Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen?

Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen?


Log-Analyse und Auswertung: Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 08.06.2015, 22:09   #1
klickklack
 
Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen? - Frage

Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen?


Hallo,

habe diesen Beitrag aus Versehen zunächst unter "Lob, Kritik und Wünsche" gepostet.
Sorry!

Jetzt nochmal am richtigen Platz!

Habe ein totaler geistiger Umnachtung und in Erwartung eines DHL Paketes eine angebliche DHL Mail geöffnet und ein pdf dort angeklickt/runtergelanden.

Hierbei war ein aktualisierter Virenscanner (F-secure) aktiv.
Es gab ein kurzes Pop-Up mit der Aussage, dass eine Datei mit Namen xyz.Trojan32.xyz (den genauen Filenamen kann ich leider nicht reproduzieren und er findet sich auch nicht mehr über Suchfunktion unter Windows) erkannt wurde. Leider hab ich die Email auch gelöscht...

Habe daraufhin unter F-secure gesucht, dort war aber keine solche Datei in Quarantäne oder sonstwie zu finden. Ein kompletter Systemscan incl. Suche nach Rootkits mit F-secure ergab keine Funde.

Symptome wie Verlangsamung des Systems, Abstürze, Fehlermeldungen etc. bemerke ich bisher überhaupt nicht.

Wie man unschwer erkennt, bin ich nicht gerade ein PC Guru und wäre euch für Hilfe extrem dankbar.
Mich interessiert natürlich besonders ob eine Infektion mit Viren/Trojanern vorliegt und was ggf. zu tun wäre.

Herzlichen Dank für eure Mühe!

Und hier sind die gewünschten Logfiles, allerdings habe ich das sehr lange (und daher gezippte) GMER logfile zunächst weggelassen.

defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:01 on 08/06/2015 *****

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by ***** (administrator) on *****-ARLT on 08-06-2015 20:34:48
Running from C:\Users\*****\Downloads
Loaded Profiles: ***** (Available Profiles: *****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe
() E:\Program Files (x86)\steuer2013\mshaktuell.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CHIP) C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [306032 2015-03-16] (F-Secure Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2510784 2015-05-23] ()
HKLM-x32\...\Run: [F-Secure Hoster (6661000)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2015-04-02] (F-Secure Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-942739605-3385505395-2671100095-1000\...\Run: [Amazon Music] => C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-04-21] ()
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-11-22]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> E:\Program Files (x86)\steuer2013\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-942739605-3385505395-2671100095-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-04-15] (F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-04-15] (F-Secure Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-23] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.198 80.69.100.206

