Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden

Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden


Log-Analyse und Auswertung: Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.03.2015, 18:04   #1
Ana76
 
Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden - Standard

Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden


Hallo!
Ich habe zunächst über Avira suchen lassen, da ist aber leider nicht viel bei rausgekommen.
Habe dann Avira, Win Defender und die Firewall deaktiviert und mit AdwCleaner und Malwarebytes suchen lassen.
Beim letzten sind dann 4 Trojaner vom Typ Trojan.FakeMS.ED gefunden worden. Ich habe sie nun in Quarantäne gepackt, wobei von den 4 nur 3 aufgelistet sind. Den Ordner habe ich dann nochmal untersuchen lassen und dann entfernt (mit CCleaner im Papierkorb dann).

Wo ist der vierte hin? Wie muss ich weiter vorgehen, damit alles wieder sauber ist/bleibt? Muss ich auch meine externe Festplatte säubern? Die habe ich nämlich auch angeschlossen, als ich noch nicht von dem Virusbefall wusste.


Hier die ganzen Ergebnisse:
AdwCleaner[R0]:
Zitat:
# AdwCleaner v4.112 - Bericht erstellt 12/03/2015 um 14:26:06
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Katharina - ANNA-HP
# Gestarted von : C:\Users\Katharina\Desktop\adwcleaner_4.112.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files (x86)\Free Video Converter
Ordner Gefunden : C:\Users\Katharina\AppData\Roaming\dvdvideosoftiehelpers

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Free Video Converter
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\Free Video Converter
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 de)

*************************

AdwCleaner[R0].txt - [1935 Bytes] - [12/03/2015 14:26:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1994 Bytes] ##########
AdwCleaner[S0]:
Zitat:
# AdwCleaner v4.112 - Bericht erstellt 12/03/2015 um 14:28:23
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Katharina - ANNA-HP
# Gestarted von : C:\Users\Katharina\Desktop\adwcleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Free Video Converter
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Katharina\AppData\Roaming\dvdvideosoftiehelpers

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Free Video Converter
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [2089 Bytes] - [12/03/2015 14:26:06]
AdwCleaner[S0].txt - [1890 Bytes] - [12/03/2015 14:28:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1949 Bytes] ##########
Malwarebytes:
Zitat:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 12.03.2015
Suchlauf-Zeit: 14:37:10
Logdatei: Malware.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2014.11.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Katharina

Suchlauf-Art: Benutzerdefinierter Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 565975
Verstrichene Zeit: 2 Std, 40 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 4
Trojan.FakeMS.ED, C:\Users\Katharina\Downloads\Microsoft.Office.Professional.Plus.2013.Volume.License.x86.x64.KMSmicro.v3.11.GERMAN-MCU\Activation Helper v1.5\Activation Helper v1.5 x86.exe, In Quarantäne, [48f7b18cc4b8c17536ff5cab7e83bf41],
Trojan.FakeMS.ED, c:\Users\Katharina\Downloads\Microsoft.Office.Professional.Plus.2013.Volume.License.x86.x64.KMSmicro.v3.11.GERMAN-MCU\Microsoft.Office.Professional.Plus.2013.Volume.License.x86.x64.KMSmicro.v3.11.GERMAN-MCU\Activation Helper v1.5\activation helper v1.5 x86.exe, In Quarantäne, [dc631f1ebdbfdb5b80b5ff08996836ca],
Trojan.FakeMS.ED, C:\Users\Katharina\Downloads\Microsoft.Office.Professional.Plus.2013.Volume.License.x86.x64.KMSmicro.v3.11.GERMAN-MCU\Microsoft.Office.Professional.Plus.2013.x64-VL\Activation Helper v1.5\Activation Helper v1.5 x86.exe, In Quarantäne, [2a15ed506d0f40f6ad88c83fe021a15f],
Trojan.FakeMS.ED, C:\Users\Katharina\Downloads\Microsoft.Office.Professional.Plus.2013.Volume.License.x86.x64.KMSmicro.v3.11.GERMAN-MCU\Microsoft.Office.Professional.Plus.2013.x86-VL\Activation Helper v1.5\Activation Helper v1.5 x86.exe, In Quarantäne, [4df2aa93b4c8d660072e38cfa75add23],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Alt 12.03.2015, 18:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden - Standard

Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 12.03.2015, 19:01   #3
Ana76
 
Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden - Standard

Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Katharina (administrator) on ANNA-HP on 12-03-2015 18:20:23
Running from C:\Users\Katharina\Desktop
Loaded Profiles: Katharina (Available profiles: Katharina & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1629381567-425340455-1814519892-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1629381567-425340455-1814519892-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1629381567-425340455-1814519892-1000\...\MountPoints2: {60568dde-933d-11e3-8a36-cf6968809183} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-23] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1629381567-425340455-1814519892-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1629381567-425340455-1814519892-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
SearchScopes: HKLM -> {5C63C388-9FF8-4D86-910E-D2CD33096F21} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {922CF2E9-BFA9-468D-AEB2-AE2A58749C3F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {BDD39DE5-FDC5-4EEC-998C-8C4767103E86} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {5C63C388-9FF8-4D86-910E-D2CD33096F21} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {922CF2E9-BFA9-468D-AEB2-AE2A58749C3F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BDD39DE5-FDC5-4EEC-998C-8C4767103E86} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1629381567-425340455-1814519892-1000 -> DefaultScope {5C63C388-9FF8-4D86-910E-D2CD33096F21} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1629381567-425340455-1814519892-1000 -> {5C63C388-9FF8-4D86-910E-D2CD33096F21} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1629381567-425340455-1814519892-1000 -> {922CF2E9-BFA9-468D-AEB2-AE2A58749C3F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1629381567-425340455-1814519892-1000 -> {BDD39DE5-FDC5-4EEC-998C-8C4767103E86} URL = 
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-1629381567-425340455-1814519892-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\i43tzlow.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\i43tzlow.default\Extensions\abs@avira.com [2015-02-06]
FF Extension: Adblock Plus - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\i43tzlow.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-10]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-12] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438104 2014-07-10] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-14] (Avira Operations GmbH & Co. KG)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-12] (Malwarebytes Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 18:20 - 2015-03-12 18:20 - 00014091 _____ () C:\Users\Katharina\Desktop\FRST.txt
2015-03-12 18:19 - 2015-03-12 18:20 - 00000000 ____D () C:\FRST
2015-03-12 18:18 - 2015-03-12 18:18 - 02095616 _____ (Farbar) C:\Users\Katharina\Desktop\FRST64.exe
2015-03-12 18:15 - 2015-03-12 14:28 - 00002037 _____ () C:\Users\Katharina\Desktop\AdwCleaner[S0].txt
2015-03-12 18:15 - 2015-03-12 14:27 - 00002089 _____ () C:\Users\Katharina\Desktop\AdwCleaner[R0].txt
2015-03-12 17:27 - 2015-03-12 17:27 - 00002346 _____ () C:\Users\Katharina\Desktop\Malware.txt
2015-03-12 16:39 - 2015-03-12 16:39 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieUserList
2015-03-12 16:39 - 2015-03-12 16:39 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieSiteList
2015-03-12 16:39 - 2015-03-12 16:39 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieBrowserModeList
2015-03-12 14:35 - 2015-03-12 17:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 14:35 - 2015-03-12 14:35 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-12 14:35 - 2015-03-12 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-12 14:35 - 2015-03-12 14:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-12 14:35 - 2015-03-12 14:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-12 14:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-12 14:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-12 14:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-12 14:26 - 2015-03-12 14:28 - 00000000 ____D () C:\AdwCleaner
2015-03-12 11:41 - 2015-03-12 11:41 - 00000162 ____H () C:\Users\Katharina\Documents\~$ankengeschichte.odt
2015-03-12 11:31 - 2015-03-12 13:57 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForKatharina.job
2015-03-12 11:31 - 2015-03-12 11:31 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKatharina
2015-03-12 10:35 - 2015-03-12 10:35 - 02171392 _____ () C:\Users\Katharina\Desktop\adwcleaner_4.112.exe
2015-03-12 10:34 - 2015-03-12 10:35 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Katharina\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-08 16:16 - 2015-03-08 16:21 - 00000000 ____D () C:\Users\Katharina\AppData\Local\elfopatch
2015-03-08 16:11 - 2015-03-08 16:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-01 23:27 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-01 23:27 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-17 18:14 - 2015-02-17 18:14 - 00000000 ____D () C:\Users\Katharina\Documents\Fax
2015-02-17 18:07 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 18:07 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 18:07 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 18:07 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-17 16:25 - 2015-02-17 16:51 - 00000000 ____D () C:\Users\Katharina\Documents\Schule
2015-02-13 20:38 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 20:38 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 20:38 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 20:38 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 20:25 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 20:25 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 20:25 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 20:25 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 20:25 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 20:25 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 20:25 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 20:25 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 20:25 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 20:25 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 20:25 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 20:25 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 20:25 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 20:25 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 20:25 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 20:25 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 20:25 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 20:25 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 20:25 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 20:25 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 20:25 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 20:25 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 20:24 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 20:24 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 20:24 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 20:24 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 20:24 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 20:24 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 20:24 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 20:24 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 20:24 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 20:24 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 20:24 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 20:24 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 20:24 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 20:24 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 20:24 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 