D0641-DDE1-4FD7-A4D4-DA187B80741D}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{C94188F6-0F9F-46B3-8B78-D71907BD8B77}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{CDAF9CEC-F3EC-4B22-ABA3-9726713560F8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{CF6866F9-B67C-4B24-9957-F91E91E788DC}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{D057CD8F-1469-4A41-B24C-7EED6B1DDCD2}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{DC4F9DA0-DB05-4BB0-8FB2-03A80FE98772}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{DE233AFF-8BD5-457E-B7F0-702DBEA5A828}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{DF1F1C17-6A29-45FB-A3C6-9825908E062E}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{E12DA4F2-BDFB-4EAD-B12F-2725251FA6B0}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{E975F61C-2C2B-4FE8-A4CD-24C52969CE12}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{FA9C5110-071C-4964-9DD0-610806FF0F81}\InprocServer32 -> C:\Program Files\Hp\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319244995-2461475978-946539677-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
23-04-2015 03:00:19 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01A0F024-4AB0-4E24-9668-183E458A0987} - System32\Tasks\{2432882A-C10E-46FA-B4B5-65B10217C9DB} => pcalua.exe -a C:\Users\Ute\Documents\SeaBounty\mapper\mapper\AlixMapperlehrling_v2-1-0.exe -d C:\Users\Ute\Documents\SeaBounty\mapper\mapper
Task: {01C0BE4D-6ED3-45D1-82FF-128C767D7489} - System32\Tasks\{E4B2C65C-775A-4A46-8459-0E511945618C} => pcalua.exe -a "C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32YCHNZ3\SaCoMaOk10Sonntag_v2-1-0[1].exe" -d C:\Users\Ute\Desktop
Task: {02307148-A4C1-4C65-B6EB-7F6E87FA625B} - System32\Tasks\{76D477F9-0BD3-4BAD-A096-CA5230E741CB} => pcalua.exe -a "C:\Users\Ute\Documents\zu Spielen u. Sonstiges\BonusKarten[1]\CulturesBonuskarten.exe" -d "C:\Users\Ute\Documents\zu Spielen u. Sonstiges\BonusKarten[1]"
Task: {0C44EB63-9084-4969-A730-1B4012E0E0F2} - System32\Tasks\{A1AD830B-85D8-4915-8A16-9EA6C3D2CDC7} => pcalua.exe -a C:\Users\Ute\Documents\SeaBounty\LibelleEaPVeraergerteJahreszeiten_v2-1-0.exe -d C:\Users\Ute\Documents\SeaBounty
Task: {0CF84A71-CC9C-4D25-A61C-0935D07193EB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3319244995-2461475978-946539677-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {0D0306AD-A754-4D2E-920D-AC1F54EBFBD3} - System32\Tasks\{82DA9831-0913-444B-A138-81FAC7FCF73A} => pcalua.exe -a "C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWGLMU0P\KraeutergDerGrosseFlussMP_v2-1-0[1].exe" -d C:\Users\Ute\Desktop
Task: {15F9F7E1-EC79-4A33-A971-1CCA5AF82AF1} - System32\Tasks\{CB09B9A0-6267-46BF-9ED5-D8F422D8B3E7} => pcalua.exe -a "C:\Program Files\eGames\Collector's Edition 251\gbrowser.exe" -d C:\PROGRA~1\eGames\COLLEC~1
Task: {19D4039D-5E6B-4F99-BFF9-63177728BF9B} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-12-10] (SAMSUNG Electronics co., LTD.)
Task: {19E46472-CA40-4549-9C15-C5EA706841E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000UA => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11] (Google Inc.)
Task: {1D471684-0982-4BAE-AED2-8356D0FF9941} - System32\Tasks\{ECFF52B0-5E98-45EC-B390-A563540B90F8} => pcalua.exe -a C:\Users\Ute\Documents\SeaBounty\LibelleEaPAiW1Zauberer_v2-1-1.exe -d C:\Users\Ute\Documents\SeaBounty
Task: {22660A55-A79C-456A-968D-F16B3A606F38} - System32\Tasks\{3A6C636B-8F8E-48D3-9FFD-05FF6F15E948} => pcalua.exe -a C:\Users\Ute\Documents\SeaBounty\RatinaZNeuerAnfang_v2-1-0.exe -d C:\Users\Ute\Documents\SeaBounty
Task: {296567A4-45E9-4451-B1E6-D1541D1545A8} - System32\Tasks\{E07D4F2E-1D23-4F79-B89B-EDC976FA674D} => pcalua.exe -a C:\Users\Ute\Documents\SeaBounty\LibelleEaPAiW2Urfin_v2-1-0.exe -d C:\Users\Ute\Documents\SeaBounty
Task: {3CA93DF4-8B23-4E77-9EE8-1946C7B5E61D} - System32\Tasks\{803935D4-C84F-4A5D-9937-AB4E1D7BC668} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {45E4780F-D05F-45B8-9981-5B1C2B819E5F} - System32\Tasks\{969F8821-AD74-4783-93ED-FA72A4D7D122} => pcalua.exe -a C:\Users\Ute\AppData\Local\Temp\Temp1_CulturesMemory.zip\AnguaCulturesMemory_v2-1-1.exe
Task: {53900DC5-DA25-4626-8A43-A73FB9D174CF} - System32\Tasks\{2284FDE9-81C5-41BC-BB5D-D1E912E5B427} => pcalua.exe -a "C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32YCHNZ3\KraeutergWikingerInSpanien_v2-1-0[1].exe" -d C:\Users\Ute\Desktop
Task: {646AC055-A380-4725-8CF0-12454A65DD20} - System32\Tasks\{EE3C3404-B594-47AF-85C9-852EFCB44B7E} => pcalua.exe -a C:\Users\Ute\Documents\SeaBounty\RatinaZSinnlosSiedeln_v2-1-0.exe -d C:\Users\Ute\Documents\SeaBounty
Task: {64B4A6D6-8DAF-4160-B459-69852B2B24E2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3319244995-2461475978-946539677-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {66272A2A-7C9A-4A74-99A6-BA34D3111465} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-20] ()
Task: {72BE2131-C30D-4303-ACC9-BDE24C4902AA} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-05-15] (Samsung Electronics Co., Ltd.)
Task: {73A257FE-6364-485A-8C32-B784B91915CA} - System32\Tasks\{B415D688-ADB9-458E-9C69-2D83D12F0122} => pcalua.exe -a C:\Users\Ute\Documents\BonusKarten[1]\CulturesBonuskarten.exe -d C:\Users\Ute\Documents\BonusKarten[1]
Task: {7A5CDB55-3310-48A1-A6E1-C81AEE00CC4D} - System32\Tasks\{C1BB8EEE-BA4E-457E-AD56-2A402EE83B48} => pcalua.exe -a C:\Users\Ute\Documents\SeaBounty\RatinaZHomeSweetHome_v2-1-0.exe -d C:\Users\Ute\Documents\SeaBounty
Task: {7CE71C52-B95A-4C9B-90A8-0DBA260545FC} - System32\Tasks\{83200B3F-9570-4D67-A688-82D5E9C537E1} => pcalua.exe -a E:\start.exe -d E:\
Task: {808A38B6-5350-4480-A5BE-DBB12269E7EC} - System32\Tasks\{9F30057C-0078-44C2-9E91-3483F6DF9BCA} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {83675BD7-3552-48D7-A75A-8F9439A1F0AD} - System32\Tasks\{71E10746-3F35-4EF1-8114-9907D7EFA508} => pcalua.exe -a "C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05Y4WL9J\AlixBildungsreise_v2-1-0[1].exe" -d C:\Users\Ute\Desktop
Task: {9CE94216-7118-4F87-8B84-E65C8EDA0BBF} - System32\Tasks\{D64C2172-9683-42AD-8555-73CF862B8F06} => pcalua.exe -a "C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0ZCJJL4\c1_bonus_teufelsinsel[1].exe" -d C:\Users\Ute\Desktop
Task: {9D245785-4BCE-4599-909A-4288886144A6} - System32\Tasks\{A068C69F-C221-4601-BDEF-067C8EE72437} => pcalua.exe -a "C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32YCHNZ3\KraeutergWikingerinGroenland_v2-1-0[1].exe" -d C:\Users\Ute\Desktop
Task: {ABCF425F-1515-49A3-BD10-B45D154C2B85} - System32\Tasks\advSRSIII => C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe [2009-03-11] ()
Task: {B0ECE529-7897-4BE0-B344-29BFBABD5EE2} - System32\Tasks\{FB52CB05-3A30-4002-ABAB-6D797FDD75D3} => pcalua.exe -a E:\setup.exe -d E:\
Task: {B58C9339-67B3-4424-A02B-31E8C8CA6140} - System32\Tasks\{D3383E7E-8CCD-49FC-9DA1-88CDC9D5B805} => pcalua.exe -a "C:\Users\Ute\Saved Games\MapperteamDerMeisterdieb_v2-1-2.exe" -d "C:\Users\Ute\Saved Games"
Task: {BD6AA34F-4839-455B-A927-A1BE582253C6} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2008-08-26] (Samsung Electronics Co., Ltd.)
Task: {BF14ECCE-D5F9-4FFA-9EAD-22841440DEF7} - System32\Tasks\{92999C05-0DD6-4462-801A-2166EAD75D19} => pcalua.exe -a "C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0ZCJJL4\Bonus_C1_Schlangenfluss[1].exe" -d C:\Users\Ute\Desktop
Task: {CDACB262-3097-4069-97AC-F1E929C8A871} - System32\Tasks\{B5E3924E-C3ED-4DE8-9311-F99B265AF501} => pcalua.exe -a C:\Windows\UbiSoft\SetupUbi.exe -d C:\Windows\UbiSoft -c -play rayman2
Task: {D217FBC2-F525-482F-A2B3-DAFAD43A906C} - System32\Tasks\{8D5AC651-81B0-4B88-AF51-E806D2D87D81} => pcalua.exe -a "C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWGLMU0P\KraeutergBeautifulWorld_v2-1-0[1].exe" -d C:\Users\Ute\Desktop
Task: {D47BB5DB-B061-4C3B-A93C-65F76F3C3C87} - System32\Tasks\{3C82C23A-3A19-49B3-B305-C768F1325792} => pcalua.exe -a "C:\Program Files\eGames\GameButler\gbrowser.exe" -d "C:\Program Files\eGames\GameButler"
Task: {E1B0D4B6-1FE2-44C3-BB2C-FE7DB7895890} - System32\Tasks\{4FC8DE94-0DC3-4CE7-B9DC-878CBC6B9661} => pcalua.exe -a "C:\Users\Ute\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UT96S05R\MapperteamSigurdUndDerKaiser_v2-1-0[1].exe" -d C:\Users\Ute\Desktop
Task: {E2B51B7C-59C4-43F7-BC8E-5CF6691533FF} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-03-13] (Samsung Electronics. Co. Ltd.)
Task: {E84FD642-6327-4FF0-A3AA-C0E1657E3A99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000Core => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11] (Google Inc.)
Task: {EC04A0AA-C1A8-4A41-BA8D-6BBC1515AFAB} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2011-11-28] (Veoh Networks)
Task: {F0794984-29E7-4E64-B814-9728B072B284} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-05-28] (Samsung Electronics Co., Ltd.)
Task: {F097A079-5DEC-4294-94EF-D0E2CF5E98A8} - System32\Tasks\{25DF7638-DC80-4086-8346-7F49D918FDFD} => pcalua.exe -a C:\Users\Ute\Documents\SeaBounty\maebheWintermaeuse_v2-1-0.exe -d C:\Users\Ute\Documents\SeaBounty
Task: {F78452E9-97C4-44F7-9BB7-F5B04C78DE07} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ute => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {F920EDBE-F12C-4CE3-872E-103C40A2B669} - System32\Tasks\{A3CBA11F-6984-4255-9911-808C2A597A9F} => pcalua.exe -a C:\Users\Ute\Documents\SeaBounty\RatinaZFrostigeHeimat_v2-1-0.exe -d C:\Users\Ute\Documents\SeaBounty
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000Core1cf90203bcaf9e2.job => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000Core1cfed7e8f27647.job => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000Core1cfff15c2bc780b.job => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000Core1d041b41fc10145.job => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000UA.job => C:\Users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3319244995-2461475978-946539677-1000.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\Windows\Tasks\ReclaimerResumeInstall_Ute.job => C:\Users\Ute\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{0A1A3F3F-E741-4716-89DA-54FD6F86772A}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) ==============
2008-12-24 13:29 - 2008-12-24 13:29 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2008-12-24 13:30 - 2008-12-24 13:30 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-08-25 15:51 - 2008-11-25 16:27 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2000-11-06 10:15 - 2000-11-06 10:15 - 00126976 _____ () C:\Program Files\Microsoft Office\Office10\intldate.dll
2015-04-18 14:53 - 2015-04-13 23:55 - 14980424 _____ () C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3319244995-2461475978-946539677-1000\...\elsteronline.de -> hxxps://www.elsteronline.de
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ute\Pictures\Bilder für Bildschirm\März 2014 002 bearb Ute.JPG
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Ute\Pictures\Bilder für Bildschirm\März 2014 002 bearb Ute.JPG
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Ute\Pictures\Bilder für Bildschirm\März 2014 002 bearb Ute.JPG
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Ute\Pictures\Bilder für Bildschirm\März 2014 002 bearb Ute.JPG
HKU\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Control Panel\Desktop\\Wallpaper -> C:\Users\Ute\Pictures\Bilder für Bildschirm\März 2014 002 bearb Ute.JPG
DNS Servers: 195.50.140.180 - 195.50.140.114
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3319244995-2461475978-946539677-500 - Administrator - Disabled)
Gast (S-1-5-21-3319244995-2461475978-946539677-501 - Limited - Disabled)
Ute (S-1-5-21-3319244995-2461475978-946539677-1000 - Administrator - Enabled) => C:\Users\Ute
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/23/2015 11:47:40 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={5BC0E34F-C805-44A6-B563-58DD0C2CAAAC}: Der Benutzer "Ute-PC\Ute" hat eine Verbindung mit dem Namen "ArcorOnline" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 815.
Error: (04/23/2015 00:51:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\UTE\DOCUMENTS\CFS\CFS UND ICH\SCHLAF U. ARBEIT 6 III.XLR> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (04/22/2015 00:00:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung veohwebplayer.exe, Version 1.3.8.1112, Zeitstempel 0x4ed38024, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4dff2959, Ausnahmecode 0xc0000005, Fehleroffset 0x00051ae6,
Prozess-ID 0x67c, Anwendungsstartzeit veohwebplayer.exe0.
Error: (04/21/2015 09:49:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2015 09:39:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2015 09:38:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/21/2015 07:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2015 07:27:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/21/2015 07:27:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/21/2015 04:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/28/2011 06:21:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 28.01.2011 um 17:20:12 unerwartet heruntergefahren.
Error: (01/28/2011 05:04:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SQL Server VSS Writer1
Error: (01/28/2011 05:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (01/28/2011 05:04:19 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (01/28/2011 05:03:15 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (01/28/2011 05:01:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman
Error: (01/28/2011 03:28:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SQL Server VSS Writer1
Error: (01/28/2011 03:28:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (01/28/2011 03:28:35 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (01/28/2011 03:27:19 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Microsoft Office Sessions:
=========================
Error: (04/23/2015 11:47:40 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {5BC0E34F-C805-44A6-B563-58DD0C2CAAAC}Ute-PC\UteArcorOnline815
Error: (04/23/2015 00:51:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\UTE\DOCUMENTS\CFS\CFS UND ICH\SCHLAF U. ARBEIT 6 III.XLR
Error: (04/22/2015 00:00:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: veohwebplayer.exe1.3.8.11124ed38024QtCore4.dll4.7.0.04dff2959c000000500051ae667c01d07c6c1addda24
Error: (04/21/2015 09:49:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2015 09:39:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2015 09:38:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
Error: (04/21/2015 07:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2015 07:27:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
Error: (04/21/2015 07:27:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
Error: (04/21/2015 04:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2015-04-23 16:42:26.246
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-23 16:42:25.869
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-23 16:42:25.505
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-23 16:42:25.086
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-23 16:42:24.420
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-23 16:42:23.998
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-23 16:42:23.485
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-23 16:42:23.066
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-23 16:41:49.483
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-23 16:41:49.050
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 58%
Total physical RAM: 3031.88 MB
Available physical RAM: 1256.42 MB
Total Pagefile: 6292.16 MB
Available Pagefile: 4116.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.14 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:169.88 GB) (Free:72.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:50 GB) (Free:30.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: D4BD9B58)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=169.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gleich geht es noch weiter ... Hier geht es weiter 2.Teil: 3. Gmer.txt-Logfile-Kopie: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-23 17:56:40
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925031 rev.0001 232,89GB
Running: d3tj1l52.exe; Driver: C:\Users\Ute\AppData\Local\Temp\uwldapow.sys
---- System - GMER 2.1 ----
SSDT 8D1F98E6 ZwCreateSection
SSDT 8D1F98BE ZwCreateSymbolicLinkObject
SSDT 8D1F98C3 ZwLoadDriver
SSDT 8D1F98B9 ZwOpenSection
SSDT 8D1F98F0 ZwRequestWaitReplyPort
SSDT 8D1F98EB ZwSetContextThread
SSDT 8D1F98F5 ZwSetSecurityObject
SSDT 8D1F98C8 ZwSetSystemInformation
SSDT 8D1F98FA ZwSystemDebugControl
SSDT 8D1F9887 ZwTerminateProcess
SSDT 8D1F9882 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!KeInsertQueue + 405 820799CC 4 Bytes [E6, 98, 1F, 8D]
.text ntoskrnl.exe!KeInsertQueue + 40D 820799D4 4 Bytes [BE, 98, 1F, 8D]
.text ntoskrnl.exe!KeInsertQueue + 56D 82079B34 4 Bytes [C3, 98, 1F, 8D]
.text ntoskrnl.exe!KeInsertQueue + 5ED 82079BB4 4 Bytes [B9, 98, 1F, 8D]
.text ntoskrnl.exe!KeInsertQueue + 729 82079CF0 4 Bytes [F0, 98, 1F, 8D]
.text ...