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\lkeg0ufb.default
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: ixquick.de
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-23] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\lkeg0ufb.default\searchplugins\google-images.xml [2014-07-31]
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\lkeg0ufb.default\searchplugins\google-maps.xml [2014-07-31]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-05-23]
FF Extension: AVG Security Toolbar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\lkeg0ufb.default\Extensions\avg@toolbar [2015-03-08]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\lkeg0ufb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{c221abfe-5478-4975-96e9-196fdedf5863}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-10-09]
FF HKU\S-1-5-21-942739605-3385505395-2671100095-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\lkeg0ufb.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2015-04-02] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [215920 2015-03-16] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-10] (F-Secure Corporation)
R2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-23] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 adp3132; C:\Windows\system32\drivers\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.)
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-06-13] (Etron Technology Inc)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-05-01] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-04-14] (F-Secure Corporation)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55336 2015-05-26] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [90152 2015-04-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [26072 2012-10-18] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [652760 2012-10-18] (Intel Corporation)
S3 ISASerial; C:\Windows\system32\drivers\ISASerial.sys [72192 2008-02-20] (Windows (R) Codename Longhorn DDK provider)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-02-14] ()
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] ()
S3 MtsHID; C:\Windows\system32\drivers\MtsHID.sys [27664 2009-07-15] (TechniSat Provide)
S3 nvamacpi; C:\Windows\system32\drivers\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation)
S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
S3 ocz10xx; C:\Windows\system32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group, Inc.)
S1 oxpar; C:\Windows\system32\drivers\oxpar.sys [158208 2007-01-24] (OEM)
S3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [98304 2008-07-31] (OEM)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [72192 2008-05-22] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [95744 2008-05-22] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [126464 2008-05-22] ()
S3 PPorts; C:\Windows\system32\drivers\PPorts.sys [95744 2008-02-20] ()
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation)
S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2010-04-13] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2010-04-13] (Silicon Image, Inc.)
S3 SPorts; C:\Windows\system32\drivers\SPorts.sys [124416 2008-02-20] ()
S3 StnPport; C:\Windows\system32\drivers\StnPport.sys [97280 2009-12-17] ()
S3 StnSport; C:\Windows\system32\drivers\StnSport.sys [126464 2009-11-14] ()
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [210944 2012-05-30] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [261120 2012-05-30] (VIA Technologies, Inc.)
S3 NmPar; \SystemRoot\system32\drivers\NmPar.sys [X]
S3 nmserial; \SystemRoot\system32\drivers\nmserial.sys [X]
S3 Oxmfuf; \SystemRoot\system32\drivers\oxmfuf.sys [X]
S3 oxser; \SystemRoot\system32\drivers\oxser.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 20:34 - 2015-06-08 20:35 - 00015107 _____ C:\Users\*****\Downloads\FRST.txt
2015-06-08 20:33 - 2015-06-08 20:34 - 00000000 ____D C:\FRST
2015-06-08 20:32 - 2015-06-08 20:32 - 02108928 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2015-06-07 17:47 - 2015-06-07 17:47 - 00000000 ____D C:\Users\*****\AppData\Local\F-Secure
2015-06-06 09:51 - 2015-06-06 09:51 - 00000000 ____D C:\Users\*****\AppData\Roaming\Apple Computer
2015-06-04 16:36 - 2015-06-04 16:36 - 00000000 ____D C:\Users\*****\AppData\Local\Apple Computer
2015-06-04 16:23 - 2015-06-04 16:23 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-06-04 16:23 - 2015-06-04 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-06-04 16:23 - 2015-06-04 16:23 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-04 16:23 - 2015-06-04 16:23 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-04 16:21 - 2015-06-04 16:21 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-06-04 16:21 - 2015-06-04 16:21 - 00000000 ____D C:\Users\*****\AppData\Local\Apple
2015-06-04 16:21 - 2015-06-04 16:21 - 00000000 ____D C:\ProgramData\Apple
2015-06-04 16:21 - 2015-06-04 16:21 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-04 16:20 - 2015-06-04 16:20 - 42096984 _____ (Apple Inc.) C:\Users\*****\Downloads\QuickTimeInstaller.exe
2015-05-23 01:14 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-23 01:14 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-22 21:08 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-22 21:08 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-22 21:08 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-22 21:08 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-22 21:08 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-22 21:08 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-22 21:08 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-22 21:08 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-22 21:08 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-22 21:08 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-22 21:08 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-22 21:08 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-22 21:08 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-22 21:08 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-22 21:08 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-22 21:08 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-22 21:08 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-22 21:08 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-22 21:08 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-22 21:08 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-22 21:08 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-22 21:08 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-22 21:08 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-22 21:08 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-22 21:08 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-22 21:08 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-22 21:08 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-22 21:08 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-22 21:08 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-22 21:08 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-22 21:08 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-22 21:08 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-22 21:08 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-22 21:08 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-22 21:08 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-22 21:08 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-22 21:08 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-22 21:08 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-22 21:08 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-22 21:08 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-22 21:08 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-22 21:08 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-22 21:08 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-22 21:08 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-22 21:08 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-22 21:08 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-22 21:08 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-22 21:08 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-22 21:08 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-22 21:08 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-22 21:08 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-22 21:08 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-22 21:08 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-22 21:08 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-22 21:08 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-22 21:08 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-22 21:08 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-22 21:08 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-22 21:08 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-22 21:08 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-22 21:08 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-22 21:08 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-22 21:08 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-22 21:08 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-22 21:08 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-22 21:08 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-22 21:08 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-22 21:08 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-22 21:08 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-22 21:08 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-22 21:08 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-22 21:08 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-22 21:08 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-22 21:08 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-22 21:08 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-22 21:08 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-22 21:08 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-22 21:08 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-22 21:08 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-22 21:08 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-22 21:08 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-22 21:08 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-22 21:08 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-22 21:08 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-22 21:08 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-22 21:08 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-22 21:08 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-22 21:08 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-22 21:08 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-22 21:08 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-22 21:08 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-22 21:08 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-22 21:08 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-22 21:07 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-22 21:07 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-22 21:07 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-22 21:07 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-22 21:07 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-22 21:07 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-22 21:07 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-22 21:07 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-22 21:07 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-22 21:07 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 20:29 - 2014-07-23 19:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 20:11 - 2014-07-22 14:04 - 01571291 _____ C:\Windows\WindowsUpdate.log
2015-06-08 20:11 - 2010-11-21 08:50 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-06-08 20:11 - 2010-11-21 08:50 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-06-08 20:11 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-08 20:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 20:07 - 2009-07-14 06:51 - 00066069 _____ C:\Windows\setupact.log
2015-06-07 23:10 - 2009-07-14 06:45 - 00024288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 23:10 - 2009-07-14 06:45 - 00024288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 20:46 - 2014-10-07 21:35 - 00000000 ____D C:\Users\*****\Desktop\Bearbeitete Facharztfragen
2015-06-04 13:04 - 2014-07-22 23:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 13:04 - 2010-11-21 05:47 - 00657104 _____ C:\Windows\PFRO.log
2015-06-03 20:51 - 2014-07-22 23:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-30 17:03 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-05-26 18:40 - 2014-07-22 23:34 - 00055336 _____ C:\Windows\system32\Drivers\fsbts.sys
2015-05-24 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-23 22:30 - 2015-03-08 17:24 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2015-05-23 10:45 - 2014-08-16 17:59 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2015-05-23 10:45 - 2014-07-23 19:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-23 10:45 - 2014-07-23 19:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-23 10:45 - 2014-07-23 19:03 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-23 10:28 - 2009-07-14 06:45 - 00343264 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-23 10:27 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-23 01:19 - 2014-07-22 22:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-23 01:19 - 2014-07-22 22:12 - 00000000 ____D C:\Office14
2015-05-23 01:18 - 2014-07-22 14:46 - 00000000 ____D C:\Windows\system32\MRT
2015-05-23 01:16 - 2014-07-22 14:46 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-23 01:14 - 2014-07-31 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-23 01:13 - 2014-07-31 19:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-23 01:13 - 2014-07-31 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-22 21:09 - 2014-07-27 19:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2014-07-22 14:26 - 2014-07-22 14:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\*****\AppData\Local\Temp\cleanup_tool.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\oi_{C5EA8D99-09D0-40CB-B409-21858F59ED65}.exe
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-04 19:47

