Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?

Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?


Plagegeister aller Art und deren Bekämpfung: Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.08.2014, 16:37   #1
Tommy L.
 
Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? - Standard

Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?


Liebes Helferteam,

ich bin derzeit etwas verunsichert. Und zwar hat mein F-Secure Internet Security 2014 gestern plötzlich eine Datei von meinem USV angemeckert. Angeblich soll dort ein Trojaner drin versteckt sein, den er sofort in die Quarantäne geschoben hat.

Fund: Trojan.GenerickD.1822763

Verzeichnis:C:Programme\x86\Eaton\UPS Companion\mc2.exe

Ich bereinigte ihn ohne Probleme. Doch, ich wollte Gewissheit und stellte ihn noch einmal her. Denn nur so konnte ich sehen, ob noch andere Virenscanner ihn auch erkennen. Nach einem Wiederherstellen des Virus probierte ich es also nochmal mit meinem Free Emisoft Emergency Kit 9.0, der ebenfalls diesen Trojaner erkannte. Anschließend konnte er glücklicherweise sofort und ohne Mühen wieder bereinigt werden vom F-Secure.

Allerdings erkannte Emisoft auch noch im Download-Ordner denselben Trojaner. Aber wieder beim USV. Bei virustotal.com erkannten 7 von 54 Scannern ebenfalls den Trojaner.

Fund von Emisoft:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 28.08.2014 14:04:40
C:\Users\***Downloads\euc_win_1_03_014.exe gefunden: Trojan.GenericKD.1822763 (B)

Gescannt 112617
Gefunden 1

Scan Ende: 28.08.2014 14:18:38
Scan Zeit: 0:13:58


F-Secure sagte mir aber, daß er den Virus leider nicht ganz bereinigen konnte. Den ersten konnte er aber mühelos in die Quarantäne schicken. Ich habe gelesen, daß angeblich, selbst wenn von F-Secure der Virus nicht entfernt werden konnte, er trotzdem unschädlich gemacht werden konnte, da es eventuell möglich sein könnte, daß es sich um eine wichtige Systemdatei handelt, die Auswirkungen hätte, wenn sie plötzlich ganz weg wäre. Nur woher soll ich das bitte wissen als Laie, ob er wirklich unschädlich gemacht ist? Aber trotzdem meckern ja die anderen 6 noch. Darum wende ich mich an Euch, um mir Gewissheit zu verschaffen.

Mein System ist Windows 7. Ich habe auch ein RAID-System. Mein PC ist vor kurzem noch neu aufgesetzt worden. Was mir also umso unerklärlicher ist, daß sich wieder was eingeschlichen haben soll. Ich habe ja immer noch eine große Hoffnung, daß es eventuell ein Fehlalarm ist. Doch verunsichert mich, daß auch 6 andere Scanner zu demselben Ergebnis kommen. Es wäre super, wenn Ihr mal schauen könnt, ob der Schädling jetzt wirklich nichts mehr anrichten kann. Ich habe aber noch nichts bisher von Euch installiert oder Logs erstellt, da ich erst warten möchte, wie die genauen Anweisungen sind.

Schonmal lieben Dank im Voraus für Eure Hilfe. Ich bin wirklich absoluter Laie, daher bitte ich um etwas Nachsicht, wenn ich nicht gleich immer alles verstehe. Ich werde mir aber Mühe geben. Ich hoffe auch, daß nichts Privates in dem Scan steht. Denke aber mal nicht, oder?

Verdammt jetzt hat F-Secure nochwas in den Downloads gefunden: Allerdings be virustotal.com schlägt nur einer an von 48. Ich habe die Datei aber erstmal in den Papierkorb geschoben, da sie noch von 2003 ist und ich diese auch nicht mehr benötige.

Suspicious:W32/Malware!Gemini (Vermutete Infektion)
• D:PC-Ordner\Files und Downloads\Downloads\wace25d.exe

Ich hoffe, daß Ihr mir helfen könnt!

Tommy
Geändert von Tommy L. (28.08.2014 um 16:48 Uhr)

Alt 28.08.2014, 17:50   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? - Standard

Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?