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xB6822580, 0x29E04, 0xE0000060]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[4448] ntdll.dll!TpCheckTerminateWorker + 56 77ACE90C 7 Bytes JMP 0706883C C:\Program Files\Emsisoft Anti-Malware\a2update.dll
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[4448] kernel32.dll!CreateEventExW + 7E 77C548DB 7 Bytes JMP 0706866C C:\Program Files\Emsisoft Anti-Malware\a2update.dll
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[4448] kernel32.dll!CreateFileW + 31E 77C5D16C 7 Bytes JMP 070181B4 C:\Program Files\Emsisoft Anti-Malware\a2update.dll
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtCreateFile 77AE7C78 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtCreateFile + 4 77AE7C7C 2 Bytes [86, 71]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtDeleteValueKey 77AE8098 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtDeleteValueKey + 4 77AE809C 2 Bytes [8C, 71]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtOpenFile 77AE8458 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtOpenFile + 4 77AE845C 2 Bytes [83, 71]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtOpenProcess 77AE84D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtOpenProcess + 4 77AE84DC 2 Bytes [89, 71]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtSetContextThread 77AE8AC8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtSetContextThread + 4 77AE8ACC 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtSetInformationFile 77AE8B88 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtSetInformationFile + 4 77AE8B8C 2 Bytes [80, 71]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtSetValueKey 77AE8CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[10252] ntdll.dll!NtSetValueKey + 4 77AE8CFC 2 Bytes [8F, 71]
.text C:\Windows\system32\wuauclt.exe[10252] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 77C331BD 4 Bytes JMP 71AF000A
.text C:\Windows\system32\wuauclt.exe[10252] kernel32.dll!CreateProcessInternalW 77C39AD0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[10252] kernel32.dll!CreateProcessInternalW + 4 77C39AD4 2 Bytes [7A, 71] {JP 0x73}
.text C:\Windows\system32\wuauclt.exe[10252] USER32.dll!SendInput 76F8BEE7 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[10252] USER32.dll!SendInput + 4 76F8BEEB 2 Bytes [A4, 71]
.text C:\Windows\system32\wuauclt.exe[10252] USER32.dll!SendMessageA 76F90459 6 Bytes JMP 71A2000A
.text C:\Windows\system32\wuauclt.exe[10252] USER32.dll!PostMessageA 76F911CE 6 Bytes JMP 719C000A
.text C:\Windows\system32\wuauclt.exe[10252] USER32.dll!PostMessageW 76F9A064 6 Bytes JMP 7199000A
.text C:\Windows\system32\wuauclt.exe[10252] USER32.dll!SendMessageW 76FA0AB1 6 Bytes JMP 719F000A
.text C:\Windows\system32\wuauclt.exe[10252] USER32.dll!mouse_event 76FB1305 6 Bytes JMP 71AB000A
.text C:\Windows\system32\wuauclt.exe[10252] USER32.dll!keybd_event 76FDD93C 6 Bytes JMP 71A8000A
.text C:\Windows\system32\wuauclt.exe[10252] ADVAPI32.dll!CreateServiceW 774338FF 6 Bytes JMP 7193000A
.text C:\Windows\system32\wuauclt.exe[10252] ADVAPI32.dll!CreateServiceA 77476C71 6 Bytes JMP 7196000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtCreateFile 77AE7C78 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtCreateFile + 4 77AE7C7C 2 Bytes [86, 71]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtDeleteValueKey 77AE8098 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtDeleteValueKey + 4 77AE809C 2 Bytes [8C, 71]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtOpenFile 77AE8458 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtOpenFile + 4 77AE845C 2 Bytes [83, 71]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtOpenProcess 77AE84D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtOpenProcess + 4 77AE84DC 2 Bytes [89, 71]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtSetContextThread 77AE8AC8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtSetContextThread + 4 77AE8ACC 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtSetInformationFile 77AE8B88 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtSetInformationFile + 4 77AE8B8C 2 Bytes [80, 71]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtSetValueKey 77AE8CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ntdll.dll!NtSetValueKey + 4 77AE8CFC 2 Bytes [8F, 71]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 77C331BD 4 Bytes JMP 71AF000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] kernel32.dll!SetUnhandledExceptionFilter 77C3700D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] kernel32.dll!CreateProcessInternalW 77C39AD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] kernel32.dll!CreateProcessInternalW + 4 77C39AD4 2 Bytes [7A, 71] {JP 0x73}
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] USER32.dll!SendInput 76F8BEE7 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] USER32.dll!SendInput + 4 76F8BEEB 2 Bytes [A4, 71]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] USER32.dll!SendMessageA 76F90459 6 Bytes JMP 71A2000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] USER32.dll!PostMessageA 76F911CE 6 Bytes JMP 719C000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] USER32.dll!PostMessageW 76F9A064 6 Bytes JMP 7199000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] USER32.dll!SendMessageW 76FA0AB1 6 Bytes JMP 719F000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] USER32.dll!mouse_event 76FB1305 6 Bytes JMP 71AB000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] USER32.dll!keybd_event 76FDD93C 6 Bytes JMP 71A8000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ADVAPI32.dll!CreateServiceW 774338FF 6 Bytes JMP 7193000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] ADVAPI32.dll!CreateServiceA 77476C71 6 Bytes JMP 7196000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] WS2_32.dll!connect 774C40D9 6 Bytes JMP 7178000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] WS2_32.dll!WSALookupServiceBeginW 774C4E93 6 Bytes JMP 716F000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] WS2_32.dll!listen 774C8CD7 6 Bytes JMP 7172000A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10896] WS2_32.dll!WSAConnect 774CD7B0 6 Bytes JMP 7175000A
.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[15900] ntdll.dll!TpCheckTerminateWorker + 56 77ACE90C 7 Bytes JMP 02B6CA84 C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2framework.dll
.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[15900] kernel32.dll!CreateEventExW + 7E 77C548DB 7 Bytes JMP 02B6C8B4 C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2framework.dll
.text C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe[15900] kernel32.dll!CreateFileW + 31E 77C5D16C 7 Bytes JMP 02B1860C C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2framework.dll
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtCreateFile 77AE7C78 3 Bytes [FF, 25, 1E]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtCreateFile + 4 77AE7C7C 2 Bytes [86, 71]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtDeleteValueKey 77AE8098 3 Bytes [FF, 25, 1E]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtDeleteValueKey + 4 77AE809C 2 Bytes [8C, 71]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtOpenFile 77AE8458 3 Bytes [FF, 25, 1E]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtOpenFile + 4 77AE845C 2 Bytes [83, 71]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtOpenProcess 77AE84D8 3 Bytes [FF, 25, 1E]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtOpenProcess + 4 77AE84DC 2 Bytes [89, 71]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtSetContextThread 77AE8AC8 3 Bytes [FF, 25, 1E]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtSetContextThread + 4 77AE8ACC 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtSetInformationFile 77AE8B88 3 Bytes [FF, 25, 1E]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtSetInformationFile + 4 77AE8B8C 2 Bytes [80, 71]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtSetValueKey 77AE8CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ntdll.dll!NtSetValueKey + 4 77AE8CFC 2 Bytes [8F, 71]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 77C331BD 4 Bytes JMP 71AF000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] kernel32.dll!CreateProcessInternalW 77C39AD0 3 Bytes [FF, 25, 1E]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] kernel32.dll!CreateProcessInternalW + 4 77C39AD4 2 Bytes [7A, 71] {JP 0x73}
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] USER32.dll!SendInput 76F8BEE7 3 Bytes [FF, 25, 1E]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] USER32.dll!SendInput + 4 76F8BEEB 2 Bytes [A4, 71]
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] USER32.dll!SendMessageA 76F90459 6 Bytes JMP 71A2000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] USER32.dll!PostMessageA 76F911CE 6 Bytes JMP 719C000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] USER32.dll!PostMessageW 76F9A064 6 Bytes JMP 7199000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] USER32.dll!SendMessageW 76FA0AB1 6 Bytes JMP 719F000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] USER32.dll!mouse_event 76FB1305 6 Bytes JMP 71AB000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] USER32.dll!keybd_event 76FDD93C 6 Bytes JMP 71A8000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ADVAPI32.dll!CreateServiceW 774338FF 6 Bytes JMP 7193000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] ADVAPI32.dll!CreateServiceA 77476C71 6 Bytes JMP 7196000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] WS2_32.dll!connect 774C40D9 6 Bytes JMP 7178000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] WS2_32.dll!WSALookupServiceBeginW 774C4E93 6 Bytes JMP 716F000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] WS2_32.dll!listen 774C8CD7 6 Bytes JMP 7172000A
.text C:\Users\Ute\Downloads\d3tj1l52.exe[20644] WS2_32.dll!WSAConnect 774CD7B0 6 Bytes JMP 7175000A
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 8464BD90
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
4. Letzte Scan-Ergebnisse mit Funden Scan mit ESET onlinescanner am 22.4.2015 über Mittag (Alle aus Quarantäne gelöscht! Kam der Trojaner über Veho (wegen C:\Program Files\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe Win32/Toolbar.Conduit) ?) Code:
ATTFilter C:\Program Files\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Program Files\Conduit\Community Alerts\Alert0.dll Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Program Files\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Ute\AppData\Local\Conduit\APISupport\APISupport.dll Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Ute\Documents\zu Spielen u. Sonstiges\VeohWebPlayer122Setup_eng.exe Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Ute\Videos\Veoh\1157_VeohWebPlayerSetup_other_upgrade.exe Win32/Toolbar.Conduit.M evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Ute\Videos\Veoh\1_VeohWebPlayerSetup_other_upgrade.exe Win32/Toolbar.Zugo evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Ute\Videos\Veoh\VeohWebPlayerSetup_other_upgrade.exe Win32/Toolbar.Zugo evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
Scan mit Emsisoft Anti-Malware. Das Programm blieb bei 67 % des Datei-Scans stecken. Bei einem weiteren, vollständigen Suchlauf wurde aber nichts Zusätzliches gefunden. Einiges, das eindeutig mit Conduit oder SearchProtect in Verbindung stand, habe ich schon aus der Quarantäne gelöscht. Bei Folgendem bin ich mir aber nicht sicher, habe ich dringelassen in der Quarantäne: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader gefunden: Application.AdStart (A) C:\ProgramData\ytd video downloader gefunden: Application.AppInstall (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 gefunden: Application.AdReg (A) Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> VEOHPLUGIN gefunden: Application.AdStart (A) Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> VEOHPLUGIN gefunden: Application.AdStart (A) Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> VEOHPLUGIN gefunden: Application.AdStart (A) (Die von EMSI in der Avira-Quarantäne gefundenen Sachen waren ca. zwei Jahre alt … ich hatte mich damals nicht getraut, sie ganz zu löschen  …)Logfiles der EMSI Anti-Malware-Scans: Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0
Letztes Update: 22.04.2015 16:08:29
Benutzerkonto: Ute-PC\Ute
Scan-Einstellungen:
Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 22.04.2015 16:09:58
C:\Program Files\Conduit gefunden: Application.AppInstall (A)
C:\Program Files\Searchprotect gefunden: Application.AppInstall (A)
C:\Users\Ute\AppData\Roaming\Searchprotect gefunden: Application.AppInstall (A)
C:\Users\Ute\AppData\Roaming\Searchprotect gefunden: Application.AppInstall (A)
C:\Users\Ute\AppData\Roaming\Searchprotect gefunden: Application.AppInstall (A)
C:\Users\Ute\AppData\Local\Conduit gefunden: Application.AppInstall (A)
C:\Users\Ute\AppData\Local\Conduit gefunden: Application.AppInstall (A)
C:\Users\Ute\AppData\Local\Conduit gefunden: Application.AppInstall (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader gefunden: Application.AdStart (A)
C:\ProgramData\ytd video downloader gefunden: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\SOFTWARE\CONDUIT gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\CONDUIT gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CONDUIT gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 gefunden: Application.AdReg (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> VEOHPLUGIN gefunden: Application.AdStart (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> VEOHPLUGIN gefunden: Application.AdStart (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> VEOHPLUGIN gefunden: Application.AdStart (A)
C:\ProgramData\Avira\Antivirus\INFECTED\4e3ef3db.qua -> (Quarantine-8) gefunden: Trojan.Generic.12317037 (B)
C:\ProgramData\Avira\Antivirus\INFECTED\50d55fd5.qua -> (Quarantine-8) gefunden: Trojan.Generic.12317037 (B)
C:\ProgramData\Avira\Antivirus\INFECTED\568ed276.qua -> (Quarantine-8) gefunden: Trojan.Generic.12317037 (B)
C:\ProgramData\Avira\Antivirus\INFECTED\56a9d9d4.qua -> (Quarantine-8) gefunden: Trojan.Generic.12317037 (B)
Gescannt 147436
Gefunden 24
Scan-Ende: 22.04.2015 17:34:37
Scan-Zeit: 1:24:39
Hat sich nach 67% der Dateien „aufgehängt“
Emsisoft Anti-Malware - Version 9.0
Letztes Update: 22.04.2015 18:09:05
Benutzerkonto: Ute-PC\Ute
Scan-Einstellungen:
Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 22.04.2015 18:13:12
Gescannt 298167
Gefunden 0
Scan-Ende: 22.04.2015 21:12:20
Scan-Zeit: 2:59:08
RKill – Logfile (Hosts-perm.bat habe ich probiert, der bekam aber offensichtlich keinen Zugriff): Code:
ATTFilter Rkill 2.7.0 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/23/2015 11:53:55 AM in x86 mode.