20:24 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 20:24 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 20:24 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 20:24 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 20:24 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 20:24 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 20:24 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 20:24 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 20:24 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 20:24 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 20:24 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 20:24 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 20:24 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 20:24 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 20:24 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 20:24 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 20:24 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 20:24 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 20:24 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 20:24 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 20:24 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 20:24 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 20:24 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 20:24 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 20:24 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 20:24 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 20:24 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 20:24 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 20:24 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 20:24 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 20:24 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 20:24 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 20:24 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 20:24 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 20:24 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 20:24 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 20:24 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 20:22 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 20:22 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 20:21 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 20:21 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 20:21 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 20:21 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 20:21 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 20:21 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 20:21 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 20:21 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 20:21 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 20:21 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 20:21 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 20:21 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 20:21 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 20:21 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 20:21 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 20:21 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 20:21 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 20:21 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 20:21 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 20:21 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 20:21 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 20:21 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 20:21 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 20:21 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 20:21 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 20:21 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 20:21 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 20:21 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 20:21 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 20:20 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 20:20 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 20:20 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 20:20 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 20:20 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 20:20 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 20:20 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 20:20 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 20:20 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 20:19 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 18:14 - 2012-04-04 16:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 17:40 - 2010-12-15 09:39 - 01840090 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 17:39 - 2014-07-12 13:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-12 17:33 - 2011-09-09 17:42 - 00000000 ____D () C:\Users\Katharina\AppData\Roaming\DVDVideoSoft
2015-03-12 17:32 - 2009-07-14 05:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 17:32 - 2009-07-14 05:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 17:24 - 2015-01-18 14:59 - 00002804 _____ () C:\Windows\setupact.log
2015-03-12 17:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 17:22 - 2015-01-18 14:58 - 00004214 _____ () C:\Windows\PFRO.log
2015-03-12 17:21 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins
2015-03-12 14:01 - 2011-11-24 20:39 - 00000000 ____D () C:\Users\Katharina\AppData\Roaming\IrfanView
2015-03-12 14:01 - 2011-11-24 20:39 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-03-12 13:55 - 2010-07-17 10:23 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-03-12 13:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 11:58 - 2014-07-13 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-12 11:58 - 2014-01-20 18:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 11:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-12 11:49 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini
2015-03-12 11:16 - 2011-08-05 23:14 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-12 10:11 - 2013-08-14 21:38 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-12 10:11 - 2013-08-14 21:37 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-12 10:11 - 2013-08-14 21:37 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-08 16:53 - 2014-04-26 14:22 - 00050626 _____ () C:\Users\Katharina\Desktop\ESt2013_Tolubaev_Anna.elfo
2015-03-08 16:23 - 2013-04-21 17:21 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-03-08 16:20 - 2011-08-01 09:01 - 00000000 ____D () C:\Users\Katharina
2015-03-01 20:06 - 2014-03-13 15:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-01 19:18 - 2010-07-17 19:47 - 01794290 _____ () C:\Windows\system32\perfh007.dat
2015-03-01 19:18 - 2010-07-17 19:47 - 00500254 _____ () C:\Windows\system32\perfc007.dat
2015-03-01 19:18 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 03:17 - 2011-08-01 09:14 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-19 20:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 16:43 - 2011-09-03 12:26 - 00000000 ____D () C:\Users\Katharina\Documents\Rezepte von Lena
2015-02-17 16:42 - 2014-07-12 13:05 - 00000000 ____D () C:\Users\Katharina\Documents\Garmin
2015-02-17 16:41 - 2011-09-03 12:25 - 00000000 ___RD () C:\Users\Katharina\Documents\Rechnungen - Telekom
2015-02-15 19:24 - 2011-10-18 17:19 - 00000000 ____D () C:\Users\Katharina\AppData\Roaming\Skype
2015-02-13 16:04 - 2014-12-17 18:30 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 16:04 - 2014-07-12 22:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 15:11 - 2013-08-15 00:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 15:04 - 2011-08-21 16:29 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 20:06 - 2014-03-13 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-11 20:06 - 2013-08-14 21:36 - 00000000 ____D () C:\Program Files (x86)\Avira