Hi,

Du fragst dich wie das passieren kann? Die Dinger in deinem Download Ordner werden angemeckert. Ergo hast Du was geladen und installiert. Kennst Du die Programme und hast sie bewusst installiert?


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 28.08.2014, 19:14   #3
Tommy L.
 
Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? - Standard

Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?


Hallo Schrauber,

das kann ich Dir leider nicht sagen. Ich kenne nur den Eaton, das ist mein USV und das, was in den Downloads angemeckert wurde, ist noch von 2003. Ich habe es damals sicher wissentlich installiert, aber wahrscheinlich vergessen, zu löschen. Was ich nicht begreife, denn ich surfe nur auf ganz ausgesuchten Seiten und downloade, wenn auch nur von den Herstellerseiten oder chip.de. Ich muß dazu sagen, vor einiger Zeig bin ich gehackt worden. Und da wurde der PC schon einmal neu aufgesetzt. Kann es vielleicht sein, daß doch noch Reste davon übriggeblieben sind und gar nicht alles weggegangen ist?

Hier ist zuerst einmal das Log vom FRST.text:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by *** (administrator) on **** on 28-08-2014 19:23:55
Running from C:\Users\***\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Dawicontrol GmbH) C:\Program Files (x86)\Dawicontrol GmbH\Dawicontrol RAID Monitor\RAIDservice.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-02-28] (F-Secure Corporation)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2014-03-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-12-11] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1890819657-3060126964-3928026559-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1890819657-3060126964-3928026559-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x38FC834E1D95CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: F-Secure Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: F-Secure Search -> {690EF1CF-5775-4CB3-A5B8-85A63FD0262B} -> C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch64.dll (F-Secure Corporation)
BHO-x32: F-Secure Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: F-Secure Search -> {690EF1CF-5775-4CB3-A5B8-85A63FD0262B} -> C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch.dll (F-Secure Corporation)
Toolbar: HKLM - F-Secure Search Toolbar - {B242FC32-2B60-48EA-A8E3-2E280EDBC48F} - C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch64.dll (F-Secure Corporation)
Toolbar: HKLM-x32 - F-Secure Search Toolbar - {B242FC32-2B60-48EA-A8E3-2E280EDBC48F} - C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch.dll (F-Secure Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\lb0uo6e5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lb0uo6e5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04]
FF HKLM-x32\...\Firefox\Extensions: [{3233651c-dac7-49ea-b18d-aa18e812ad9e}] - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\deploy\fs_firefox_https
FF Extension: Online Safety - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\deploy\fs_firefox_https [2014-07-02]
FF HKCU\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Users\****\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn
FF Extension: F-Secure Search - C:\Users\***AppData\Roaming\F-Secure\SafeSearch\FFPlugIn [2014-07-02]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_chrome_https\fs_chrome_https.crx [2014-05-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2014-03-26] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2014-03-26] (CyberLink)
R2 DcRaidMoSrv; C:\Program Files (x86)\Dawicontrol GmbH\Dawicontrol RAID Monitor\RAIDservice.exe [3601920 2014-04-27] (Dawicontrol GmbH) [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-02-28] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-10] (F-Secure Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-04-23] (Emsisoft GmbH)
R0 DC300e; C:\Windows\System32\drivers\DC300e.sys [41944 2014-06-18] (Dawicontrol GmbH)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-07-02] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-07-02] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-07-02] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [86056 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-09] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [638896 2012-03-09] (Intel Corporation)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44448 2014-07-02] (hxxp://libusb-win32.sourceforge.net)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51280 2010-11-02] (LSI Corporation)
S3 megasr1; C:\Windows\system32\drivers\megasr1.sys [806696 2012-02-08] (LSI Corporation, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-07-02] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-07-02] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-07-02] (Acronis International GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 19:20 - 2014-08-28 19:20 - 00022497 _____ () C:\Users\*****\Downloads\Addition.txt
2014-08-28 19:19 - 2014-08-28 19:23 - 00015947 _____ () C:\Users\****\Downloads\FRST.txt
2014-08-28 19:19 - 2014-08-28 19:23 - 00000000 ____D () C:\FRST
2014-08-28 19:15 - 2014-08-28 19:16 - 02103296 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-08-28 13:37 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 13:37 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 13:37 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 15:51 - 2014-08-14 15:52 - 00110466 _____ () C:\Users\****\Documents\ttest.xps