Windows Version: Windows Vista (TM) Home Basic Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: hxxp://www.bleepingcomputer.com/download/hosts-permbat/
* HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
Program finished at: 04/23/2015 11:55:40 AM
Execution time: 0 hours(s), 1 minute(s), and 45 seconds(s)
Code:
ATTFilter RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
Mail : hxxp://www.adlice.com/contact/
Feedback : hxxp://forum.adlice.com
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://www.adlice.com
Betriebssystem : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
gestarted in : normaler Modus
User : Ute [Administrator]
Started from : c:\Users\Ute\Documents\RogueKiller_bundle_10.6[1]\RogueKiller.exe
Modus : Scannen -- Datum : 04/23/2015 15:36:17
¤¤¤ Prozesse : 0 ¤¤¤
¤¤¤ Registry : 24 ¤¤¤
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.arcor.de -> Gefunden
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.arcor.de -> Gefunden
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.arcor.de -> Gefunden
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.arcor.de -> Gefunden
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.arcor.de -> Gefunden
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.arcor.de -> Gefunden
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.arcor.de -> Gefunden
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Gefunden
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Gefunden
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Gefunden
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Gefunden
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Gefunden
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Gefunden
¤¤¤ Aufgaben : 0 ¤¤¤
¤¤¤ Dateien : 0 ¤¤¤
¤¤¤ Host Dateien : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 2 (Driver: geladen) ¤¤¤
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8d1f990e
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8d1f9913
¤¤¤ Web Browser : 0 ¤¤¤
¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: ST9250315AS +++++
--- User ---
[MBR] 878857e21ffee71d492207ab3c5df340
[BSP] 01a1ee4cb5dea573b534737dec1835d1 : Kiwi|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27265024 | Size: 173959 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 383533056 | Size: 51202 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04212015_225552.log - RKreport_DEL_04212015_232215.log
Undine |
|
24.04.2015, 13:11
| #4 |
| /// the machine /// TB-Ausbilder | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.04.2015, 00:45
| #5 |
| | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Hallo schrauber, Folgendes habe ich schon erledigt: Revo Uninstaller: - FlodderOnceUponATime 2-1-0 gelöscht (= Map von Spiel Cultures Saga, also inclusive Cultures Saga und zugehörigen Maps) - YTD Video Downloader 4.0 gelöscht (wechselte zum normalen Uninstall und fand danach auch keine Reste) Danach erstmal die wichtigsten Daten (wichtigsten Word-Dokumente, Bilder und Musik) auf USB-Stick gesichert. – Frage: Wie hoch ist das Risiko, dass ich dort nun etwas von den Trojanern mit drauf habe? – EMSI meldete er würde USB-Sticks automatisch mit überprüfen) Probleme bezüglich Combofix : Ich weiß nicht, wie ich die EMSI- Antivirensoftware deaktivieren kann. Ich hatte das ja gestern schon versucht. Einzige Idee, unter Einstellungen alle Häkchen zu entfernen, gestern meldete er dann trotzdem noch etwas. Nachdem ich den Computer aus hatte, kann ich heute Avira wieder manuell deaktivieren (Updates funktionieren aber immer noch nicht). Ein Zusätzliches Problem ist aufgetreten: Nach Neustart (Boot) komm auf dem Bildschirm dann die Meldung vom Windows Defender: „Fehler bei Anwendungsinitialisierung 0x800106ba. Der Dienst dieses Programms wurde aufgrund eines Problems angehalten. … Auch manuell bekomme ich jedes Mal eine Fehlermeldung, wenn ich den Windows Defender in der Systemsteuerung anklicke. … momentan ist vielleicht erstmal am wichtigsten, wie ich Emsisoft Antimalware deaktivieren kann. Herzlichen Dank Undine Nochmal hallo! Inzwischen habe ich die Anleitung zur Deaktivierung von EMSI in der Anleitung zu Combofix gefunden und Combofix ausgeführt. Klappte alles inklusive Systemneustart. Aber nun finde ich das Logfile nicht, nicht unter C:/Combofix.txt ... Ich konnte beim Downloaden über Google Chrome keinen Einfluss auf den Ort der Installation nehmen ... da gab's nur "öffnen" ... vielleicht deshalb? Was soll ich nun machen? Deinstallieren und neu über den Internetexplorer downloaden? Oder kann ich das Logfile doch irgendwie finden? Ich sehe auch nicht, wohin Combofix installiert wurde, unter "Desktop" jedenfalls nicht ... Herzliche Grüße Undine 3. Anlauf Diesmal hat es funktioniert. Konnte Combofix nach der Anleitung von bleepingcomputer problemlos deinstallieren und habe das Downloaden dann über den Internetexplorer wiederholt ... Hier ist nun die Logdatei von Combofix: Code:
ATTFilter ComboFix 15-04-19.01 - Ute 25.04.2015 0:43.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.49.1031.18.3032.2004 [GMT 2:00]
ausgeführt von:: c:\users\Ute\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Ute\Documents\~WRL0044.tmp
c:\users\Ute\Documents\~WRL0158.tmp
c:\users\Ute\Documents\~WRL0379.tmp
c:\users\Ute\Documents\~WRL0622.tmp
c:\users\Ute\Documents\~WRL0729.tmp
c:\users\Ute\Documents\~WRL1013.tmp
c:\users\Ute\Documents\~WRL1268.tmp
c:\users\Ute\Documents\~WRL1490.tmp
c:\users\Ute\Documents\~WRL1547.tmp
c:\users\Ute\Documents\~WRL1836.tmp
c:\users\Ute\Documents\~WRL1869.tmp
c:\users\Ute\Documents\~WRL1893.tmp
c:\users\Ute\Documents\~WRL1909.tmp
c:\users\Ute\Documents\~WRL1948.tmp
c:\users\Ute\Documents\~WRL2219.tmp
c:\users\Ute\Documents\~WRL2225.tmp
c:\users\Ute\Documents\~WRL2341.tmp
c:\users\Ute\Documents\~WRL2342.tmp
c:\users\Ute\Documents\~WRL2704.tmp
c:\users\Ute\Documents\~WRL2705.tmp
c:\users\Ute\Documents\~WRL2840.tmp
c:\users\Ute\Documents\~WRL2908.tmp
c:\users\Ute\Documents\~WRL2909.tmp
c:\users\Ute\Documents\~WRL2981.tmp
c:\users\Ute\Documents\~WRL3007.tmp
c:\users\Ute\Documents\~WRL3109.tmp
c:\users\Ute\Documents\~WRL3221.tmp
c:\users\Ute\Documents\~WRL3412.tmp
c:\users\Ute\Documents\~WRL3433.tmp
c:\users\Ute\Documents\~WRL3543.tmp
c:\users\Ute\Documents\~WRL3601.tmp
c:\users\Ute\Documents\~WRL3608.tmp
c:\users\Ute\Documents\~WRL3656.tmp
c:\users\Ute\Documents\~WRL3697.tmp
c:\users\Ute\Documents\~WRL3866.tmp
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-24 bis 2015-04-24 ))))))))))))))))))))))))))))))
.
.
2015-04-24 23:02 . 2015-04-24 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-24 13:04 . 2015-04-24 13:04 -------- d-----w- c:\program files\VS Revo Group
2015-04-23 14:40 . 2015-04-23 14:44 -------- d-----w- C:\FRST
2015-04-22 15:34 . 2015-04-22 15:34 -------- d-----w- c:\programdata\Emsisoft
2015-04-22 13:43 . 2015-03-23 21:17 111368 ----a-w- c:\windows\system32\drivers\epp32.sys
2015-04-22 13:43 . 2015-04-24 23:06 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2015-04-22 00:13 . 2015-04-22 00:31 -------- d-----w- c:\programdata\SecTaskMan
2015-04-21 22:02 . 2015-04-21 22:02 -------- d-----w- c:\users\Ute\AppData\Local\CrashDumps
2015-04-21 13:48 . 2015-04-23 13:25 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-21 13:48 . 2015-04-21 18:15 -------- d-----w- c:\programdata\RogueKiller
2015-04-21 10:24 . 2015-04-21 10:24 -------- d-----w- C:\TDSSKiller_Quarantine
2015-04-19 12:34 . 2015-04-23 19:38 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-19 12:33 . 2015-04-19 12:33 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2015-04-19 12:33 . 2015-04-19 12:33 -------- d-----w- c:\programdata\Malwarebytes
2015-04-19 12:33 . 2015-04-14 07:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-19 12:33 . 2015-04-14 07:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-19 12:33 . 2015-04-14 07:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-10 16:51 . 2015-04-11 00:11 -------- d-----w- c:\users\Ute\meine Lernkartei
2015-04-10 16:30 . 2015-04-10 19:22 -------- d-----w- c:\users\Ute\Tutorial
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-04 06:39 . 2015-04-24 16:55 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F15E9059-15B9-46EE-A7D3-92EA40194D02}\mpengine.dll
2015-03-04 11:10 . 2013-07-29 10:35 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-03-04 11:10 . 2013-07-29 10:35 105864 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-02-24 02:23 . 2009-11-24 19:44 246920 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3DFCDCA1-AEAC-4302-A690-BFB683568BAA}]
2013-10-29 15:40 334208 ----a-w- c:\program files\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-21 7420448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-03-12 210216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-21 1833504]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-07-01 295512]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-03-31 726320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2015-03-23 4886608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2005-3-30 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3319244995-2461475978-946539677-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2015-03-23 5020520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000Core1cf90203bcaf9e2.job
- c:\users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 18:55]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000Core1cfed7e8f27647.job
- c:\users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 18:55]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000Core1cfff15c2bc780b.job
- c:\users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 18:55]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000Core1d041b41fc10145.job
- c:\users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 18:55]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319244995-2461475978-946539677-1000UA.job
- c:\users\Ute\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 18:55]
.
2015-03-27 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3319244995-2461475978-946539677-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 10:45]
.
2014-09-25 c:\windows\Tasks\ReclaimerResumeInstall_Ute.job
- c:\users\Ute\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-25 23:30]
.
2013-08-22 c:\windows\Tasks\User_Feed_Synchronization-{0A1A3F3F-E741-4716-89DA-54FD6F86772A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
mStart Page = hxxp://www.arcor.de
mWindow Title = Arcor AG & Co. KG
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: elsteronline.de\www
TCP: Interfaces\{824E9391-11B3-4B2A-BE79-7BBD70356A5D}: NameServer = 195.50.140.180 195.50.140.114
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Arcor Online - (no file)
AddRemove-'Cultures Saga' - c:\windows\IsUn0407.exe
AddRemove-AbenteuerInMirquidiMapperteam - c:\program files\CulturesSaga\uninstalAbenteuerInMirquidiMapperteam.exe
AddRemove-AlixCatanlogik - c:\program files\CulturesSaga\uninstalAlixCatanlogik.exe
AddRemove-AlixDerletzteBaum - c:\program files\CulturesSaga\uninstalAlixDerletzteBaum.exe
AddRemove-AlixDie10Schwestern - c:\program files\CulturesSaga\uninstalAlixDie10Schwestern.exe
AddRemove-AlixDieDrittePisastudie - c:\program files\CulturesSaga\uninstalAlixDieDrittePisastudie.exe
AddRemove-AlixDiePerlenkette - c:\program files\CulturesSaga\uninstalAlixDiePerlenkette.exe
AddRemove-AlixDieVerbannung - c:\program files\CulturesSaga\uninstalAlixDieVerbannung.exe
AddRemove-AlixDieZweitePisastudie - c:\program files\CulturesSaga\uninstalAlixDieZweitePisastudie.exe
AddRemove-AlixEinigkeit - c:\program files\CulturesSaga\uninstalAlixEinigkeit.exe
AddRemove-AlixEinPiratenleben - c:\program files\CulturesSaga\uninstalAlixEinPiratenleben.exe
AddRemove-AlixFerienlager - c:\program files\CulturesSaga\uninstalAlixFerienlager.exe
AddRemove-AlixGarion1 - c:\program files\CulturesSaga\uninstalAlixGarion1.exe
AddRemove-AlixGarion2 - c:\program files\CulturesSaga\uninstalAlixGarion2.exe
AddRemove-AlixGarion3 - c:\program files\CulturesSaga\uninstalAlixGarion3.exe
AddRemove-AlixGarion4 - c:\program files\CulturesSaga\uninstalAlixGarion4.exe
AddRemove-AlixGarion5 - c:\program files\CulturesSaga\uninstalAlixGarion5.exe
AddRemove-AlixGarion6 - c:\program files\CulturesSaga\uninstalAlixGarion6.exe
AddRemove-AlixGarion7 - c:\program files\CulturesSaga\uninstalAlixGarion7.exe
AddRemove-AlixGespaltenesLand - c:\program files\CulturesSaga\uninstalAlixGespaltenesLand.exe
AddRemove-AlixHochzeit - c:\program files\CulturesSaga\uninstalAlixHochzeit.exe
AddRemove-AlixLogikhochzeiten - c:\program files\CulturesSaga\uninstalAlixLogikhochzeiten.exe
AddRemove-AlixMeisterdruide - c:\program files\CulturesSaga\uninstalAlixMeisterdruide.exe
AddRemove-AlixMorgana1 - c:\program files\CulturesSaga\uninstalAlixMorgana1.exe
AddRemove-AlixMorgana2 - c:\program files\CulturesSaga\uninstalAlixMorgana2.exe
AddRemove-AlixMorgana3 - c:\program files\CulturesSaga\uninstalAlixMorgana3.exe
AddRemove-AlixMorgana4 - c:\program files\CulturesSaga\uninstalAlixMorgana4.exe
AddRemove-AlixMorgana5 - c:\program files\CulturesSaga\uninstalAlixMorgana5.exe
AddRemove-AlixMorgana6 - c:\program files\CulturesSaga\uninstalAlixMorgana6.exe
AddRemove-AlixNeueInseln - c:\program files\CulturesSaga\uninstalAlixNeueInseln.exe
AddRemove-AlixOstern08Freitag - c:\program files\CulturesSaga\uninstalAlixOstern08Freitag.exe
AddRemove-AlixPisastudie - c:\program files\CulturesSaga\uninstalAlixPisastudie.exe
AddRemove-AlixPossibilities3 - c:\program files\CulturesSaga\uninstalAlixPossibilities3.exe
AddRemove-AlixStreithammel - c:\program files\CulturesSaga\uninstalAlixStreithammel.exe
AddRemove-AlixSturmflu - c:\program files\CulturesSaga\uninstalAlixSturmflu.exe
AddRemove-AlixVulkanausbruch - c:\program files\CulturesSaga\uninstalAlixVulkanausbruch.exe
AddRemove-AlixWege1 - c:\program files\CulturesSaga\uninstalAlixWege1.exe
AddRemove-AlixWege2 - c:\program files\CulturesSaga\uninstalAlixWege2.exe
AddRemove-AlixWege3 - c:\program files\CulturesSaga\uninstalAlixWege3.exe
AddRemove-AlixWeihnachts-b-engel - c:\program files\CulturesSaga\uninstalAlixWeihnachts-b-engel.exe
AddRemove-AlixWeihnachtslogik - c:\program files\CulturesSaga\uninstalAlixWeihnachtslogik.exe
AddRemove-AlixWeihnachtslogistik - c:\program files\CulturesSaga\uninstalAlixWeihnachtslogistik.exe
AddRemove-AlixWeihnachtsproduktion - c:\program files\CulturesSaga\uninstalAlixWeihnachtsproduktion.exe
AddRemove-AlixWeihversandhandel - c:\program files\CulturesSaga\uninstalAlixWeihversandhandel.exe
AddRemove-angeldragonZweiBrueder - c:\program files\CulturesSaga\uninstalangeldragonZweiBrueder.exe
AddRemove-AnguaEasterbunnysearch - c:\program files\CulturesSaga\uninstalAnguaEasterbunnysearch.exe
AddRemove-AnguaTommyDesertTrading - c:\program files\CulturesSaga\uninstalAnguaTommyDesertTrading.exe
AddRemove-AnguaTommyLibellulesKindergarden - c:\program files\CulturesSaga\uninstalAnguaTommyLibellulesKindergarden.exe
AddRemove-AnguaTommyTradingEmpire - c:\program files\CulturesSaga\uninstalAnguaTommyTradingEmpire.exe
AddRemove-AnguaTommyVikingsRecipe - c:\program files\CulturesSaga\uninstalAnguaTommyVikingsRecipe.exe
AddRemove-AnonymusDerTraeumer - c:\program files\CulturesSaga\uninstalAnonymusDerTraeumer.exe
AddRemove-AnonymusNeueHeimat - c:\program files\CulturesSaga\uninstalAnonymusNeueHeimat.exe