==================== Files in the root of some directories =======

2012-04-18 14:19 - 2012-04-18 14:19 - 0000747 _____ () C:\Users\Katharina\AppData\Local\recently-used.xbel
2010-12-15 09:54 - 2010-12-15 09:54 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-17 12:16 - 2010-07-17 12:17 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-12-15 09:53 - 2010-12-15 09:53 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-17 12:12 - 2010-07-17 12:12 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-12-15 09:53 - 2010-12-15 09:53 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-12-15 09:54 - 2010-12-15 09:54 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-17 12:11 - 2010-07-17 12:11 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-17 12:13 - 2010-07-17 12:16 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-12-15 09:54 - 2010-12-15 09:54 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Katharina\AppData\Local\Temp\avgnt.exe
C:\Users\Katharina\AppData\Local\Temp\iv_uninstall.exe
C:\Users\Katharina\AppData\Local\Temp\Quarantine.exe
C:\Users\Katharina\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-12 12:59

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Katharina at 2015-03-12 18:21:20
Running from C:\Users\Katharina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ATI Catalyst Install Manager (HKLM\...\{1C3FF45C-BAC7-9852-2000-2F0ACD40D5BE}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.5.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
ccc-core-static (x32 Version: 2010.0909.1412.23625 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elevated Installer (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Garmin Express (HKLM-x32\...\{ac22014a-a254-43b9-9cc0-e87cf9c7e18a}) (Version: 3.2.13.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{69ABD67D-5C2E-4724-B519-695DEF3EC23B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{00A42832-B21A-4296-B5F4-D296D0BC4A3E}) (Version: 2.6.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{AF6EB833-D48A-49AC-9394-4C57489FDFF2}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{E342EC6B-5F25-47FE-B92C-DE616149B430}) (Version: 4.0.9.0 - Hewlett-Packard)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Startfenster (HKLM-x32\...\Startfenster) (Version:  - Startfenster)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-02-2015 20:19:24 Windows Update
13-02-2015 15:02:15 Windows Update
15-02-2015 18:44:16 Windows Update
19-02-2015 20:43:56 Windows Update
01-03-2015 19:22:46 Windows Update
01-03-2015 23:27:11 Windows Update
08-03-2015 16:17:49 Windows Update
08-03-2015 16:18:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-03-2015 10:30:02 Windows Update
12-03-2015 11:42:51 Removed Microsoft Office Professional Plus 2013
12-03-2015 11:44:43 PROPLUS
12-03-2015 13:53:08 Removed Acrobat.com
12-03-2015 13:54:39 Windows Live-Uploadtool wird entfernt
12-03-2015 13:55:01 Windows Live Sync wird entfernt
12-03-2015 13:55:39 Removed Windows Live ID Sign-in Assistant
12-03-2015 17:34:45 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-03-2015 17:38:26 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11F4CEB2-1C23-46C0-B5A9-81DDA8FFB752} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {1727824E-C518-4158-984B-8A7CE88F761A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-10] ()
Task: {17A943A8-438A-4B9C-B725-BA88FCF4C702} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {25B1F7F5-8C7B-4310-8214-23D6FB1FCB7D} - System32\Tasks\{3034C067-7B0C-460F-865D-62215EB48BB0} => pcalua.exe -a C:\Users\Katharina\Downloads\avira_antivir_personal_de.exe -d C:\Users\Katharina\Downloads