2014-08-14 15:44 - 2014-08-14 15:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\TeamViewer
2014-08-14 13:41 - 2014-08-14 13:48 - 18607792 _____ (Adobe Systems Incorporated) C:\Users\****\Downloads\install_flash_player_ax.exe
2014-08-14 13:33 - 2014-08-14 13:40 - 19182768 _____ (Adobe Systems Incorporated) C:\Users\****\Downloads\install_flash_player.exe
2014-08-13 14:40 - 2014-08-13 14:40 - 00000000 ____D () C:\Users\****\Documents\Eigene PaperPort-Dokumente
2014-08-13 14:40 - 2014-08-13 14:40 - 00000000 ____D () C:\Users\****\AppData\Roaming\Zeon
2014-08-13 14:19 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 14:19 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 14:19 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 14:19 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 14:19 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 14:19 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 14:19 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 14:19 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 14:18 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 14:18 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 14:18 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 14:18 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 14:18 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 14:18 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 14:18 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 14:18 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 14:18 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 14:18 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 14:18 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 14:18 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 14:18 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 14:18 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 14:18 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 14:18 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 14:18 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 14:18 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 14:18 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 14:18 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 14:18 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 14:18 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 14:18 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 14:18 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 14:18 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 14:18 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 14:18 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 14:18 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 14:18 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 14:18 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 14:18 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 14:18 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 14:18 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 14:18 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 14:18 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 14:18 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 14:18 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 14:18 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 14:18 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 14:18 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 14:18 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 14:18 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 14:18 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 14:17 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 14:17 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 14:17 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 14:17 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 14:17 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 14:17 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 14:17 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 14:17 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 14:17 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 14:17 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 14:17 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 14:17 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 14:17 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 13:44 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 13:44 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 13:44 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 13:44 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 13:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 13:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 13:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 13:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 13:43 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 13:43 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:43 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:43 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:43 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 