==================== End of log ============================
--- --- ---



Additional

[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by ***** at 2015-06-08 20:35:25
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-942739605-3385505395-2671100095-500 - Administrator - Disabled)
Gast (S-1-5-21-942739605-3385505395-2671100095-501 - Limited - Disabled)
***** (S-1-5-21-942739605-3385505395-2671100095-1000 - Administrator - Enabled) => C:\Users\*****

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Antivirus (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AS: Antivirus (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-942739605-3385505395-2671100095-1000\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.5.0.909 - AVG Technologies)
Bing Bar (HKLM-x32\...\{0E825A19-67CF-450F-818B-FBD5AF0F29AA}) (Version: 7.1.362.0 - Microsoft Corporation)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.26 - Abelssoft)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.0.1 - Cliqz.com)
Computer Security 14.132.102.0 (release) (x32 Version: 14.132.102.0 - F-Secure Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 6661000) (Version: 2.33.220.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.33.220.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.61.106.453 (release) (x32 Version: 1.61.106.453 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.127 (x32 Version: 1.03.127 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.04.101.0 (release) (x32 Version: 1.04.101.0 - F-Secure Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-942739605-3385505395-2671100095-1000\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Online Safety 2.133.4000.2313 (x32 Version: 2.133.4000.2313 - F-Secure Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7245 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-942739605-3385505395-2671100095-1000\...\{80D1E9BC-7E8A-45A9-AAE3-283A1B6EDA2E}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-942739605-3385505395-2671100095-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-942739605-3385505395-2671100095-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-942739605-3385505395-2671100095-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-942739605-3385505395-2671100095-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-942739605-3385505395-2671100095-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