AddRemove-AntheaAufDerWalz - c:\program files\CulturesSaga\uninstalAntheaAufDerWalz.exe
AddRemove-AntheaDieEntscheidung - c:\program files\CulturesSaga\uninstalAntheaDieEntscheidung.exe
AddRemove-AntheaDuerre - c:\program files\CulturesSaga\uninstalAntheaDuerre.exe
AddRemove-AntheaFroheOstern - c:\program files\CulturesSaga\uninstalAntheaFroheOstern.exe
AddRemove-AntheaSilbermonBeMyValentine - c:\program files\CulturesSaga\uninstalAntheaSilbermonBeMyValentine.exe
AddRemove-AntheaSilbermonRobinson - c:\program files\CulturesSaga\uninstalAntheaSilbermonRobinson.exe
AddRemove-AntheaWintereinbruch - c:\program files\CulturesSaga\uninstalAntheaWintereinbruch.exe
AddRemove-basssChainOfLife - c:\program files\CulturesSaga\uninstalbasssChainOfLife.exe
AddRemove-basssValleyoftheTribes - c:\program files\CulturesSaga\uninstalbasssValleyoftheTribes.exe
AddRemove-Bjarni2Einsiedler - c:\program files\CulturesSaga\uninstalBjarni2Einsiedler.exe
AddRemove-BjarniLakeDistrictMP - c:\program files\CulturesSaga\uninstalBjarniLakeDistrictMP.exe
AddRemove-BjarniLakeDistrictSP - c:\program files\CulturesSaga\uninstalBjarniLakeDistrictSP.exe
AddRemove-BuffaloFliegendeWildsau - c:\program files\CulturesSaga\uninstalBuffaloFliegendeWildsau.exe
AddRemove-CarlieVonSchwedSkaergaerden - c:\program files\CulturesSaga\uninstalCarlieVonSchwedSkaergaerden.exe
AddRemove-Catan - c:\windows\IsUn0407.exe
AddRemove-ChavaDieBlaueLagune - c:\program files\CulturesSaga\uninstalChavaDieBlaueLagune.exe
AddRemove-CobaReisezumMPderErde1 - c:\program files\CulturesSaga\uninstalCobaReisezumMPderErde1.exe
AddRemove-CobaReisezumMPderErde2 - c:\program files\CulturesSaga\uninstalCobaReisezumMPderErde2.exe
AddRemove-CobaReisezumMPderErde3 - c:\program files\CulturesSaga\uninstalCobaReisezumMPderErde3.exe
AddRemove-CobaReisezumMPderErde4 - c:\program files\CulturesSaga\uninstalCobaReisezumMPderErde4.exe
AddRemove-CobaReisezumMPderErde5 - c:\program files\CulturesSaga\uninstalCobaReisezumMPderErde5.exe
AddRemove-ConanFrohesFest - c:\program files\CulturesSaga\uninstalConanFrohesFest.exe
AddRemove-crassusAK2012PostVonRuprecht - c:\program files\CulturesSaga\uninstalcrassusAK2012PostVonRuprecht.exe
AddRemove-CrassusDieHeimkehr - c:\program files\CulturesSaga\uninstalCrassusDieHeimkehr.exe
AddRemove-CrassusFrau gesucht - c:\program files\CulturesSaga\uninstalCrassusFrau gesucht.exe
AddRemove-CrassusTaugenichts - c:\program files\CulturesSaga\uninstalCrassusTaugenichts.exe
AddRemove-CrassusWuestenwikinger - c:\program files\CulturesSaga\uninstalCrassusWuestenwikinger.exe
AddRemove-CrocutaSonnenland - c:\program files\CulturesSaga\uninstalCrocutaSonnenland.exe
AddRemove-CultiSilberDerKleineHobbit1 - c:\program files\CulturesSaga\uninstalCultiSilberDerKleineHobbit1.exe
AddRemove-CultiSilberDerKleineHobbit2 - c:\program files\CulturesSaga\uninstalCultiSilberDerKleineHobbit2.exe
AddRemove-CultiSilberDerKleineHobbit3 - c:\program files\CulturesSaga\uninstalCultiSilberDerKleineHobbit3.exe
AddRemove-CultiSilberDerKleineHobbit4 - c:\program files\CulturesSaga\uninstalCultiSilberDerKleineHobbit4.exe
AddRemove-CultiSilberDerKleineHobbit5 - c:\program files\CulturesSaga\uninstalCultiSilberDerKleineHobbit5.exe
AddRemove-CultiSilberDerKleineHobbit6 - c:\program files\CulturesSaga\uninstalCultiSilberDerKleineHobbit6.exe
AddRemove-CultiSilberDerKleineHobbit7 - c:\program files\CulturesSaga\uninstalCultiSilberDerKleineHobbit7.exe
AddRemove-CultiSilberDerKleineHobbit8 - c:\program files\CulturesSaga\uninstalCultiSilberDerKleineHobbit8.exe
AddRemove-Cultures - c:\windows\IsUn0407.exe
AddRemove-Cultures - Die Entdeckung Vinlands - c:\windows\IsUn0407.exe
AddRemove-CulturianerCultureshausen001 - c:\program files\CulturesSaga\uninstalCulturianerCultureshausen001.exe
AddRemove-CulturianerCultureshausen002 - c:\program files\CulturesSaga\uninstalCulturianerCultureshausen002.exe
AddRemove-CulturianerCultureshausen003 - c:\program files\CulturesSaga\uninstalCulturianerCultureshausen003.exe
AddRemove-CulturianerCultureshausen004 - c:\program files\CulturesSaga\uninstalCulturianerCultureshausen004.exe
AddRemove-CulturianerCultureshausen005 - c:\program files\CulturesSaga\uninstalCulturianerCultureshausen005.exe
AddRemove-Dajana84LibEaPMaerchenland - c:\program files\CulturesSaga\uninstalDajana84LibEaPMaerchenland.exe
AddRemove-DECAdry Express Business Cards 3 - c:\windows\IsUn0407.exe
AddRemove-DistelfinkEismeerAdvent - c:\program files\CulturesSaga\uninstalDistelfinkEismeerAdvent.exe
AddRemove-DistelfinkGrandauntGreta - c:\program files\CulturesSaga\uninstalDistelfinkGrandauntGreta.exe
AddRemove-dodieDerFreund - c:\program files\CulturesSaga\uninstaldodieDerFreund.exe
AddRemove-EngelastraFeentaler - c:\program files\CulturesSaga\uninstalEngelastraFeentaler.exe
AddRemove-EngelastraOsternInGefahr - c:\program files\CulturesSaga\uninstalEngelastraOsternInGefahr.exe
AddRemove-FiereDoveTheMaze - c:\program files\CulturesSaga\uninstalFiereDoveTheMaze.exe
AddRemove-FlodderBoesesErwachen - c:\program files\CulturesSaga\uninstalFlodderBoesesErwachen.exe
AddRemove-FlodderDEV1Aufbruch - c:\program files\CulturesSaga\uninstalFlodderDEV1Aufbruch.exe
AddRemove-FlodderDEV2Helluland - c:\program files\CulturesSaga\uninstalFlodderDEV2Helluland.exe
AddRemove-FlodderDEV3Markland - c:\program files\CulturesSaga\uninstalFlodderDEV3Markland.exe
AddRemove-FlodderDEV4Vinland - c:\program files\CulturesSaga\uninstalFlodderDEV4Vinland.exe
AddRemove-FloPechMussManHaben1 - c:\program files\CulturesSaga\uninstalFloPechMussManHaben1.exe
AddRemove-FloPechMussManHaben2 - c:\program files\CulturesSaga\uninstalFloPechMussManHaben2.exe
AddRemove-FreyaBoloBolo - c:\program files\CulturesSaga\uninstalFreyaBoloBolo.exe
AddRemove-Herz77Waldschule - c:\program files\CulturesSaga\uninstalHerz77Waldschule.exe
AddRemove-HubergerDasAmulett - c:\program files\CulturesSaga\uninstalHubergerDasAmulett.exe
AddRemove-HubergerKalterNorden - c:\program files\CulturesSaga\uninstalHubergerKalterNorden.exe
AddRemove-HubergerVerfeindeteBrueder - c:\program files\CulturesSaga\uninstalHubergerVerfeindeteBrueder.exe
AddRemove-ImperatorchenWieAllesBegann - c:\program files\CulturesSaga\uninstalImperatorchenWieAllesBegann.exe
AddRemove-IrmchenFreundschaft - c:\program files\CulturesSaga\uninstalIrmchenFreundschaft.exe
AddRemove-IrmchenHubergerAmbush - c:\program files\CulturesSaga\uninstalIrmchenHubergerAmbush.exe
AddRemove-IrmchenHubergerFriedensmelodie - c:\program files\CulturesSaga\uninstalIrmchenHubergerFriedensmelodie.exe
AddRemove-IrmchenKundschafterPauli - c:\program files\CulturesSaga\uninstalIrmchenKundschafterPauli.exe
AddRemove-IrmchenRaubritter - c:\program files\CulturesSaga\uninstalIrmchenRaubritter.exe
AddRemove-IronBjarniDasCulturesWintermaerchen - c:\program files\CulturesSaga\uninstalIronBjarniDasCulturesWintermaerchen.exe
AddRemove-IronCedriDasSchneehorn - c:\program files\CulturesSaga\uninstalIronCedriDasSchneehorn.exe
AddRemove-IronMaebheOk09Donnerstag - c:\program files\CulturesSaga\uninstalIronMaebheOk09Donnerstag.exe
AddRemove-JamalGoldsonne - c:\program files\CulturesSaga\uninstalJamalGoldsonne.exe
AddRemove-JamalHilfestellung - c:\program files\CulturesSaga\uninstalJamalHilfestellung.exe
AddRemove-JamalKaertchen - c:\program files\CulturesSaga\uninstalJamalKaertchen.exe
AddRemove-Johnnnie21ArenaShopping - c:\program files\CulturesSaga\uninstalJohnnnie21ArenaShopping.exe
AddRemove-Katharina157Glueckskinder1 - c:\program files\CulturesSaga\uninstalKatharina157Glueckskinder1.exe
AddRemove-Katharina157Glueckskinder2 - c:\program files\CulturesSaga\uninstalKatharina157Glueckskinder2.exe
AddRemove-Katharina157Glueckskinder3 - c:\program files\CulturesSaga\uninstalKatharina157Glueckskinder3.exe
AddRemove-KraeuterBelleIle - c:\program files\CulturesSaga\uninstalKraeuterBelleIle.exe
AddRemove-KraeutergBeautifulWorld - c:\program files\CulturesSaga\uninstalKraeutergBeautifulWorld.exe
AddRemove-KraeutergDasAbgelegeneTal - c:\program files\CulturesSaga\uninstalKraeutergDasAbgelegeneTal.exe
AddRemove-KraeutergDerGrosseFlussMP - c:\program files\CulturesSaga\uninstalKraeutergDerGrosseFlussMP.exe
AddRemove-KraeutergDerGrosseFlussSP - c:\program files\CulturesSaga\uninstalKraeutergDerGrosseFlussSP.exe
AddRemove-KraeutergDerWegZuDenDreiBirke - c:\program files\CulturesSaga\uninstalKraeutergDerWegZuDenDreiBirke.exe
AddRemove-KraeutergDieGaertnerdesSultan - c:\program files\CulturesSaga\uninstalKraeutergDieGaertnerdesSultan.exe
AddRemove-KraeutergDieWaben - c:\program files\CulturesSaga\uninstalKraeutergDieWaben.exe
AddRemove-KraeutergDieWikingerinGroenla - c:\program files\CulturesSaga\uninstalKraeutergDieWikingerinGroenla.exe
AddRemove-KraeutergEinerFuerAlles - c:\program files\CulturesSaga\uninstalKraeutergEinerFuerAlles.exe
AddRemove-KraeutergEinUnwirklichesLand - c:\program files\CulturesSaga\uninstalKraeutergEinUnwirklichesLand.exe
AddRemove-KraeutergEinWintertraum - c:\program files\CulturesSaga\uninstalKraeutergEinWintertraum.exe
AddRemove-KraeutergHaithabu - c:\program files\CulturesSaga\uninstalKraeutergHaithabu.exe
AddRemove-KraeutergInderNiederlande - c:\program files\CulturesSaga\uninstalKraeutergInderNiederlande.exe
AddRemove-KraeutergInselwelt - c:\program files\CulturesSaga\uninstalKraeutergInselwelt.exe
AddRemove-KraeutergJardisdeGiverny - c:\program files\CulturesSaga\uninstalKraeutergJardisdeGiverny.exe
AddRemove-KraeutergMeinParadies - c:\program files\CulturesSaga\uninstalKraeutergMeinParadies.exe
AddRemove-KraeutergRuhigeZeiten - c:\program files\CulturesSaga\uninstalKraeutergRuhigeZeiten.exe
AddRemove-KraeutergWikingerAufDenKanare - c:\program files\CulturesSaga\uninstalKraeutergWikingerAufDenKanare.exe
AddRemove-KraeutergWikingerIn Daenemark - c:\program files\CulturesSaga\uninstalKraeutergWikingerIn Daenemark.exe
AddRemove-KraeutergWikingerInDerSchweiz - c:\program files\CulturesSaga\uninstalKraeutergWikingerInDerSchweiz.exe
AddRemove-KraeutergWikingerInEngland - c:\program files\CulturesSaga\uninstalKraeutergWikingerInEngland.exe
AddRemove-KraeutergWikingerInFinnland - c:\program files\CulturesSaga\uninstalKraeutergWikingerInFinnland.exe
AddRemove-KraeutergWikingerInFrance - c:\program files\CulturesSaga\uninstalKraeutergWikingerInFrance.exe
AddRemove-KraeutergWikingerInGermany - c:\program files\CulturesSaga\uninstalKraeutergWikingerInGermany.exe
AddRemove-KraeutergWikingerInGriechenla - c:\program files\CulturesSaga\uninstalKraeutergWikingerInGriechenla.exe
AddRemove-KraeutergWikingerInIrland - c:\program files\CulturesSaga\uninstalKraeutergWikingerInIrland.exe
AddRemove-KraeutergWikingerInIsland - c:\program files\CulturesSaga\uninstalKraeutergWikingerInIsland.exe
AddRemove-KraeutergWikingerInItalien - c:\program files\CulturesSaga\uninstalKraeutergWikingerInItalien.exe
AddRemove-KraeutergWikingerInMadagaskar - c:\program files\CulturesSaga\uninstalKraeutergWikingerInMadagaskar.exe
AddRemove-KraeutergWikingerInNorwegen - c:\program files\CulturesSaga\uninstalKraeutergWikingerInNorwegen.exe
AddRemove-KraeutergWikingerInOesterreic - c:\program files\CulturesSaga\uninstalKraeutergWikingerInOesterreic.exe
AddRemove-KraeutergWikingerInPortugal - c:\program files\CulturesSaga\uninstalKraeutergWikingerInPortugal.exe
AddRemove-KraeutergWikingerInSchwedenL - c:\program files\CulturesSaga\uninstalKraeutergWikingerInSchwedenL.exe
AddRemove-KraeutergWikingerInSpanien - c:\program files\CulturesSaga\uninstalKraeutergWikingerInSpanien.exe
AddRemove-KraeuterInselderTraeume - c:\program files\CulturesSaga\uninstalKraeuterInselderTraeume.exe
AddRemove-LibelleEaPAdventskalender - c:\program files\CulturesSaga\uninstalLibelleEaPAdventskalender.exe
AddRemove-LibelleEaPAiW1Zauberer - c:\program files\CulturesSaga\uninstalLibelleEaPAiW1Zauberer.exe
AddRemove-LibelleEaPAiW2Urfin - c:\program files\CulturesSaga\uninstalLibelleEaPAiW2Urfin.exe
AddRemove-LibelleEaPAiWu4DerFeuergottDerMarranen - c:\program files\CulturesSaga\uninstalLibelleEaPAiWu4DerFeuergottDerMarranen.exe
AddRemove-LibelleEaPAiWu5Arachna - c:\program files\CulturesSaga\uninstalLibelleEaPAiWu5Arachna.exe
AddRemove-LibelleEaPAK2012KlausDummling - c:\program files\CulturesSaga\uninstalLibelleEaPAK2012KlausDummling.exe
AddRemove-LibelleEaPBeiDen7Zwergen - c:\program files\CulturesSaga\uninstalLibelleEaPBeiDen7Zwergen.exe
AddRemove-LibelleEaPDasWolkenschaf - c:\program files\CulturesSaga\uninstalLibelleEaPDasWolkenschaf.exe
AddRemove-LibelleEaPDerVerzauberteNussknacker - c:\program files\CulturesSaga\uninstalLibelleEaPDerVerzauberteNussknacker.exe
AddRemove-LibelleEaPDie7UnterirdischenKoenige - c:\program files\CulturesSaga\uninstalLibelleEaPDie7UnterirdischenKoenige.exe
AddRemove-LibelleEaPDieverlorenenWunschz - c:\program files\CulturesSaga\uninstalLibelleEaPDieverlorenenWunschz.exe
AddRemove-LibelleEaPEinDutzendAlles - c:\program files\CulturesSaga\uninstalLibelleEaPEinDutzendAlles.exe
AddRemove-LibelleEaPHerrscherVonMandala - c:\program files\CulturesSaga\uninstalLibelleEaPHerrscherVonMandala.exe
AddRemove-LibelleEaPKleineInselKerkyra - c:\program files\CulturesSaga\uninstalLibelleEaPKleineInselKerkyra.exe
AddRemove-LibelleEaPMerkFixUndDieMagischenKisten - c:\program files\CulturesSaga\uninstalLibelleEaPMerkFixUndDieMagischenKisten.exe
AddRemove-LibelleEaPSiedelnnachWunsch - c:\program files\CulturesSaga\uninstalLibelleEaPSiedelnnachWunsch.exe
AddRemove-LibelleEaPStonehenge - c:\program files\CulturesSaga\uninstalLibelleEaPStonehenge.exe
AddRemove-LibelleFelixBlumen fuerPuenky - c:\program files\CulturesSaga\uninstalLibelleFelixBlumen fuerPuenky.exe
AddRemove-LunaticHandelskarte - c:\program files\CulturesSaga\uninstalLunaticHandelskarte.exe
AddRemove-LunaticInselkarteHandel - c:\program files\CulturesSaga\uninstalLunaticInselkarteHandel.exe
AddRemove-MaebheAlleJahreWieder - c:\program files\CulturesSaga\uninstalMaebheAlleJahreWieder.exe
AddRemove-MaebheDerPfefferkuchenmann - c:\program files\CulturesSaga\uninstalMaebheDerPfefferkuchenmann.exe
AddRemove-MagicflameDergroessteSchatz - c:\program files\CulturesSaga\uninstalMagicflameDergroessteSchatz.exe
AddRemove-MannyDie6HeiligenSteine - c:\program files\CulturesSaga\uninstalMannyDie6HeiligenSteine.exe
AddRemove-MannyDievergesseneInsel - c:\program files\CulturesSaga\uninstalMannyDievergesseneInsel.exe
AddRemove-MannyNeueWelt - c:\program files\CulturesSaga\uninstalMannyNeueWelt.exe
AddRemove-MannyTupacAmaru - c:\program files\CulturesSaga\uninstalMannyTupacAmaru.exe
AddRemove-Mapperteam07. Drachenland - c:\program files\CulturesSaga\uninstalMapperteam07. Drachenland.exe
AddRemove-MapperteamAegypten - c:\program files\CulturesSaga\uninstalMapperteamAegypten.exe
AddRemove-MapperteamAmazonen - c:\program files\CulturesSaga\uninstalMapperteamAmazonen.exe
AddRemove-MapperteamAmRandDerWelt - c:\program files\CulturesSaga\uninstalMapperteamAmRandDerWelt.exe
AddRemove-MapperteamAtlantis - c:\program files\CulturesSaga\uninstalMapperteamAtlantis.exe
AddRemove-MapperteamAufDemDachDerWelt - c:\program files\CulturesSaga\uninstalMapperteamAufDemDachDerWelt.exe
AddRemove-MapperteamAufUndDavon - c:\program files\CulturesSaga\uninstalMapperteamAufUndDavon.exe
AddRemove-MapperteamAustralien - c:\program files\CulturesSaga\uninstalMapperteamAustralien.exe
AddRemove-MapperteamAuswanderer - c:\program files\CulturesSaga\uninstalMapperteamAuswanderer.exe