13:43 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:43 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 13:43 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 13:43 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 13:43 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 13:43 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 13:43 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 13:43 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 13:43 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 13:43 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 13:43 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 13:43 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 13:42 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 13:42 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 13:42 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-07 10:26 - 2014-08-07 10:26 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Brother
2014-08-07 10:20 - 2014-08-07 10:20 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nuance
2014-08-07 10:16 - 2014-08-07 10:16 - 00000000 _____ () C:\Users\****\Sti_Trace.log
2014-08-07 10:12 - 2014-08-07 10:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ControlCenter4
2014-08-07 10:08 - 2014-08-07 10:08 - 00000000 _____ () C:\Users\*****\Sti_Trace.log
2014-08-07 10:04 - 2014-08-07 10:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\FLEXnet
2014-08-07 10:04 - 2014-08-07 10:04 - 00000000 ____D () C:\Users\****AppData\Roaming\ControlCenter4
2014-08-07 10:01 - 2014-08-07 10:01 - 00002154 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-08-07 10:01 - 2014-08-07 10:01 - 00002037 _____ () C:\Users\Public\Desktop\OmniJoin-Testversion.lnk
2014-08-07 10:00 - 2014-08-07 10:00 - 00000103 _____ () C:\Windows\brpcfx.ini
2014-08-07 10:00 - 2014-08-07 10:00 - 00000024 _____ () C:\Windows\Brpfx04a.ini
2014-08-07 10:00 - 2014-08-07 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-08-07 09:58 - 2014-08-28 16:46 - 00007891 _____ () C:\Windows\BRRBCOM.INI
2014-08-07 09:58 - 2014-08-07 09:58 - 00007819 _____ () C:\Windows\BROMJ470DW.INI
2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Brother
2014-08-07 09:29 - 2014-07-01 09:31 - 10485760 _____ () C:\Users\*****\Downloads\places.sqlite
2014-08-07 09:29 - 2014-07-01 09:31 - 00016384 _____ () C:\Users\****\Downloads\key3.db
2014-08-07 09:29 - 2014-04-11 13:43 - 00327680 _____ () C:\Users\****\Downloads\signons.sqlite
2014-08-07 09:28 - 2014-08-07 09:29 - 00000066 _____ () C:\Windows\Brfaxrx.ini
2014-08-07 09:28 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-08-07 09:28 - 2014-08-07 09:28 - 00000000 ____D () C:\ProgramData\PCFaxTx
2014-08-07 09:28 - 2013-01-10 13:56 - 00253952 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2014-08-07 09:28 - 2012-12-12 11:37 - 00318464 ____N (Brother Industries, Ltd.) C:\Windows\system32\BrFaxTxAppRun64.dll
2014-08-07 09:28 - 2012-10-22 14:41 - 00002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2014-08-07 09:28 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2014-08-07 09:28 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\InstallShield
2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\ProgramData\zeon
2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\Program Files\Nuance
2014-08-07 09:25 - 2014-08-13 14:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nuance
2014-08-07 09:25 - 2014-08-07 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2014-08-07 09:25 - 2014-08-07 09:25 - 00001868 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-08-07 09:25 - 2014-08-07 09:25 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-08-07 09:24 - 2014-08-07 10:08 - 00000000 ____D () C:\ProgramData\Nuance
2014-08-07 09:24 - 2014-08-07 09:26 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-08-07 09:24 - 2014-08-07 09:24 - 00000000 ____D () C:\Users\****\Documents\MeineWebSeiten
2014-08-07 09:24 - 2014-08-07 09:24 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-07 09:21 - 2014-08-07 09:58 - 00000000 ____D () C:\ProgramData\Brother
2014-08-02 13:59 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 13:59 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 13:59 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 13:59 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 13:58 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 13:58 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 13:58 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 13:58 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 13:58 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 13:58 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 13:58 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 13:58 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 13:58 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 13:58 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 19:23 - 2014-08-28 19:19 - 00015947 _____ () C:\Users\****\Downloads\FRST.txt
2014-08-28 19:23 - 2014-08-28 19:19 - 00000000 ____D () C:\FRST
2014-08-28 19:23 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-28 19:23 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 19:20 - 2014-08-28 19:20 - 00022497 _____ () C:\Users\****\Downloads\Addition.txt