11-06-2014 10:51:10 Windows Update
18-06-2014 19:06:24 Geplanter Prüfpunkt
26-06-2014 22:03:16 Geplanter Prüfpunkt
06-07-2014 11:31:13 Geplanter Prüfpunkt
10-07-2014 22:59:38 Windows Update
15-07-2014 00:34:35 Windows Update
16-07-2014 20:55:47 Wiederherstellungsvorgang
16-07-2014 21:04:11 Windows Update
16-07-2014 23:13:11 Windows Update
23-05-2015 01:12:57 Windows Update
30-05-2015 20:08:34 Geplanter Prüfpunkt
04-06-2015 16:21:30 Installed QuickTime 7

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {097882BD-F771-4610-82D3-08845736D15A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5356219D-A61E-4062-8758-38451FA7C709} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-07-21] (CHIP)
Task: {A2C64545-B0D8-48E0-ABAE-A9ABBC8BF3BF} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {CFA2E71E-EAEF-4E9E-BF76-C5E4DF8C5848} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-23] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-23 22:30 - 2015-05-23 22:30 - 00166848 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
2014-07-31 19:13 - 2015-04-21 01:37 - 05886784 _____ () C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-11-22 18:57 - 2014-09-18 14:50 - 01428760 _____ () E:\Program Files (x86)\steuer2013\mshaktuell.exe
2015-03-08 17:24 - 2015-05-23 22:30 - 02510784 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2012-05-04 15:40 - 2012-05-04 15:40 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-05-04 15:47 - 2012-05-04 15:47 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-30 19:59 - 2014-07-21 20:03 - 00054024 _____ () C:\Program Files (x86)\CHIP Updater\AbSettings.dll
2014-07-30 19:59 - 2014-07-21 20:03 - 01399048 _____ () C:\Program Files (x86)\CHIP Updater\AbGui.dll
2014-07-30 19:59 - 2014-07-21 20:03 - 00020232 _____ () C:\Program Files (x86)\CHIP Updater\AbStartManager.dll
2014-07-30 19:59 - 2014-07-21 20:03 - 00041224 _____ () C:\Program Files (x86)\CHIP Updater\AbApi.dll
2014-07-22 23:34 - 2015-03-16 17:20 - 00045424 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2015-04-02 10:26 - 2015-04-02 10:26 - 00248872 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2015-05-23 22:30 - 2015-05-23 22:30 - 00526784 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\log4cplusU.dll
2014-07-22 23:37 - 2014-07-22 23:37 - 00030888 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2014-07-22 23:34 - 2015-04-14 19:50 - 00175144 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Gemini\fsgem.dll
2014-07-22 23:34 - 2015-05-01 00:01 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll
2014-07-22 23:34 - 2015-04-14 19:50 - 00949288 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2014-11-22 18:53 - 2014-09-18 14:50 - 09726232 _____ () E:\Program Files (x86)\steuer2013\wgui14.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 00035608 _____ () E:\Program Files (x86)\steuer2013\rsdcom48.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 00309016 _____ () E:\Program Files (x86)\steuer2013\rscorewinapi48.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 00322840 _____ () E:\Program Files (x86)\steuer2013\rsguiwinapi48.dll
2014-11-22 18:53 - 2014-09-18 14:51 - 03902232 _____ () E:\Program Files (x86)\steuer2013\wcore14.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 00136472 _____ () E:\Program Files (x86)\steuer2013\rsodbc48.dll
2014-11-22 18:53 - 2014-09-18 14:50 - 02752280 _____ () E:\Program Files (x86)\steuer2013\wfvie14.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 02125592 _____ () E:\Program Files (x86)\steuer2013\wsteu14.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 01933080 _____ () E:\Program Files (x86)\steuer2013\wreli14.dll
2014-11-22 18:53 - 2014-09-18 14:50 - 04325656 _____ () E:\Program Files (x86)\steuer2013\wauff14.dll
2014-11-22 18:54 - 2014-02-11 12:53 - 01043456 _____ () E:\Program Files (x86)\steuer2013\clucene-core.dll
2014-11-22 18:54 - 2014-02-11 12:53 - 00094720 _____ () E:\Program Files (x86)\steuer2013\clucene-shared.dll
2014-11-22 18:54 - 2014-02-11 12:53 - 00250368 _____ () E:\Program Files (x86)\steuer2013\clucene-contribs-lib.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 01572632 _____ () E:\Program Files (x86)\steuer2013\wmain14.dll
2014-11-22 18:53 - 2014-09-18 14:50 - 05302040 _____ () E:\Program Files (x86)\steuer2013\wbae114.dll
2014-11-22 18:53 - 2014-09-18 14:50 - 01740568 _____ () E:\Program Files (x86)\steuer2013\wbae214.dll
2014-11-22 18:53 - 2014-09-18 14:50 - 01812248 _____ () E:\Program Files (x86)\steuer2013\wbae314.dll
2014-11-22 18:53 - 2014-09-18 14:50 - 01633560 _____ () E:\Program Files (x86)\steuer2013\wbae414.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 01117976 _____ () E:\Program Files (x86)\steuer2013\whau114.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 01340696 _____ () E:\Program Files (x86)\steuer2013\whau214.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 01312536 _____ () E:\Program Files (x86)\steuer2013\wwerb14.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 07357208 _____ () E:\Program Files (x86)\steuer2013\wkont14.dll
2014-11-22 18:54 - 2014-09-18 14:50 - 01287448 _____ () E:\Program Files (x86)\steuer2013\wimp14.dll
2014-11-22 18:53 - 2014-09-18 14:50 - 01331480 _____ () E:\Program Files (x86)\steuer2013\wfabu14.dll
2014-07-22 23:34 - 2015-03-16 17:20 - 00056176 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng
2015-05-01 00:00 - 2015-05-01 00:00 - 00592936 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.83_none_b5a04c2d11fb5517\QtMultimediaKit1.dll
2014-07-22 14:21 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-942739605-3385505395-2671100095-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 80.69.100.198 - 80.69.100.206