Task: {25DB376A-94D0-4ED7-846C-4B4FDE06F0D6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2A57268A-AC0D-4116-8A12-88952859B5A4} - System32\Tasks\HPCeeScheduleForKatharina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {33417B0F-9939-456E-AA06-63C4C8242D94} - System32\Tasks\{CD798BA6-A7A5-4845-B8DE-D322E4D2DAC3} => pcalua.exe -a C:\Users\Katharina\Downloads\sp50703.exe -d C:\Users\Katharina\Downloads
Task: {45F06005-D68A-4F39-AC9E-17FFD9302038} - System32\Tasks\{297AFF80-C619-4A91-A491-1CAAAB333A3C} => Firefox.exe 
Task: {4BAC19E2-4F40-4945-9EAF-F2B8FF9DBBCE} - System32\Tasks\{588AB8B7-1A4C-4367-932A-36AEF56732D5} => Firefox.exe 
Task: {55F888B6-80E7-47FC-8885-33E81A528534} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6BDEC92C-4FE2-41BB-8DD2-850D889D5DFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {756E9C05-77C5-4A8A-8CDE-A3F42F9FB127} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {763E1888-35D5-4407-A6A8-43B06D58DA27} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {78361F1E-EE32-454C-90CE-D09F1747ED5E} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {86760AFF-81CB-4545-819D-77E9355E29C4} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {9D519BEF-53D8-4476-BC77-51CEFD380425} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {AA779686-AA4C-472E-AC65-A436449DB9EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {AEBAE093-9030-49E4-9117-E2228B411179} - System32\Tasks\{2F2AFA7A-4277-4494-B58C-6BF7FE865590} => Firefox.exe hxxp://ui.skype.com/ui/0/4.2.0.166.321/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {AFB2F124-9EA5-4614-8105-C1CD127ABC04} - System32\Tasks\{3B35A907-08ED-4C30-A0C4-B620120C2C99} => Firefox.exe 
Task: {CC0373C9-C36E-4333-856E-D55161FEF1BF} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files (x86)\NCH Swift Sound\WavePad\WavePad.exe [2011-10-11] (NCH Software)
Task: {D574A085-9458-4B6B-AEB2-FD13EDEFD28B} - System32\Tasks\{98B167B4-0D8A-407A-9C7C-2DE756F4B634} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {DC22FC78-C308-4580-9F7E-E555DBBB771D} - System32\Tasks\{76C617E5-A017-47F3-B4E7-5C8646371ED2} => Firefox.exe 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKatharina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2010-06-18 15:26 - 2010-06-18 15:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2015-01-16 15:30 - 2015-01-16 15:30 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-12-15 09:42 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1629381567-425340455-1814519892-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Katharina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Umymizucew => C:\Users\Katharina\AppData\Roaming\Gisuil\qoah.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1629381567-425340455-1814519892-500 - Administrator - Disabled)
Gast (S-1-5-21-1629381567-425340455-1814519892-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1629381567-425340455-1814519892-1002 - Limited - Enabled)
Katharina (S-1-5-21-1629381567-425340455-1814519892-1000 - Administrator - Enabled) => C:\Users\Katharina

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 02:33:05 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2015 02:33:05 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2015 02:33:05 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2015 02:33:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/12/2015 02:33:00 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2015 02:33:00 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/12/2015 02:33:00 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2015 02:33:00 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2015 02:32:59 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (03/12/2015 02:32:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3028) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0001C.log.