AddRemove-MapperteamBeiMani - c:\program files\CulturesSaga\uninstalMapperteamBeiMani.exe
AddRemove-MapperteamBjarniInEngland - c:\program files\CulturesSaga\uninstalMapperteamBjarniInEngland.exe
AddRemove-MapperteamBjarnisVerhaengnis - c:\program files\CulturesSaga\uninstalMapperteamBjarnisVerhaengnis.exe
AddRemove-MapperteamBombenstimmungInMarburg - c:\program files\CulturesSaga\uninstalMapperteamBombenstimmungInMarburg.exe
AddRemove-MapperteamChaosUmsBockbier - c:\program files\CulturesSaga\uninstalMapperteamChaosUmsBockbier.exe
AddRemove-MapperteamCyraunddieMapper - c:\program files\CulturesSaga\uninstalMapperteamCyraunddieMapper.exe
AddRemove-MapperteamDasFehlendePasswort - c:\program files\CulturesSaga\uninstalMapperteamDasFehlendePasswort.exe
AddRemove-MapperteamDasFest - c:\program files\CulturesSaga\uninstalMapperteamDasFest.exe
AddRemove-MapperteamDasGeheimnisderMaya - c:\program files\CulturesSaga\uninstalMapperteamDasGeheimnisderMaya.exe
AddRemove-MapperteamDasGrosseGwerchVonNaermberch - c:\program files\CulturesSaga\uninstalMapperteamDasGrosseGwerchVonNaermberch.exe
AddRemove-MapperteamDasImpressum - c:\program files\CulturesSaga\uninstalMapperteamDasImpressum.exe
AddRemove-MapperteamDerFjord - c:\program files\CulturesSaga\uninstalMapperteamDerFjord.exe
AddRemove-MapperteamDerMeisterdieb - c:\program files\CulturesSaga\uninstalMapperteamDerMeisterdieb.exe
AddRemove-MapperteamDerSchwarzeTod - c:\program files\CulturesSaga\uninstalMapperteamDerSchwarzeTod.exe
AddRemove-MapperteamDie10Gebote - c:\program files\CulturesSaga\uninstalMapperteamDie10Gebote.exe
AddRemove-MapperteamDieSavannenOstafrika - c:\program files\CulturesSaga\uninstalMapperteamDieSavannenOstafrika.exe
AddRemove-MapperteamDjinne - c:\program files\CulturesSaga\uninstalMapperteamDjinne.exe
AddRemove-MapperteamEntfuehrtundGetrennt - c:\program files\CulturesSaga\uninstalMapperteamEntfuehrtundGetrennt.exe
AddRemove-MapperteamEroberer - c:\program files\CulturesSaga\uninstalMapperteamEroberer.exe
AddRemove-MapperteamExcalibur - c:\program files\CulturesSaga\uninstalMapperteamExcalibur.exe
AddRemove-MapperteamHansebundUndLikedeelers - c:\program files\CulturesSaga\uninstalMapperteamHansebundUndLikedeelers.exe
AddRemove-MapperteamHeldOhneErinnerung - c:\program files\CulturesSaga\uninstalMapperteamHeldOhneErinnerung.exe
AddRemove-MapperteamImElbtal - c:\program files\CulturesSaga\uninstalMapperteamImElbtal.exe
AddRemove-MapperteamImpressum - c:\program files\CulturesSaga\uninstalMapperteamImpressum.exe
AddRemove-MapperteamImpressum08 - c:\program files\CulturesSaga\uninstalMapperteamImpressum08.exe
AddRemove-MapperteamImpressum2010 - c:\program files\CulturesSaga\uninstalMapperteamImpressum2010.exe
AddRemove-MapperteamInBavaria - c:\program files\CulturesSaga\uninstalMapperteamInBavaria.exe
AddRemove-MapperteamInDubai - c:\program files\CulturesSaga\uninstalMapperteamInDubai.exe
AddRemove-MapperteamInFranken - c:\program files\CulturesSaga\uninstalMapperteamInFranken.exe
AddRemove-MapperteamInKuba - c:\program files\CulturesSaga\uninstalMapperteamInKuba.exe
AddRemove-MapperteamKatastrophentalEifel - c:\program files\CulturesSaga\uninstalMapperteamKatastrophentalEifel.exe
AddRemove-MapperteamLandDesRot - c:\program files\CulturesSaga\uninstalMapperteamLandDesRot.exe
AddRemove-MapperteamLangerLulatschInBredullje - c:\program files\CulturesSaga\uninstalMapperteamLangerLulatschInBredullje.exe
AddRemove-MapperteamLondon - c:\program files\CulturesSaga\uninstalMapperteamLondon.exe
AddRemove-MapperteamManibeidenDrachen - c:\program files\CulturesSaga\uninstalMapperteamManibeidenDrachen.exe
AddRemove-MapperteamManibeimHoehlengeist - c:\program files\CulturesSaga\uninstalMapperteamManibeimHoehlengeist.exe
AddRemove-MapperteamMexiko - c:\program files\CulturesSaga\uninstalMapperteamMexiko.exe
AddRemove-MapperteamNachVinland - c:\program files\CulturesSaga\uninstalMapperteamNachVinland.exe
AddRemove-MapperteamOrakelsuche - c:\program files\CulturesSaga\uninstalMapperteamOrakelsuche.exe
AddRemove-MapperteamPiratenbraeute - c:\program files\CulturesSaga\uninstalMapperteamPiratenbraeute.exe
AddRemove-MapperteamRaeuberspukImHuy - c:\program files\CulturesSaga\uninstalMapperteamRaeuberspukImHuy.exe
AddRemove-MapperteamReisemitHindernissen - c:\program files\CulturesSaga\uninstalMapperteamReisemitHindernissen.exe
AddRemove-MapperteamSchaetzederKaribik - c:\program files\CulturesSaga\uninstalMapperteamSchaetzederKaribik.exe
AddRemove-MapperteamSigurdsReiseDurchTirol - c:\program files\CulturesSaga\uninstalMapperteamSigurdsReiseDurchTirol.exe
AddRemove-MapperteamStadtrundgang - c:\program files\CulturesSaga\uninstalMapperteamStadtrundgang.exe
AddRemove-MapperteamSuchenachHeimdall - c:\program files\CulturesSaga\uninstalMapperteamSuchenachHeimdall.exe
AddRemove-MapperteamSuedamerika - c:\program files\CulturesSaga\uninstalMapperteamSuedamerika.exe
AddRemove-MapperteamSuedlichVom GlamourGuelleGranaten - c:\program files\CulturesSaga\uninstalMapperteamSuedlichVom GlamourGuelleGranaten.exe
AddRemove-MapperteamSuedlichVom SigurdUndDerKaiser - c:\program files\CulturesSaga\uninstalMapperteamSuedlichVom SigurdUndDerKaiser.exe
AddRemove-MapperteamSuedlichVom TreffpunktAirport - c:\program files\CulturesSaga\uninstalMapperteamSuedlichVom TreffpunktAirport.exe
AddRemove-MapperteamSuedlichVom WeisswurstAequator - c:\program files\CulturesSaga\uninstalMapperteamSuedlichVom WeisswurstAequator.exe
AddRemove-MapperteamUnterNordlichtern - c:\program files\CulturesSaga\uninstalMapperteamUnterNordlichtern.exe
AddRemove-MapperteamVerraeterundVerbuendete - c:\program files\CulturesSaga\uninstalMapperteamVerraeterundVerbuendete.exe
AddRemove-MapperteamVordemFest - c:\program files\CulturesSaga\uninstalMapperteamVordemFest.exe
AddRemove-MapperteamWaehrendBjarnischlie - c:\program files\CulturesSaga\uninstalMapperteamWaehrendBjarnischlie.exe
AddRemove-MapperteamZufluchtbeiFreunden - c:\program files\CulturesSaga\uninstalMapperteamZufluchtbeiFreunden.exe
AddRemove-MapperteamZwischenstop - c:\program files\CulturesSaga\uninstalMapperteamZwischenstop.exe
AddRemove-Melisendre3Haselnuesse - c:\program files\CulturesSaga\uninstalMelisendre3Haselnuesse.exe
AddRemove-MelisendreSterntaler - c:\program files\CulturesSaga\uninstalMelisendreSterntaler.exe
AddRemove-MelisendreUnglueckKomplett - c:\program files\CulturesSaga\uninstalMelisendreUnglueckKomplett.exe
AddRemove-MessiCulturianerOK10Montag - c:\program files\CulturesSaga\uninstalMessiCulturianerOK10Montag.exe
AddRemove-messiGoldsuche - c:\program files\CulturesSaga\uninstalmessiGoldsuche.exe
AddRemove-MessiOk09Samstag - c:\program files\CulturesSaga\uninstalMessiOk09Samstag.exe
AddRemove-MoltWinterWonderland - c:\program files\CulturesSaga\uninstalMoltWinterWonderland.exe
AddRemove-NeisianMaebheOstern08Montag - c:\program files\CulturesSaga\uninstalNeisianMaebheOstern08Montag.exe
AddRemove-NoLimitDie5Amulette - c:\program files\CulturesSaga\uninstalNoLimitDie5Amulette.exe
AddRemove-OK10FreitagSommersprosseNejira - c:\program files\CulturesSaga\uninstalOK10FreitagSommersprosseNejira.exe
AddRemove-OK10SonntagSaCoMa - c:\program files\CulturesSaga\uninstalOK10SonntagSaCoMa.exe
AddRemove-Ostern08DonnersPuenkyDodie - c:\program files\CulturesSaga\uninstalOstern08DonnersPuenkyDodie.exe
AddRemove-Phoenix21Inselhopper - c:\program files\CulturesSaga\uninstalPhoenix21Inselhopper.exe
AddRemove-phoenix21Steinhagel - c:\program files\CulturesSaga\uninstalphoenix21Steinhagel.exe
AddRemove-PimpfiBlumeVonOstaria - c:\program files\CulturesSaga\uninstalPimpfiBlumeVonOstaria.exe
AddRemove-PimpfiNirvana - c:\program files\CulturesSaga\uninstalPimpfiNirvana.exe
AddRemove-PimpfiundIchSeitGenerationen - c:\program files\CulturesSaga\uninstalPimpfiundIchSeitGenerationen.exe
AddRemove-pronto pummelBlaukaeppchen - c:\program files\CulturesSaga\uninstalpronto pummelBlaukaeppchen.exe
AddRemove-ProntoPummelDerverrueckteDruide - c:\program files\CulturesSaga\uninstalProntoPummelDerverrueckteDruide.exe
AddRemove-prontopummelKlimawandel - c:\program files\CulturesSaga\uninstalprontopummelKlimawandel.exe
AddRemove-prontopummelWassermann - c:\program files\CulturesSaga\uninstalprontopummelWassermann.exe
AddRemove-RandallFlaggDieMafia - c:\program files\CulturesSaga\uninstalRandallFlaggDieMafia.exe
AddRemove-RatinaZAllesWichtelOderWas - c:\program files\CulturesSaga\uninstalRatinaZAllesWichtelOderWas.exe
AddRemove-RatinaZDasSchicksalHacons - c:\program files\CulturesSaga\uninstalRatinaZDasSchicksalHacons.exe
AddRemove-RatinaZDreiBrueder - c:\program files\CulturesSaga\uninstalRatinaZDreiBrueder.exe
AddRemove-RatinaZEineGrosseAufgabe - c:\program files\CulturesSaga\uninstalRatinaZEineGrosseAufgabe.exe
AddRemove-RatinaZHaconGegenDieRiesen - c:\program files\CulturesSaga\uninstalRatinaZHaconGegenDieRiesen.exe
AddRemove-RatinaZHaconInAsgard - c:\program files\CulturesSaga\uninstalRatinaZHaconInAsgard.exe
AddRemove-RatinaZHomeSweetHome - c:\program files\CulturesSaga\uninstalRatinaZHomeSweetHome.exe
AddRemove-RatinaZNeuerAnfang - c:\program files\CulturesSaga\uninstalRatinaZNeuerAnfang.exe
AddRemove-RatinaZStreikderWichtel - c:\program files\CulturesSaga\uninstalRatinaZStreikderWichtel.exe
AddRemove-RatinaZWilliWichtel - c:\program files\CulturesSaga\uninstalRatinaZWilliWichtel.exe
AddRemove-RatinaZWuestensand - c:\program files\CulturesSaga\uninstalRatinaZWuestensand.exe
AddRemove-ReddyMidisOk10Samstag - c:\program files\CulturesSaga\uninstalReddyMidisOk10Samstag.exe
AddRemove-SaCoMaAufbruchMitHindernissen - c:\program files\CulturesSaga\uninstalSaCoMaAufbruchMitHindernissen.exe
AddRemove-SaCoMaDieBrueckeAmRhein - c:\program files\CulturesSaga\uninstalSaCoMaDieBrueckeAmRhein.exe
AddRemove-SaCoMaFreundschaftshilfe - c:\program files\CulturesSaga\uninstalSaCoMaFreundschaftshilfe.exe
AddRemove-SaCoMaGrosseTauschaktion - c:\program files\CulturesSaga\uninstalSaCoMaGrosseTauschaktion.exe
AddRemove-SaCoMaHeimatlos - c:\program files\CulturesSaga\uninstalSaCoMaHeimatlos.exe
AddRemove-SaCoMaIrland - c:\program files\CulturesSaga\uninstalSaCoMaIrland.exe
AddRemove-SaCoMaIsland - c:\program files\CulturesSaga\uninstalSaCoMaIsland.exe
AddRemove-SaCoMaLehnsherr - c:\program files\CulturesSaga\uninstalSaCoMaLehnsherr.exe
AddRemove-SaCoMaMaennerAlleinZuHaus - c:\program files\CulturesSaga\uninstalSaCoMaMaennerAlleinZuHaus.exe
AddRemove-SaCoMaOdW10Ausgesetzt - c:\program files\CulturesSaga\uninstalSaCoMaOdW10Ausgesetzt.exe
AddRemove-SaCoMaOdW11DieOase - c:\program files\CulturesSaga\uninstalSaCoMaOdW11DieOase.exe
AddRemove-SaCoMaOdW12Wuestenvolk - c:\program files\CulturesSaga\uninstalSaCoMaOdW12Wuestenvolk.exe
AddRemove-SaCoMaOdW13Zickzackkurs - c:\program files\CulturesSaga\uninstalSaCoMaOdW13Zickzackkurs.exe
AddRemove-SaCoMaOdW14Goetterheimat - c:\program files\CulturesSaga\uninstalSaCoMaOdW14Goetterheimat.exe
AddRemove-SaCoMaOdW15LokisEiland - c:\program files\CulturesSaga\uninstalSaCoMaOdW15LokisEiland.exe
AddRemove-SaCoMaOdW16Gestrandet - c:\program files\CulturesSaga\uninstalSaCoMaOdW16Gestrandet.exe
AddRemove-SaCoMaOdW17DieRueckkehr - c:\program files\CulturesSaga\uninstalSaCoMaOdW17DieRueckkehr.exe
AddRemove-SaCoMaOdW7Alpen - c:\program files\CulturesSaga\uninstalSaCoMaOdW7Alpen.exe
AddRemove-SaCoMaOdW9InDerNeuenWelt - c:\program files\CulturesSaga\uninstalSaCoMaOdW9InDerNeuenWelt.exe
AddRemove-SaCoMaRS1AufbruchNachVinland - c:\program files\CulturesSaga\uninstalSaCoMaRS1AufbruchNachVinland.exe
AddRemove-SaCoMaRS2MissionInVinland - c:\program files\CulturesSaga\uninstalSaCoMaRS2MissionInVinland.exe
AddRemove-SaCoMaRS3DieSpurDerVerwuestung - c:\program files\CulturesSaga\uninstalSaCoMaRS3DieSpurDerVerwuestung.exe
AddRemove-SaCoMaRS4ImLabyrinthdesweisenSchamanen - c:\program files\CulturesSaga\uninstalSaCoMaRS4ImLabyrinthdesweisenSchamanen.exe
AddRemove-SaCoMaRS5ImAngesichtDesFeindes - c:\program files\CulturesSaga\uninstalSaCoMaRS5ImAngesichtDesFeindes.exe
AddRemove-SaCoMaRS6DieBastionDesSchreckens - c:\program files\CulturesSaga\uninstalSaCoMaRS6DieBastionDesSchreckens.exe
AddRemove-SaCoMaRS7DieEntscheidungsschlacht - c:\program files\CulturesSaga\uninstalSaCoMaRS7DieEntscheidungsschlacht.exe
AddRemove-SaCoMaSindbad - c:\program files\CulturesSaga\uninstalSaCoMaSindbad.exe
AddRemove-SaCoMaWildschweinplage - c:\program files\CulturesSaga\uninstalSaCoMaWildschweinplage.exe
AddRemove-SchnuckiWickiOstern08Ostersonntag - c:\program files\CulturesSaga\uninstalSchnuckiWickiOstern08Ostersonntag.exe
AddRemove-SchreibfederFrost - c:\program files\CulturesSaga\uninstalSchreibfederFrost.exe
AddRemove-ShaminoHammerfest - c:\program files\CulturesSaga\uninstalShaminoHammerfest.exe
AddRemove-ShaminoInselspringenWS - c:\program files\CulturesSaga\uninstalShaminoInselspringenWS.exe
AddRemove-SilbermondAlchimistin - c:\program files\CulturesSaga\uninstalSilbermondAlchimistin.exe
AddRemove-SilbermondFionaFionaunddieWikingerf - c:\program files\CulturesSaga\uninstalSilbermondFionaFionaunddieWikingerf.exe
AddRemove-SilbermondSilvermonnsGeheimnis - c:\program files\CulturesSaga\uninstalSilbermondSilvermonnsGeheimnis.exe
AddRemove-SilbermondStrohzuGold - c:\program files\CulturesSaga\uninstalSilbermondStrohzuGold.exe
AddRemove-SimonDerFinsterwald - c:\program files\CulturesSaga\uninstalSimonDerFinsterwald.exe
AddRemove-sprMappertea - c:\program files\CulturesSaga\uninstalsprMappertea.exe
AddRemove-StefanAlleZusammen - c:\program files\CulturesSaga\uninstalStefanAlleZusammen.exe
AddRemove-StefanAufNachTakatuka - c:\program files\CulturesSaga\uninstalStefanAufNachTakatuka.exe
AddRemove-StefanDerHilferuf - c:\program files\CulturesSaga\uninstalStefanDerHilferuf.exe
AddRemove-StefanDerHoehleneingang - c:\program files\CulturesSaga\uninstalStefanDerHoehleneingang.exe
AddRemove-StefanDerOffeneOzean - c:\program files\CulturesSaga\uninstalStefanDerOffeneOzean.exe
AddRemove-StefanDieExplosion - c:\program files\CulturesSaga\uninstalStefanDieExplosion.exe
AddRemove-StefanDieZollbeamten - c:\program files\CulturesSaga\uninstalStefanDieZollbeamten.exe
AddRemove-StefanWinterzeit - c:\program files\CulturesSaga\uninstalStefanWinterzeit.exe
AddRemove-ThomasOasedesHaendlers - c:\program files\CulturesSaga\uninstalThomasOasedesHaendlers.exe
AddRemove-thschlumpfAK2012Wintermaerchen - c:\program files\CulturesSaga\uninstalthschlumpfAK2012Wintermaerchen.exe
AddRemove-thschlumpfBummelnmitPoppy - c:\program files\CulturesSaga\uninstalthschlumpfBummelnmitPoppy.exe
AddRemove-timanfaya99Zaubermeister - c:\program files\CulturesSaga\uninstaltimanfaya99Zaubermeister.exe
AddRemove-TommyAlleingeblieben - c:\program files\CulturesSaga\uninstalTommyAlleingeblieben.exe
AddRemove-TommyAnguaEineSchoeneBescherun - c:\program files\CulturesSaga\uninstalTommyAnguaEineSchoeneBescherun.exe
AddRemove-TommyAnguaNannyOggStreetOfLive - c:\program files\CulturesSaga\uninstalTommyAnguaNannyOggStreetOfLive.exe
AddRemove-TommyDatingAgencyLibellule - c:\program files\CulturesSaga\uninstalTommyDatingAgencyLibellule.exe
AddRemove-TommyGestrandet - c:\program files\CulturesSaga\uninstalTommyGestrandet.exe
AddRemove-TommyGrippewelle - c:\program files\CulturesSaga\uninstalTommyGrippewelle.exe
AddRemove-TommyHandelswahn - c:\program files\CulturesSaga\uninstalTommyHandelswahn.exe
AddRemove-TommyIslandJumping - c:\program files\CulturesSaga\uninstalTommyIslandJumping.exe