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8CA23AE8-7B60-49C0-8DFA-CF6D83DA9E21}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D073BDE5-F3C9-4889-95CD-957D18315116}] => (Allow) LPort=2869
FirewallRules: [{C4228207-3E15-4CCE-8EF1-0E959379FE97}] => (Allow) LPort=1900
FirewallRules: [{2055187B-EFA9-46EF-AA4B-5E5EC588CF5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14CBDA14-F206-4DB2-95AD-B2C5CEC4FFDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{747EA726-8A32-4AA9-ABA3-25E32ADAC01B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2015 08:09:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2015 05:21:27 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2015-06-07  17:21:27+02:00  *****-ARLT  *****-ARLT\*****  F-Secure Anti-Virus
 Web Traffic Scanning Alert
 Infection: hxxp://carlamascioli.altervista.org/CQdFywGbV/DHL_Report_7858695909.zip
 Object name: Trojan:W32/Emotet.B
 Action: Malicious content was blocked.

Error: (06/07/2015 10:36:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2015 09:52:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2015 01:05:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 08:52:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 06:55:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2015 07:03:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 00:10:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 03:28:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/08/2015 08:25:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/07/2015 06:20:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/01/2015 11:02:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (05/26/2015 01:25:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (05/23/2015 10:29:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%16405

Error: (05/23/2015 01:12:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (05/12/2015 00:09:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (05/06/2015 00:03:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (04/27/2015 11:26:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (04/20/2015 11:37:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}


Microsoft Office:
=========================
Error: (06/08/2015 08:09:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2015 05:21:27 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2015-06-07  17:21:27+02:00  *****-ARLT  *****-ARLT\*****  F-Secure Anti-Virus
 Web Traffic Scanning Alert
 Infection: hxxp://carlamascioli.altervista.org/CQdFywGbV/DHL_Report_7858695909.zip
 Object name: Trojan:W32/Emotet.B
 Action: Malicious content was blocked.