System errors:
=============
Error: (03/12/2015 05:25:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/12/2015 05:25:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (03/12/2015 02:33:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/12/2015 02:33:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (03/12/2015 02:31:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/12/2015 02:31:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (03/12/2015 02:28:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/12/2015 02:28:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/12/2015 02:28:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (03/12/2015 02:28:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (03/12/2015 02:33:05 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2015 02:33:05 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2015 02:33:05 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2015 02:33:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (03/12/2015 02:33:00 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (03/12/2015 02:33:00 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/12/2015 02:33:00 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (03/12/2015 02:33:00 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (03/12/2015 02:32:59 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (03/12/2015 02:32:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3028Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0001C.log-1811


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 3893.86 MB
Available physical RAM: 2229.14 MB
Total Pagefile: 7785.91 MB
Available Pagefile: 5604.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.61 GB) (Free:344.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.85 GB) (Free:2.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 91CA769B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================
Hier nochmal GMER, habe ich vergessen einzufügen. Falls es noch benötigt wird
Vielen Dank!

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-12 18:57:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.02.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\KATHAR~1\AppData\Local\Temp\kwldrpow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075161401 2 bytes JMP 753ab21b C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075161419 2 bytes JMP 753ab346 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075161431 2 bytes JMP 75428ea9 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007516144a 2 bytes CALL 753848ad C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                          * 9
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000751614dd 2 bytes JMP 754287a2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000751614f5 2 bytes JMP 75428978 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007516150d 2 bytes JMP 75428698 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075161525 2 bytes JMP 75428a62 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007516153d 2 bytes JMP 7539fca8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000075161555 2 bytes JMP 753a68ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007516156d 2 bytes JMP 75428f61 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075161585 2 bytes JMP 75428ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007516159d 2 bytes JMP 7542865c C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000751615b5 2 bytes JMP 7539fd41 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000751615cd 2 bytes JMP 753ab2dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000751616b2 2 bytes JMP 75428e24 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000751616bd 2 bytes JMP 754285f1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17          0000000075161401 2 bytes JMP 753ab21b C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17            0000000075161419 2 bytes JMP 753ab346 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17          0000000075161431 2 bytes JMP 75428ea9 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42          000000007516144a 2 bytes CALL 753848ad C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                          * 9
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17             00000000751614dd 2 bytes JMP 754287a2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17      00000000751614f5 2 bytes JMP 75428978 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17             000000007516150d 2 bytes JMP 75428698 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17      0000000075161525 2 bytes JMP 75428a62 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17            000000007516153d 2 bytes JMP 7539fca8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                 0000000075161555 2 bytes JMP 753a68ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17          000000007516156d 2 bytes JMP 75428f61 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17            0000000075161585 2 bytes JMP 75428ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17               000000007516159d 2 bytes JMP 7542865c C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17            00000000751615b5 2 bytes JMP 7539fd41 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17          00000000751615cd 2 bytes JMP 753ab2dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20      00000000751616b2 2 bytes JMP 75428e24 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31      00000000751616bd 2 bytes JMP 754285f1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17          0000000075161401 2 bytes JMP 753ab21b C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17            0000000075161419 2 bytes JMP 753ab346 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17          0000000075161431 2 bytes JMP 75428ea9 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42          000000007516144a 2 bytes CALL 753848ad C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                          * 9
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17             00000000751614dd 2 bytes JMP 754287a2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17      00000000751614f5 2 bytes JMP 75428978 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17             000000007516150d 2 bytes JMP 75428698 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17      0000000075161525 2 bytes JMP 75428a62 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17            000000007516153d 2 bytes JMP 7539fca8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                 0000000075161555 2 bytes JMP 753a68ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17          000000007516156d 2 bytes JMP 75428f61 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17            0000000075161585 2 bytes JMP 75428ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17               000000007516159d 2 bytes JMP 7542865c C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17            00000000751615b5 2 bytes JMP 7539fd41 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17          00000000751615cd 2 bytes JMP 753ab2dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20      00000000751616b2 2 bytes JMP 75428e24 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31      00000000751616bd 2 bytes JMP 754285f1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17          0000000075161401 2 bytes JMP 753ab21b C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17            0000000075161419 2 bytes JMP 753ab346 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17          0000000075161431 2 bytes JMP 75428ea9 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42          000000007516144a 2 bytes CALL 753848ad C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                          * 9
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17             00000000751614dd 2 bytes JMP 754287a2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17      00000000751614f5 2 bytes JMP 75428978 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17             000000007516150d 2 bytes JMP 75428698 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17      0000000075161525 2 bytes JMP 75428a62 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17            000000007516153d 2 bytes JMP 7539fca8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                 0000000075161555 2 bytes JMP 753a68ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17          000000007516156d 2 bytes JMP 75428f61 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17            0000000075161585 2 bytes JMP 75428ac2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17               000000007516159d 2 bytes JMP 7542865c C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17            00000000751615b5 2 bytes JMP 7539fd41 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17          00000000751615cd 2 bytes JMP 753ab2dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20      00000000751616b2 2 bytes JMP 75428e24 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31      00000000751616bd 2 bytes JMP 754285f1 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:3720]                                                               000007fefb422bf8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d5d37b                                                  
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d5d37b (not active ControlSet)                              