AddRemove-TommyMexicoCanyon - c:\program files\CulturesSaga\uninstalTommyMexicoCanyon.exe
AddRemove-TommyNachdemFest - c:\program files\CulturesSaga\uninstalTommyNachdemFest.exe
AddRemove-TommyWedding - c:\program files\CulturesSaga\uninstalTommyWedding.exe
AddRemove-TommyWickiAnguaFreezes - c:\program files\CulturesSaga\uninstalTommyWickiAnguaFreezes.exe
AddRemove-TommyWickiKalikantzari - c:\program files\CulturesSaga\uninstalTommyWickiKalikantzari.exe
AddRemove-truckerDie12Monate - c:\program files\CulturesSaga\uninstaltruckerDie12Monate.exe
AddRemove-TruckerDrachenland - c:\program files\CulturesSaga\uninstalTruckerDrachenland.exe
AddRemove-TruckerDrachenland2 - c:\program files\CulturesSaga\uninstalTruckerDrachenland2.exe
AddRemove-TruckerDrachenland3 - c:\program files\CulturesSaga\uninstalTruckerDrachenland3.exe
AddRemove-TruckerDrachenland4 - c:\program files\CulturesSaga\uninstalTruckerDrachenland4.exe
AddRemove-TruckerDrachenland5 - c:\program files\CulturesSaga\uninstalTruckerDrachenland5.exe
AddRemove-TruckerDrachenland6 - c:\program files\CulturesSaga\uninstalTruckerDrachenland6.exe
AddRemove-TruckerOk09Montag - c:\program files\CulturesSaga\uninstalTruckerOk09Montag.exe
AddRemove-TurmwacheDerAnfang1 - c:\program files\CulturesSaga\uninstalTurmwacheDerAnfang1.exe
AddRemove-TurmwacheDerHafen3 - c:\program files\CulturesSaga\uninstalTurmwacheDerHafen3.exe
AddRemove-TurmwacheDerHansebund - c:\program files\CulturesSaga\uninstalTurmwacheDerHansebund.exe
AddRemove-TurmwacheDerTempel8 - c:\program files\CulturesSaga\uninstalTurmwacheDerTempel8.exe
AddRemove-TurmwacheDerWald6 - c:\program files\CulturesSaga\uninstalTurmwacheDerWald6.exe
AddRemove-TurmwacheKamp2DieWueste - c:\program files\CulturesSaga\uninstalTurmwacheKamp2DieWueste.exe
AddRemove-TurmwacheKamp4Kaufrausch - c:\program files\CulturesSaga\uninstalTurmwacheKamp4Kaufrausch.exe
AddRemove-TurmwacheKamp5Haendlersmann - c:\program files\CulturesSaga\uninstalTurmwacheKamp5Haendlersmann.exe
AddRemove-TurmwacheKamp7Vorbereitung - c:\program files\CulturesSaga\uninstalTurmwacheKamp7Vorbereitung.exe
AddRemove-UlfDieGoldsucher - c:\program files\CulturesSaga\uninstalUlfDieGoldsucher.exe
AddRemove-UlfFriedlicheWeihnachte - c:\program files\CulturesSaga\uninstalUlfFriedlicheWeihnachte.exe
AddRemove-VroFlintsErbeTeil1 - c:\program files\CulturesSaga\uninstalVroFlintsErbeTeil1.exe
AddRemove-VroFlintsErbeTeil2 - c:\program files\CulturesSaga\uninstalVroFlintsErbeTeil2.exe
AddRemove-VroIronWiToOk09Sonntag - c:\program files\CulturesSaga\uninstalVroIronWiToOk09Sonntag.exe
AddRemove-WickiTiefschlaf - c:\program files\CulturesSaga\uninstalWickiTiefschlaf.exe
AddRemove-WickiTommyFriedersWunsch - c:\program files\CulturesSaga\uninstalWickiTommyFriedersWunsch.exe
AddRemove-WickiTommyOk09Freitag - c:\program files\CulturesSaga\uninstalWickiTommyOk09Freitag.exe
AddRemove-WietiaCulturianerOK10Donnerstag - c:\program files\CulturesSaga\uninstalWietiaCulturianerOK10Donnerstag.exe
AddRemove-WiSchnuMarzipania - c:\program files\CulturesSaga\uninstalWiSchnuMarzipania.exe
AddRemove-WolfsrudelOdinsGeschenk - c:\program files\CulturesSaga\uninstalWolfsrudelOdinsGeschenk.exe
AddRemove-WuselBadespassmit Folgen - c:\program files\CulturesSaga\uninstalWuselBadespassmit Folgen.exe
AddRemove-WuselDerTagNull - c:\program files\CulturesSaga\uninstalWuselDerTagNull.exe
AddRemove-xxxx - c:\program files\CulturesSaga\uninstalxxxx.exe
AddRemove-YaNRaeubergeschichten - c:\program files\CulturesSaga\uninstalYaNRaeubergeschichten.exe
AddRemove-YogiDieKameltreiber - c:\program files\CulturesSaga\uninstalYogiDieKameltreiber.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-04-25 01:08
Windows 6.0.6001 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,71,49,5e,17,55,3f,9c,ba,ce,d4,0b,be,24,ac,3e,28,da,d4,7c,93,5d,f5,
83,e4,b1,c6,13,17,66,55,23,38,f7,bd,31,8e,fe,e2,d1,9c,c6,08,a7,9d,32,c8,39,\
"??"=hex:06,f5,18,0e,7a,fb,17,15,99,48,75,6c,7e,17,d0,4c
.
[HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\Software\SecuROM\License information*]
"datasecu"=hex:3f,5c,14,a6,43,bb,ab,94,ee,64,28,de,10,bf,46,4a,9f,b1,cf,ea,31,
22,3b,9f,91,ca,25,4d,13,ac,9f,e8,68,45,2f,a4,4a,c8,b0,92,0f,a7,7d,4c,b7,ba,\
"rkeysecu"=hex:b4,15,a5,4a,0a,af,40,7f,a3,83,2b,c9,de,c1,e5,7f
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3292)
c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\D\ESBRes.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Giraffic\Veoh_GirafficWatchdog.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Giraffic\Veoh_Giraffic.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\avmailc.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-25 01:19:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-04-24 23:19
.
Vor Suchlauf: 16 Verzeichnis(se), 80.197.455.872 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 80.003.440.640 Bytes frei
.
- - End Of File - - EA8D9A836DA199C2F46D0D01BF89C767
61A349592C4728853F4A90FF78F7628E
So, und jetzt gehe ich endlich schlafen, mir brummt der Schädel ... Undine |
|
25.04.2015, 15:09
| #6 |
| /// the machine /// TB-Ausbilder | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI |
|
26.04.2015, 18:38
| #7 |
| | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Hallo schrauber Tut mir leid, dass es etwas gedauert hat. Habe zuerst noch den ESET-Onlinescanner nochmals zweimal laufen lassen (ohne Löschen), um die beiden zum Sichern meiner Daten benutzten USB-Sticks zu überprüfen. Auf den USB-Sticks (Laufwerk F:/) wurde nichts gefunden. Aber mit gegenüber dem Suchlauf vom 22.4.2015 geänderten Einstellung („Erkennung von eventuell unerwünschten Anwendungen aktivieren“ und „Auf potenziell unsichere Anwendungen prüfen“) wurde noch folgendes gefunden unter C:/ gefunden (nicht gelöscht): Funde beim ESET-Suchlauf mit Mini-USB-Stick (mit nach Trojanerbefall gesicherten Word-Dateien) als Laufwerk F:/ am 25.-26.4.2015 und genauso beim ESET-Suchlauf mit 8 GB-USB-Stick (mit am 24.4.2015 nach Trojanerbefall gesicherten Word-, Bild- und Musikdateien) als Laufwerk F:/ am 26.4.2015: Funde: C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy potenziell unsichere Anwendung C:\Users\Ute\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2899c307-55a4ed59 Variante von Java/Exploit.Agent.OSD Trojaner ---------------- Hier das letzte Logfile vom Bedrohungsscan mit Malwarebytes-Antimalware (vorher MBAM-Update gemacht, MBAM hat nichts in Quarantäne verschoben): Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.04.2015 Suchlauf-Zeit: 15:37:29 Logdatei: mbam Logfile 26.4.2015.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.04.25.04 Rootkit Datenbank: v2015.04.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Ute Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 347462 Verstrichene Zeit: 22 Min, 35 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Hier das Logfile vom AdwCleaner: Code:
ATTFilter # AdwCleaner v4.202 - Bericht erstellt 26/04/2015 um 16:30:19
# Aktualisiert 23/04/2015 von Xplode
# Datenbank : 2015-04-23.1 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 1 (x86)
# Benutzername : Ute - UTE-PC
# Gestarted von : C:\Users\Ute\Desktop\AdwCleaner_4.202.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Users\Ute\AppData\Local\NativeMessaging
Ordner Gelöscht : C:\Users\Ute\AppData\Local\WhiteListing
Ordner Gelöscht : C:\Users\Ute\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_twitter.conduitapps.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fbtemplate.conduitapps.com_0.localstorage
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fbtemplate.conduitapps.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_twitter.conduitapps.com_0.localstorage
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.deltastar.nl_0.localstorage
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.deltastar.nl_0.localstorage-journal
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
Datei Gelöscht : C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Local AppWizard-Generated Applications
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v7.0.6001.18639
-\\ Google Chrome v
[C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2653012
[C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2653012
[C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
[C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48
[C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Default_Search_Provider_Data] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2653012
*************************
AdwCleaner[R0].txt - [4478 Bytes] - [26/04/2015 16:14:12]
AdwCleaner[R1].txt - [4537 Bytes] - [26/04/2015 16:25:54]
AdwCleaner[S0].txt - [4261 Bytes] - [26/04/2015 16:30:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4320 Bytes] ##########
------------ Danach, nach Suchlauf und Löschen mit AdwCleaner ließ sich der Avira E-Mail-Schutz nicht mehr aktivieren. (Vorher schien Avira Antivirus Pro dagegen wieder problemlos zu laufen, ich konnte/kann auf alles zugreifen, er updatet wieder ordnungsgemäß und es gab auch keine Fehlermeldungen mehr.) Habe es auch schon mit Neustart probiert, hilft auch nicht. Erstmal soweit, mache mit Scans weiter und vermeide vorerst E-Mails. Gruß Undine So, hier geht es weiter: Junkware removal Tool-Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.4 (04.26.2015:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Ute on 26.04.2015 at 18:09:41,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\System32\tasks\EasySpeedUpManager
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3DFCDCA1-AEAC-4302-A690-BFB683568BAA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DFCDCA1-AEAC-4302-A690-BFB683568BAA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
~~~ Files
Successfully deleted: [File] C:\Users\Ute\appdata\local\google\chrome\user data\default\local storage\http_sb.scorecardresearch.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Ute\appdata\local\google\chrome\user data\default\local storage\http_sb.scorecardresearch.com_0.localstorage
Successfully deleted: [File] C:\Users\Ute\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Ute\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Ute\appdata\local\{052B4F65-32C8-482D-84D1-B889E8309D22}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.04.2015 at 18:22:26,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und FRST-Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2015
Ran by Ute (administrator) on UTE-PC on 26-04-2015 19:09:07
Running from C:\Users\Ute\Desktop
Loaded Profiles: Ute (Available profiles: Ute)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_Giraffic.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Sonic Solutions) C:\Program Files\Common Files\Sonic Shared\CineTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Vodafone D2 GmbH) C:\Program Files\ArcorOnline\AOButler.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7420448 2009-04-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-08-28] (Synaptics, Inc.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-03-12] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-07-01] (RealNetworks, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4886608 2015-03-23] (Emsisoft GmbH)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-08-25]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk [2009-08-27]
ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-07] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\.DEFAULT -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL [2002-12-17] (Microsoft Corporation)
Tcpip\..\Interfaces\{824E9391-11B3-4B2A-BE79-7BBD70356A5D}: [NameServer] 195.50.140.180 195.50.140.114
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll [2012-08-11] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2013-07-01] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-07-01] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-31]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-01]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe\2.3.15.251_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\Ute\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Protect My Choices) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2013-11-20]
CHR Extension: (RealDownloader) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
StartMenuInternet: Google Chrome.OP2KX3NVXF4LPL4IVCMTX6SAAQ - C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [815352 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-21] (Avira Operations GmbH & Co. KG)
R1 Cinemsup; C:\Windows\system32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) [File not signed]
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-23] (Emsisoft GmbH)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-04-05] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-29] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-26 19:09 - 2015-04-26 19:10 - 00018676 _____ () C:\Users\Ute\Desktop\FRST.txt
2015-04-26 19:07 - 2015-04-26 19:07 - 01140736 _____ (Farbar) C:\Users\Ute\Desktop\FRST.exe
2015-04-26 18:22 - 2015-04-26 18:22 - 00002577 _____ () C:\Users\Ute\Desktop\JRT.txt
2015-04-26 18:09 - 2015-04-26 18:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-UTE-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
2015-04-26 18:09 - 2015-04-26 18:09 - 00000000 ____D () C:\RegBackup
2015-04-26 18:07 - 2015-04-26 18:07 - 02715764 _____ (Thisisu) C:\Users\Ute\Desktop\JRT.exe
2015-04-26 16:14 - 2015-04-26 16:30 - 00000000 ____D () C:\AdwCleaner
2015-04-26 16:09 - 2015-04-26 16:09 - 02224640 _____ () C:\Users\Ute\Desktop\AdwCleaner_4.202.exe
2015-04-26 11:10 - 2015-04-26 11:10 - 00000000 ____D () C:\Program Files\ESET
2015-04-26 11:09 - 2015-04-26 11:09 - 02347384 _____ (ESET) C:\Users\Ute\Downloads\esetsmartinstaller_deu (1).exe
2015-04-25 22:59 - 2015-04-25 23:00 - 02347384 _____ (ESET) C:\Users\Ute\Downloads\esetsmartinstaller_deu.exe
2015-04-25 01:19 - 2015-04-25 01:19 - 00051903 _____ () C:\ComboFix.txt
2015-04-25 00:38 - 2015-04-25 01:19 - 00000000 ____D () C:\Qoobox
2015-04-25 00:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-25 00:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-25 00:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-25 00:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-25 00:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-25 00:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-25 00:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-25 00:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-25 00:34 - 2015-04-25 00:34 - 05619466 ____R (Swearware) C:\Users\Ute\Desktop\ComboFix.exe
2015-04-24 20:16 - 2015-04-24 20:16 - 00141232 _____ () C:\Windows\Minidump\Mini042415-01.dmp
2015-04-24 20:15 - 2015-04-24 20:16 - 276515366 _____ () C:\Windows\MEMORY.DMP
2015-04-24 19:27 - 2015-04-25 01:13 - 00000000 ____D () C:\Windows\erdnt
2015-04-24 15:05 - 2015-04-24 15:05 - 00001057 _____ () C:\Users\Ute\Desktop\Revo Uninstaller.lnk
2015-04-24 15:04 - 2015-04-24 15:04 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-24 14:59 - 2015-04-24 15:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ute\Downloads\revosetup95.exe
2015-04-23 17:56 - 2015-04-23 17:56 - 00019413 _____ () C:\Users\Ute\Downloads\Gmer.txt
2015-04-23 17:11 - 2015-04-23 17:11 - 00380416 _____ () C:\Users\Ute\Downloads\d3tj1l52.exe