Error: (06/07/2015 10:36:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2015 09:52:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2015 01:05:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 08:52:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 06:55:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2015 07:03:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 00:10:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 03:28:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-07-22 14:16:38.755
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-22 14:16:38.739
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-22 14:15:38.770
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-22 14:15:38.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-22 14:15:37.543
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-22 14:15:37.527
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-22 14:15:36.359
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-22 14:15:36.312
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-22 14:15:34.747
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-22 14:15:34.732
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 46%
Total physical RAM: 3838.16 MB
Available physical RAM: 2067.54 MB
Total Pagefile: 4036.35 MB
Available Pagefile: 1760.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:46.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:232.88 GB) (Free:95.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:232.88 GB) (Free:232.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 9C56B6B1)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C8C4F0AA)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---
Geändert von klickklack (08.06.2015 um 22:28 Uhr)

 

Themen zu Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen?
adware, antivirus, avg, avg security toolbar, browser, converter, defender, desktop, email, firefox, firefox 38.0.5, flash player, frage, home, homepage, mozilla, object, onedrive, realtek, registry, rundll, scan, secure search, software, spam, svchost.exe, trojaner/virus, vtoolbarupdater, warnung, windows, wiso


« Windwos 7 : Webseiten nur noch mit werbung | Windows XP: Nach fehlgeschlagener Programminstallation fehlen 2 GB Speicherplatz und Avira meldet „Verstecktes Objekt“ C:\windows\system32\ »


Ähnliche Themen: Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen?


  1. Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen?
    Lob, Kritik und Wünsche - 08.06.2015 (0)
  2. DHL Virus/Trojaner aus Email angeklickt
    Log-Analyse und Auswertung - 07.05.2015 (9)
  3. Windows 8.1, email von dhl mit Sendungsnummer angeklickt, hat sich jetzt ein Trojaner auf meinem PC versteckt?
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (31)
  4. Windows 7: UPS Paketankündigungsmail bekommen und (leider) Link angeklickt
    Log-Analyse und Auswertung - 09.03.2015 (12)
  5. Windows 7 Smoother Web Virus eingefangen!
    Log-Analyse und Auswertung - 11.02.2015 (23)
  6. Zip Anhang von eBay Mahnung angeklickt - Virus?
    Plagegeister aller Art und deren Bekämpfung - 27.06.2014 (1)
  7. Windows 7: angeklickt flash player nicht aktuell
    Log-Analyse und Auswertung - 15.06.2014 (19)
  8. WINDOWS 7: Phishing-Mail von Bank angeklickt
    Log-Analyse und Auswertung - 12.06.2014 (9)
  9. Windows 7: Telekom.de - PhishingMail Link angeklickt
    Log-Analyse und Auswertung - 04.06.2014 (15)
  10. Windows 7: Amazon Phishing-Mail Link angeklickt
    Log-Analyse und Auswertung - 16.02.2014 (11)
  11. Link in Phishing-Mail angeklickt: Malware eingefangen?
    Log-Analyse und Auswertung - 21.05.2013 (5)
  12. Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?
    Plagegeister aller Art und deren Bekämpfung - 10.05.2013 (20)
  13. BKA Trojaner Virus mit Windows lock eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (21)
  14. BKA Virus eingefangen + Windows block
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (10)
  15. Hilfe Virus eingefangen: Windows blockiert!
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (41)
  16. 50€ Virus eingefangen Windows 7
    Log-Analyse und Auswertung - 14.02.2012 (11)
  17. Virus öffnet andere Internetseiten als angeklickt
    Log-Analyse und Auswertung - 26.01.2010 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen? - Hallo, habe diesen Beitrag aus Versehen zunächst unter "Lob, Kritik und Wünsche" gepostet. Sorry! Jetzt nochmal am richtigen Platz! Habe ein totaler geistiger Umnachtung und in Erwartung eines DHL Paketes - Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen?...
Archiv
Du betrachtest: Windows 7: Pdf in DHL Zustellankündigung angeklickt - Trojaner/Virus eingefangen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27