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
__________________
Alt 13.03.2015, 10:04   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden - Standard

Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden


Hilf mir mal auf die Sprünge:

Du willst Office nutzen und nicht bezahlen, besorgst dir also nen Crack im Internet. Jeder weiß dass Cracks verseucht sind.

MBAM meckert jetzt genau diese Cracks an. Und jetzt willst Du Hilfe beim Bereinigen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden
browser, dateien, defender, desktop, explorer, externe festplatte, fehlercode 0x80070490, festplatte, firefox, firewall, gelöscht, internet, internet explorer, malwarebytes, microsoft, mozilla, ordner, schutz, software, trojan.fakems.ed, trojaner, windows


« Mein Laptop startet nicht mehr richtig | Windows 7: Verdacht auf Virus - fehlende .dll-Dateien, Programmaufrufe blockiert »


Ähnliche Themen: Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden


  1. PUP.OPTIONAL.DOWNLOADPROTECT.A durch Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.08.2015 (8)
  2. Trojaner durch Malwarebytes gefunden auf win7
    Log-Analyse und Auswertung - 15.03.2015 (9)
  3. Malwarebytes hat Trojan.FakeMS.ED gefunden
    Log-Analyse und Auswertung - 13.11.2014 (7)
  4. Trojan.FakeMS.ED, Trojan.FakeMS, trojware.win32.injector
    Log-Analyse und Auswertung - 03.09.2014 (19)
  5. Zbot durch Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.10.2013 (13)
  6. Avira durch Gruppenrichtlinien geblockt und Trojan.fakems
    Log-Analyse und Auswertung - 18.06.2013 (27)
  7. Trojan.FakeMs und mehr gefunden - was sollte ich tun?
    Log-Analyse und Auswertung - 19.05.2013 (1)
  8. Trojan.Ransom.ED, Trojan.Agent.ED und Trojan.FakeMS.PRGen auf laptop
    Log-Analyse und Auswertung - 13.04.2013 (9)
  9. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  10. Bublik b.; Trojan.Ransom.ED; Trojan.Agent.ED und Trojan.FakeMS.PRGen in Email?
    Mülltonne - 28.03.2013 (0)
  11. Malwarebytes hat Trojan.FakeMS, Exploit.Drop.GSA gefunden...:(
    Plagegeister aller Art und deren Bekämpfung - 06.01.2013 (18)
  12. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  13. Online-Banking-Probleme -> mittels Malwarebytes Trojan.FakeMS + Malware.Trace gefunden. Was jetzt?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (3)
  14. Trojan.Spatet durch Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (15)
  15. Trojan.FakeMS gefunden - Infizierung?
    Log-Analyse und Auswertung - 12.07.2012 (2)
  16. PUM.Bad.Proxy und Trojan.Spyeyes durch Malwarebytes gefunden und gelöscht,OTL und gmer durchgelaufen
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. pum.hijack.taskmanager und trojan.fakems auf XP rechner gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden - Hallo! Ich habe zunächst über Avira suchen lassen, da ist aber leider nicht viel bei rausgekommen. Habe dann Avira, Win Defender und die Firewall deaktiviert und mit AdwCleaner und Malwarebytes - Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden...
Archiv
Du betrachtest: Win 7; Trojan.FakeMS.ED durch Malwarebytes gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19