2015-04-23 16:42 - 2015-04-23 16:44 - 00085666 _____ () C:\Users\Ute\Downloads\Addition.txt
2015-04-23 16:41 - 2015-04-23 16:44 - 00044205 _____ () C:\Users\Ute\Downloads\FRST.txt
2015-04-23 16:40 - 2015-04-26 19:09 - 00000000 ____D () C:\FRST
2015-04-23 16:38 - 2015-04-23 16:39 - 01139200 _____ (Farbar) C:\Users\Ute\Downloads\FRST.exe
2015-04-23 16:27 - 2015-04-23 16:27 - 00000468 _____ () C:\Users\Ute\Downloads\defogger_disable.log
2015-04-23 16:27 - 2015-04-23 16:27 - 00000000 _____ () C:\Users\Ute\defogger_reenable
2015-04-23 16:24 - 2015-04-23 16:24 - 00050477 _____ () C:\Users\Ute\Downloads\Defogger.exe
2015-04-23 15:17 - 2015-04-23 15:17 - 00000194 _____ () C:\Users\Ute\Downloads\hosts-perm (1).bat
2015-04-23 12:12 - 2015-04-23 12:12 - 00000194 _____ () C:\Users\Ute\Downloads\hosts-perm.bat
2015-04-22 17:34 - 2015-04-22 17:34 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-22 15:44 - 2015-04-22 15:44 - 00000888 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-04-22 15:44 - 2015-04-22 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-04-22 15:43 - 2015-04-26 18:54 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-04-22 15:43 - 2015-03-23 23:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-04-22 00:02 - 2015-04-25 21:46 - 00000000 ____D () C:\Users\Ute\AppData\Local\CrashDumps
2015-04-21 22:44 - 2015-04-21 22:44 - 00000000 ____D () C:\Users\Ute\Documents\RogueKiller_bundle_10.6[1]
2015-04-21 15:48 - 2015-04-23 15:25 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-21 15:48 - 2015-04-21 20:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-21 13:54 - 2015-04-21 13:55 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Ute\Downloads\tdsskiller.exe
2015-04-21 12:24 - 2015-04-21 12:24 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-19 14:34 - 2015-04-26 15:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 14:33 - 2015-04-19 14:33 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-04-19 14:33 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-19 14:33 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-19 14:33 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-19 14:12 - 2015-04-19 14:17 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ute\Downloads\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-04-10 18:51 - 2015-04-11 02:11 - 00000000 ____D () C:\Users\Ute\meine Lernkartei
2015-04-10 18:36 - 2015-04-10 20:17 - 00000270 _____ () C:\Users\Ute\konfig.new
2015-04-10 18:30 - 2015-04-10 21:22 - 00000000 ____D () C:\Users\Ute\Tutorial
2015-04-10 18:30 - 2015-04-10 18:30 - 00000552 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Lernkartei.lnk
2015-04-10 18:30 - 2015-04-10 18:30 - 00000542 _____ () C:\Users\Public\Desktop\Lernkartei.lnk
2015-04-02 21:00 - 2015-04-02 21:00 - 00029633 _____ () C:\Users\Ute\Downloads\content_de.gadget
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-26 19:06 - 2013-07-29 22:15 - 00000000 ____D () C:\ProgramData\Giraffic
2015-04-26 18:57 - 2009-06-16 03:06 - 01225313 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 18:54 - 2009-08-24 15:51 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-04-26 18:53 - 2013-07-29 22:15 - 00000000 ____D () C:\Program Files\Giraffic
2015-04-26 18:52 - 2006-11-02 14:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 18:52 - 2006-11-02 14:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 18:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\it-IT
2015-04-26 18:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-04-26 18:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-25 13:46 - 2009-08-26 19:59 - 00000000 ____D () C:\Users\Ute\Documents\Eigene Dokumente
2015-04-25 01:19 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2015-04-25 01:19 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-04-25 01:08 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-25 01:04 - 2008-01-21 05:02 - 01396064 _____ () C:\Windows\PFRO.log
2015-04-25 01:03 - 2006-11-02 12:22 - 41680896 _____ () C:\Windows\system32\config\COMPON~3.bak
2015-04-25 01:03 - 2006-11-02 12:22 - 36175872 _____ () C:\Windows\system32\config\software.bak
2015-04-25 01:03 - 2006-11-02 12:22 - 19398656 _____ () C:\Windows\system32\config\system.bak
2015-04-25 01:03 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-04-25 01:03 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-04-25 01:03 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-04-24 20:16 - 2009-09-13 01:24 - 00000000 ____D () C:\Windows\Minidump
2015-04-24 16:40 - 2006-11-02 14:49 - 00157611 _____ () C:\Windows\setupact.log
2015-04-24 16:08 - 2011-01-21 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cultures Saga
2015-04-23 16:27 - 2009-08-24 15:51 - 00000000 ____D () C:\Users\Ute
2015-04-22 13:06 - 2011-02-11 08:45 - 00000000 ____D () C:\Users\Ute\Documents\zu Spielen u. Sonstiges
2015-04-20 18:43 - 2009-06-15 11:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-20 18:40 - 2014-06-27 20:25 - 00000000 ____D () C:\Program Files\Drakensang - Am Fluss der Zeit
2015-04-20 18:36 - 2009-08-27 22:06 - 00000000 ____D () C:\XP-Spiele
2015-04-20 18:33 - 2011-01-17 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-04-20 18:33 - 2011-01-17 18:31 - 00000000 ____D () C:\Program Files\Purplehills
2015-04-19 21:22 - 2014-04-02 15:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\TB
2015-04-19 16:05 - 2012-05-23 23:59 - 00000000 ____D () C:\ProgramData\YTD YouTube Downloader & Converter
2015-04-15 17:06 - 2013-07-18 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 16:54 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-11 15:49 - 2009-08-26 20:00 - 00000000 ____D () C:\Users\Ute\Documents\Eigene Gedichte
2015-04-10 20:17 - 2011-05-15 10:49 - 00000270 _____ () C:\Users\Ute\konfig.dat
2015-04-04 19:34 - 2015-03-25 20:08 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\MuseScore
2015-04-02 14:19 - 2014-05-13 20:17 - 00000000 ____D () C:\Users\Ute\Documents\Musik Flöte Gitarre alg
2015-03-27 18:55 - 2014-11-06 23:40 - 00000282 _____ () C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3319244995-2461475978-946539677-1000.job
==================== Files in the root of some directories =======
2009-11-07 00:27 - 2007-03-14 12:49 - 0010752 _____ (Arcor Online GmbH) C:\Users\Ute\AppData\Local\cmdial32.dll
2014-03-02 13:49 - 2014-03-02 13:49 - 0000552 _____ () C:\Users\Ute\AppData\Local\d3d8caps.dat
2009-08-24 19:11 - 2013-09-07 22:38 - 0009216 _____ () C:\Users\Ute\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-15 11:24 - 2009-06-15 11:24 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-06-15 11:21 - 2009-06-15 11:22 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2009-06-15 11:16 - 2009-06-15 11:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-06-15 11:22 - 2009-06-15 11:24 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2009-06-15 11:18 - 2009-06-15 11:21 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Files to move or delete:
====================
C:\Users\Ute\AxInterop.WMPLib.dll
C:\Users\Ute\Interop.WMPLib.dll
C:\Users\Ute\konfig.dat
C:\Users\Ute\Lernkartei.exe
Some content of TEMP:
====================
C:\Users\Ute\AppData\Local\temp\avgnt.exe
C:\Users\Ute\AppData\Local\temp\Quarantine.exe
C:\Users\Ute\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-26 18:57
==================== End Of Log ============================
--- --- --- --- --- --- Der Avira E-Mailschutz lässt sich auch weiterhin nicht aktivieren. Gruß Undine |
|
27.04.2015, 14:46
| #8 | |
| /// the machine /// TB-Ausbilder | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSIZitat:
Wie läuft der Rechner denn aktuell?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.04.2015, 18:03
| #9 |
| | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Hallo schrauber, ich hoffe, dass das mit dem Neuinstallieren von Avira so einfach geht. Die CD ist nämlich von 2009, danach habe ich immer nur per Internet die Lizenzen verlängert. Ich habe keine Ahnung welcher Code da nun der richtige ist, der von der CD oder der aktuelle ... Ansonsten scheint alles wieder normal zu laufen, keine Störungen oder Störungsmeldungen mehr, soweit ich es erkennen kann. Denken Sie, dass ich mir den Trojaner durch Veho eingefangen habe? Dann würde ich Veho nämlich erstmal vermeiden. Oder gibt es sowas wie einen sicheren Zugang zu den Veho-Videos? Gruß Undine |
|
28.04.2015, 13:53
| #10 |
| /// the machine /// TB-Ausbilder | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Einfach auf der Avira Seite den aktuellen Installer laden Möglich dass es durch Veho war, oder sonst einen eher schlechten Download. Viele Freeware Programme bringen Adware mit. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.04.2015, 04:53
| #11 |
| | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Hallo schrauber, brauchte gestern mal einen scanfreien Tag (träume schon vom Scannen) ... Ja, irgendwie gibt es doch noch Probleme. Links von Word zu youtube, die ich in der Zwischenzeit sicherheitshalber nicht benutzt hatte, können teilweise (nicht alle) nicht mehr geöffnet werden. Es erscheint der Hinweis: "... konnte nicht geöffnet werden. Ein Sicherheitsproblem ist aufgetreten." Suche ich mir aber die entsprechende Musik neu bei Youtube und kopiere den Link neu, funktioniert er wieder, auch wenn die Adresse dieselbe ist. (Habe das erstmal mit meinen absoluten Favoriten gemacht ...) Ich kann nicht sagen, ob es daran liegt, dass ich heute als erstes den Adobe Flashplayer upgedatet habe oder ob das auch vorher schon so war. (Hatte gestern beim youtube-Video-Schauen Probleme, dass ich nicht mehr einen Zeitpunkt in der Mitte des Videos anklicken konnte, weil das Bild dann stoppte und nur noch der Ton weiterlief. Dieses Problem scheint mit dem Update behoben. Der entsprechende Link zum Video aus einem Word Dokument funktionierte gestern wie heute aber.) Momentan scheint mein Computer keine Wiederherstellungspunkte mehr zu setzen (hatte überlegt das Adobe-Update wegen der Probleme mit den Links rückgängig zu machen, fand aber keinerlei Wiederherstellungspunkte). Werde sicherheitshalber erstmal nochmal den Malwarebytes Antimalware-Scanner durchlaufen lassen und wenn alles dort soweit in Ordnung ist mich an der Neuinstallation von Avira versuchen, bevor ich mit dem Scannen weitermache. Soweit erstmal Gruß Undine Vielen Dank für den Hinweis, wie ich Avira repariert bekomme. Es hat problemlos funktioniert und der Email-Schutz läuft nun wieder. Zuvor hatte ich nochmal den Malwarebytes-Antimalwarescanner laufen lassen (keine Funde) und dann die Emsisoft-Antimalware, die folgendes fand: Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0
Letztes Update: 29.04.2015 19:11:17
Benutzerkonto: Ute-PC\Ute
Scan-Einstellungen:
Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 29.04.2015 20:17:21
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Gescannt 256197
Gefunden 7
Scan-Ende: 29.04.2015 22:58:14
Scan-Zeit: 2:40:53
Eine Rückmeldung, ob ich damit richtig liege und ob das so in Ordnung geht, wäre aber nett. Ich mache vorerst mit Eset weiter ... Gruß Undine Hier das Logfile vom Eset Onlinescanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d0fd9db6a449ab4aa57d1401fdc90d37
# engine=23627
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-30 02:43:08
# local_time=2015-04-30 04:43:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 43152 267894560 0 0
# scanned=204825
# found=1
# cleaned=0
# scan_time=14107
sh=49D26C6D8C28D1F01E941B6C12E2E4EDDAA45F0D ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.Agent.OSD Trojaner" ac=I fn="C:\Users\Ute\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2899c307-55a4ed59"
Geändert von Undine R (29.04.2015 um 18:42 Uhr) |
|
30.04.2015, 10:49
| #12 |
| /// the machine /// TB-Ausbilder | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI `Die Funde kannste auch ruhig in Quarantäne packen. Der Rest von oben kommt noch? Warum speichert man eigentlich seine Lieblings-Youtube-links in einem Worddokument?? Es müssen bei einem Update nur die Sicherheitseinstellungen von Word geändert werden, schon geht der Absprung nicht mehr. Speicher die Links doch gleich im Browser, da wo sie hingehören.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.04.2015, 16:16
| #13 |
| | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI In Ordnung, danke! Ja, der Rest von oben kommt noch, versuche ich heute zu schaffen. Warum ich Links zu Lieblingsmusik (Lieblingshörbüchen, Lieblingsfilmen ...) in Worddokumenten habe? Ganz einfach, so muss ich nicht lange suchen, einfach Strg+Link anklicken und schon bin ich da. (Und zu manchen Links schreibe ich auch Infos dazu ...) Zudem benutze ich bezüglich Musik einen Trick. Ich lasse meinen Mediaplayer im Hintergrund (ganz leise) Binaurale Wellen oder in normaler Lautstärke Beruhigungsmusik spielen und dazu kommen dann meine Lieblingsmusik oder Naturgeräusche wie Vogelgezwitscher oder Wellenrauschen von Youtube. Ich mag diese Kombinationen. Wie kann ich Links im Bowser selber (also in google Chrome) speichern? Und, könnte Google Chrome dann nicht sehen, was da alles gespeichert ist? Und im Falle eines Trojaners eventuell auch noch andere? Ich mache das mit den Links in Worddokumenten schon seit etwa vier Jahren und in dieser Zeit gab es nie Probleme. Gruß Undine bin's nochmal ... mir ist zu den Funden von Emsi noch etwas aufgefallen. Könnten das die "Opt out"-Einstellungen für den Adobe-Flashplayer sein, die ich gemacht habe? Weil da überall "POLICIES" drin steckt? Die "Opt out"-Möglichkeiten fanden sich bei Adobe unter "Privacy-Policies" glaube ich. Wenn das so wäre, würde ich das natürlich behalten und nicht löschen wollen ... hier nochmal das Logfil von Emsi: Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0
Letztes Update: 29.04.2015 19:11:17
Benutzerkonto: Ute-PC\Ute
Scan-Einstellungen:
Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 29.04.2015 20:17:21
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3319244995-2461475978-946539677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Gescannt 256197
Gefunden 7
Scan-Ende: 29.04.2015 22:58:14
Scan-Zeit: 2:40:53
Gruß Undine Hier das Logfile vom "Security Check": Code:
ATTFilter Results of screen317's Security Check version 1.00 Windows Vista Service Pack 1 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Emsisoft Anti-Malware Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Java version 32-bit out of Date! Adobe Flash Player 11.3.300.270 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome (41.0.2272.118) Google Chrome (42.0.2311.90) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Emsisoft Anti-Malware a2service.exe Emsisoft Anti-Malware a2guard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Und hier noch das FRST-Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2015
Ran by Ute (administrator) on UTE-PC on 30-04-2015 16:40:16
Running from C:\Users\Ute\Desktop
Loaded Profiles: Ute (Available profiles: Ute)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_Giraffic.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Sonic Solutions) C:\Program Files\Common Files\Sonic Shared\CineTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7420448 2009-04-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-08-28] (Synaptics, Inc.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-03-12] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-07-01] (RealNetworks, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4886608 2015-03-23] (Emsisoft GmbH)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-08-25]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk [2009-08-27]
ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3319244995-2461475978-946539677-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3319244995-2461475978-946539677-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-07] (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-07] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\.DEFAULT -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL [2002-12-17] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-29] (Avira Operations GmbH & Co. KG)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll [2012-08-11] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2013-07-01] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-07-01] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\97\npappdetector.dll [2013-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319244995-2461475978-946539677-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ute\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-31]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-01]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ute\AppData\Local\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe\2.3.15.251_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\Ute\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Protect My Choices) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2013-11-20]
CHR Extension: (RealDownloader) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-26]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
StartMenuInternet: Google Chrome.OP2KX3NVXF4LPL4IVCMTX6SAAQ - C:\Users\Ute\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [815352 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-21] (Avira Operations GmbH & Co. KG)
R1 Cinemsup; C:\Windows\system32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) [File not signed]
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-23] (Emsisoft GmbH)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-04-05] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-29] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-30 16:40 - 2015-04-30 16:40 - 00019949 _____ () C:\Users\Ute\Desktop\FRST.txt
2015-04-30 15:44 - 2015-04-30 15:44 - 00852616 _____ () C:\Users\Ute\Desktop\SecurityCheck.exe
2015-04-30 00:39 - 2015-04-30 00:39 - 02347384 _____ (ESET) C:\Users\Ute\Desktop\esetsmartinstaller_deu.exe
2015-04-30 00:08 - 2015-04-30 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-29 23:26 - 2015-04-30 00:00 - 186726144 _____ () C:\Users\Ute\Downloads\avira_antivirus_de-de.exe
2015-04-26 19:11 - 2015-04-26 19:12 - 00056554 _____ () C:\Users\Ute\Desktop\Addition.txt
2015-04-26 19:07 - 2015-04-26 19:07 - 01140736 _____ (Farbar) C:\Users\Ute\Desktop\FRST.exe
2015-04-26 18:22 - 2015-04-26 18:22 - 00002577 _____ () C:\Users\Ute\Desktop\JRT.txt
2015-04-26 18:09 - 2015-04-26 18:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-UTE-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
2015-04-26 18:09 - 2015-04-26 18:09 - 00000000 ____D () C:\RegBackup
2015-04-26 18:07 - 2015-04-26 18:07 - 02715764 _____ (Thisisu) C:\Users\Ute\Desktop\JRT.exe
2015-04-26 16:14 - 2015-04-26 16:30 - 00000000 ____D () C:\AdwCleaner
2015-04-26 16:09 - 2015-04-26 16:09 - 02224640 _____ () C:\Users\Ute\Desktop\AdwCleaner_4.202.exe
2015-04-26 11:10 - 2015-04-26 11:10 - 00000000 ____D () C:\Program Files\ESET
2015-04-26 11:09 - 2015-04-26 11:09 - 02347384 _____ (ESET) C:\Users\Ute\Downloads\esetsmartinstaller_deu (1).exe
2015-04-25 22:59 - 2015-04-25 23:00 - 02347384 _____ (ESET) C:\Users\Ute\Downloads\esetsmartinstaller_deu.exe
2015-04-25 01:19 - 2015-04-25 01:19 - 00051903 _____ () C:\ComboFix.txt
2015-04-25 00:38 - 2015-04-25 01:19 - 00000000 ____D () C:\Qoobox
2015-04-25 00:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-25 00:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-25 00:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-25 00:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-25 00:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-25 00:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-25 00:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-25 00:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-25 00:34 - 2015-04-25 00:34 - 05619466 ____R (Swearware) C:\Users\Ute\Desktop\ComboFix.exe
2015-04-24 20:16 - 2015-04-24 20:16 - 00141232 _____ () C:\Windows\Minidump\Mini042415-01.dmp
2015-04-24 20:15 - 2015-04-24 20:16 - 276515366 _____ () C:\Windows\MEMORY.DMP
2015-04-24 19:27 - 2015-04-25 01:13 - 00000000 ____D () C:\Windows\erdnt
2015-04-24 15:05 - 2015-04-24 15:05 - 00001057 _____ () C:\Users\Ute\Desktop\Revo Uninstaller.lnk
2015-04-24 15:04 - 2015-04-24 15:04 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-24 14:59 - 2015-04-24 15:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ute\Downloads\revosetup95.exe
2015-04-23 17:56 - 2015-04-23 17:56 - 00019413 _____ () C:\Users\Ute\Downloads\Gmer.txt
2015-04-23 17:11 - 2015-04-23 17:11 - 00380416 _____ () C:\Users\Ute\Downloads\d3tj1l52.exe
2015-04-23 16:42 - 2015-04-23 16:44 - 00085666 _____ () C:\Users\Ute\Downloads\Addition.txt
2015-04-23 16:41 - 2015-04-23 16:44 - 00044205 _____ () C:\Users\Ute\Downloads\FRST.txt
2015-04-23 16:40 - 2015-04-30 16:40 - 00000000 ____D () C:\FRST
2015-04-23 16:38 - 2015-04-23 16:39 - 01139200 _____ (Farbar) C:\Users\Ute\Downloads\FRST.exe
2015-04-23 16:27 - 2015-04-23 16:27 - 00000468 _____ () C:\Users\Ute\Downloads\defogger_disable.log
2015-04-23 16:27 - 2015-04-23 16:27 - 00000000 _____ () C:\Users\Ute\defogger_reenable
2015-04-23 16:24 - 2015-04-23 16:24 - 00050477 _____ () C:\Users\Ute\Downloads\Defogger.exe
2015-04-23 15:17 - 2015-04-23 15:17 - 00000194 _____ () C:\Users\Ute\Downloads\hosts-perm (1).bat
2015-04-23 12:12 - 2015-04-23 12:12 - 00000194 _____ () C:\Users\Ute\Downloads\hosts-perm.bat
2015-04-22 17:34 - 2015-04-22 17:34 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-22 15:44 - 2015-04-22 15:44 - 00000888 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-04-22 15:44 - 2015-04-22 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-04-22 15:43 - 2015-04-30 15:14 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-04-22 15:43 - 2015-03-23 23:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-04-22 00:02 - 2015-04-25 21:46 - 00000000 ____D () C:\Users\Ute\AppData\Local\CrashDumps
2015-04-21 22:44 - 2015-04-21 22:44 - 00000000 ____D () C:\Users\Ute\Documents\RogueKiller_bundle_10.6[1]
2015-04-21 15:48 - 2015-04-23 15:25 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-21 15:48 - 2015-04-21 20:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-21 13:54 - 2015-04-21 13:55 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Ute\Downloads\tdsskiller.exe
2015-04-21 12:24 - 2015-04-21 12:24 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-19 14:34 - 2015-04-29 19:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 14:33 - 2015-04-19 14:33 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-19 14:33 - 2015-04-19 14:33 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-04-19 14:33 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-19 14:33 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-19 14:33 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-19 14:12 - 2015-04-19 14:17 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ute\Downloads\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-04-10 18:51 - 2015-04-27 22:20 - 00000000 ____D () C:\Users\Ute\meine Lernkartei
2015-04-10 18:36 - 2015-04-27 22:16 - 00000298 _____ () C:\Users\Ute\konfig.new
2015-04-10 18:30 - 2015-04-10 21:22 - 00000000 ____D () C:\Users\Ute\Tutorial
2015-04-10 18:30 - 2015-04-10 18:30 - 00000552 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Lernkartei.lnk
2015-04-10 18:30 - 2015-04-10 18:30 - 00000542 _____ () C:\Users\Public\Desktop\Lernkartei.lnk
2015-04-02 21:00 - 2015-04-02 21:00 - 00029633 _____ () C:\Users\Ute\Downloads\content_de.gadget
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-30 16:30 - 2013-07-29 22:15 - 00000000 ____D () C:\ProgramData\Giraffic
2015-04-30 16:28 - 2013-07-29 22:15 - 00000000 ____D () C:\Program Files\Giraffic
2015-04-30 15:51 - 2009-06-16 03:06 - 01511211 _____ () C:\Windows\WindowsUpdate.log
2015-04-30 15:41 - 2009-08-26 19:59 - 00000000 ____D () C:\Users\Ute\Documents\Eigene Dokumente
2015-04-30 15:27 - 2006-11-02 14:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-30 15:27 - 2006-11-02 14:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-30 13:29 - 2009-08-24 15:51 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-04-30 13:26 - 2008-01-21 05:02 - 01555692 _____ () C:\Windows\PFRO.log
2015-04-30 13:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\it-IT
2015-04-30 13:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-04-30 13:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-30 00:08 - 2013-07-29 12:36 - 00001859 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-04-29 17:25 - 2012-08-09 21:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-29 17:25 - 2012-03-14 01:32 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-27 22:25 - 2015-03-25 20:08 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\MuseScore
2015-04-27 22:16 - 2011-05-15 10:49 - 00000298 _____ () C:\Users\Ute\konfig.dat
2015-04-25 01:19 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2015-04-25 01:19 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-04-25 01:08 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-25 01:03 - 2006-11-02 12:22 - 41680896 _____ () C:\Windows\system32\config\COMPON~3.bak
2015-04-25 01:03 - 2006-11-02 12:22 - 36175872 _____ () C:\Windows\system32\config\software.bak
2015-04-25 01:03 - 2006-11-02 12:22 - 19398656 _____ () C:\Windows\system32\config\system.bak
2015-04-25 01:03 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-04-25 01:03 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-04-25 01:03 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-04-24 20:16 - 2009-09-13 01:24 - 00000000 ____D () C:\Windows\Minidump
2015-04-24 16:40 - 2006-11-02 14:49 - 00157611 _____ () C:\Windows\setupact.log
2015-04-24 16:08 - 2011-01-21 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cultures Saga
2015-04-23 16:27 - 2009-08-24 15:51 - 00000000 ____D () C:\Users\Ute
2015-04-22 13:06 - 2011-02-11 08:45 - 00000000 ____D () C:\Users\Ute\Documents\zu Spielen u. Sonstiges
2015-04-20 18:43 - 2009-06-15 11:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-20 18:40 - 2014-06-27 20:25 - 00000000 ____D () C:\Program Files\Drakensang - Am Fluss der Zeit
2015-04-20 18:36 - 2009-08-27 22:06 - 00000000 ____D () C:\XP-Spiele
2015-04-20 18:33 - 2011-01-17 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-04-20 18:33 - 2011-01-17 18:31 - 00000000 ____D () C:\Program Files\Purplehills
2015-04-19 21:22 - 2014-04-02 15:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\TB
2015-04-19 16:05 - 2012-05-23 23:59 - 00000000 ____D () C:\ProgramData\YTD YouTube Downloader & Converter
2015-04-15 17:06 - 2013-07-18 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 16:54 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-11 15:49 - 2009-08-26 20:00 - 00000000 ____D () C:\Users\Ute\Documents\Eigene Gedichte
2015-04-02 14:19 - 2014-05-13 20:17 - 00000000 ____D () C:\Users\Ute\Documents\Musik Flöte Gitarre alg
==================== Files in the root of some directories =======
2009-11-07 00:27 - 2007-03-14 12:49 - 0010752 _____ (Arcor Online GmbH) C:\Users\Ute\AppData\Local\cmdial32.dll
2014-03-02 13:49 - 2014-03-02 13:49 - 0000552 _____ () C:\Users\Ute\AppData\Local\d3d8caps.dat
2009-08-24 19:11 - 2013-09-07 22:38 - 0009216 _____ () C:\Users\Ute\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-15 11:24 - 2009-06-15 11:24 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-06-15 11:21 - 2009-06-15 11:22 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2009-06-15 11:16 - 2009-06-15 11:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-06-15 11:22 - 2009-06-15 11:24 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2009-06-15 11:18 - 2009-06-15 11:21 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Files to move or delete:
====================
C:\Users\Ute\AxInterop.WMPLib.dll
C:\Users\Ute\Interop.WMPLib.dll
C:\Users\Ute\konfig.dat
C:\Users\Ute\Lernkartei.exe
Some content of TEMP:
====================
C:\Users\Ute\AppData\Local\temp\avgnt.exe
C:\Users\Ute\AppData\Local\temp\Quarantine.exe
C:\Users\Ute\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-30 13:32
==================== End Of Log ============================
--- --- --- Gruß Undine |
|
01.05.2015, 15:27
| #14 |
| /// the machine /// TB-Ausbilder | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Die Emsi-Funde beziehen sich nur auf Regedit und Taskmanager, die können raus. Das die Updates bei Windows nicht klappen ist eher doof, das ist ein enormes Sicherheitsrisiko. Schauen wir mal. Windows Repair Tool laufen lassen: Windows reparieren - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.05.2015, 20:08
| #15 |
| | W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI Oh je, die Anleitung für das Windows Repair Tool liest sich kompliziert. Da habe ich gleich mehrere Fragen dazu. 1. Wie komme ich in den "Save Mode with Networking"? 2. Ich besitze keine "Check-Disk" und offensichtlich auch keine CD mit Windows Vista Home Basic (das habe ich nachschauen lassen wo ich den Laptop gekauft habe: Es war keine entsprechende CD dabei, nur ein Flyer "Stellen sie Ihr System ohne Wiederherstellungsmedium (CD/DVD) wieder her" - Samsung Recovery Solution ...) 3. Hat das "Backup" etwas mit "Wiederherstellungspunkten" zu tun? Wenn ich unter Systemsteuerung/Wartung nach Wiederherstellungspunkten suche, bekomme ich folgende Meldung: "Der Computerschutz ist deaktiviert". Ich müsste ihn neu aktivieren und dazu ankreuzen/anhaken, für welche Datenträger automatische Wiederherstellungspunkte gesetzt werden sollen (Recovery, Lokaler Datenträger C:, Lokaler Datenträger D: ). Was muss ich da ankreuzen? 4. Denken Sie, dass mein PC jetzt soweit trojanerfrei ist, dass ich nochmal alle meine Dateien ohne Risiko sichern kann (USB-Stick)? Das würde ich gerne vorher machen. Auf den beiden kleinen USB-Sticks war nur das allerwichtigste ... Ich musste mir erst einen ausreichend großen besorgen. 5. Zur Abbildung mit 5,6,7 in der Anleitung: Sind die Haken in den Kästchen im linken Teil automatisch richtig gesetzt? Gruß Undine |
|
| Themen zu W.Vista Home basic mit Trojaner TR/Crypt.XPACK.Gen, Conduit/SearchProtect und Brantall infiziert, Probleme mit Avira und möglicherweise EMSI |
| adobe, antivirus, avg, avira, brantall[trojan], browser, canon, computer, conduit/searchprotect, defender, desktop, einstellungen, home, installation, kaspersky, logfile, musik, programm, realtek, registry, roguekiller, services.exe, software, störungen, svchost.exe, system, temp, tr/crypt.xpack.gen, tr/crypt.xpack.gen' [trojan], trojaner, windows, windows vista home basic, ändern |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