2014-08-28 19:16 - 2014-08-28 19:15 - 02103296 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-08-28 19:12 - 2014-07-02 11:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-28 17:53 - 2014-07-01 22:29 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-08-28 17:53 - 2014-07-01 22:29 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-08-28 17:53 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-28 17:14 - 2014-07-01 12:37 - 01734667 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 17:13 - 2014-07-02 11:10 - 00000000 ____D () C:\EEK
2014-08-28 16:46 - 2014-08-07 09:58 - 00007891 _____ () C:\Windows\BRRBCOM.INI
2014-08-28 14:01 - 2010-11-21 05:47 - 00009132 _____ () C:\Windows\PFRO.log
2014-08-28 14:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 14:01 - 2009-07-14 06:51 - 00028772 _____ () C:\Windows\setupact.log
2014-08-28 13:42 - 2009-07-14 06:45 - 00376856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 01:57 - 2014-07-02 13:36 - 00000684 _____ () C:\Windows\Tasks\Scheduled scanning task.job
2014-08-28 01:45 - 2014-07-02 12:02 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-08-28 01:45 - 2014-07-02 11:49 - 00002566 _____ () C:\Windows\Sandboxie.ini
2014-08-28 00:00 - 2014-07-02 13:36 - 00003458 _____ () C:\Windows\System32\Tasks\Scheduled scanning task
2014-08-27 17:10 - 2014-07-19 17:05 - 00000000 ____D () C:\Users\****\AppData\Local\F-Secure
2014-08-27 02:00 - 2014-07-04 11:31 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-08-24 16:31 - 2014-07-17 22:49 - 00000000 ____D () C:\Users\****\Documents\CassetteMate Record Files
2014-08-23 04:07 - 2014-08-28 13:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 13:37 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 13:37 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 14:05 - 2014-07-09 15:33 - 00002119 _____ () C:\Users\Public\Desktop\Nero MediaHome.lnk
2014-08-21 14:05 - 2014-07-09 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-08-14 15:57 - 2014-07-01 13:03 - 00069896 _____ () C:\Users\****AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 15:52 - 2014-08-14 15:51 - 00110466 _____ () C:\Users\****\Documents\ttest.xps
2014-08-14 15:44 - 2014-08-14 15:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\TeamViewer
2014-08-14 15:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 13:49 - 2014-07-02 11:47 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 13:49 - 2014-07-02 11:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 13:49 - 2014-07-02 11:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-14 13:48 - 2014-08-14 13:41 - 18607792 _____ (Adobe Systems Incorporated) C:\Users\****\Downloads\install_flash_player_ax.exe
2014-08-14 13:40 - 2014-08-14 13:33 - 19182768 _____ (Adobe Systems Incorporated) C:\Users\****\Downloads\install_flash_player.exe
2014-08-13 14:40 - 2014-08-13 14:40 - 00000000 ____D () C:\Users\****\Documents\Eigene PaperPort-Dokumente
2014-08-13 14:40 - 2014-08-13 14:40 - 00000000 ____D () C:\Users\****\AppData\Roaming\Zeon
2014-08-13 14:40 - 2014-08-07 09:25 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nuance
2014-08-13 14:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 14:31 - 2014-07-02 09:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 14:25 - 2014-07-01 15:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 14:23 - 2014-07-01 15:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 14:19 - 2014-07-01 16:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 01:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-07 11:16 - 2014-07-09 15:29 - 00002813 _____ () C:\Users\Public\Desktop\Nero Video 2014.lnk
2014-08-07 10:30 - 2014-07-04 11:46 - 00069896 _____ () C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-07 10:26 - 2014-08-07 10:26 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Brother
2014-08-07 10:20 - 2014-08-07 10:20 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nuance
2014-08-07 10:16 - 2014-08-07 10:16 - 00000000 _____ () C:\Users\****\Sti_Trace.log
2014-08-07 10:16 - 2014-07-04 11:30 - 00000000 ____D () C:\Users\****
2014-08-07 10:12 - 2014-08-07 10:12 - 00000000 ____D () C:\Users\****\AppData\Roaming\ControlCenter4
2014-08-07 10:08 - 2014-08-07 10:08 - 00000000 _____ () C:\Users\****\Sti_Trace.log
2014-08-07 10:08 - 2014-08-07 09:24 - 00000000 ____D () C:\ProgramData\Nuance
2014-08-07 10:08 - 2014-07-01 12:50 - 00000000 ____D () C:\Users\*****
2014-08-07 10:04 - 2014-08-07 10:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\FLEXnet
2014-08-07 10:04 - 2014-08-07 10:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\ControlCenter4
2014-08-07 10:01 - 2014-08-07 10:01 - 00002154 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-08-07 10:01 - 2014-08-07 10:01 - 00002037 _____ () C:\Users\Public\Desktop\OmniJoin-Testversion.lnk
2014-08-07 10:00 - 2014-08-07 10:00 - 00000103 _____ () C:\Windows\brpcfx.ini
2014-08-07 10:00 - 2014-08-07 10:00 - 00000024 _____ () C:\Windows\Brpfx04a.ini
2014-08-07 10:00 - 2014-08-07 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-08-07 09:58 - 2014-08-07 09:58 - 00007819 _____ () C:\Windows\BROMJ470DW.INI
2014-08-07 09:58 - 2014-08-07 09:21 - 00000000 ____D () C:\ProgramData\Brother
2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Brother
2014-08-07 09:29 - 2014-08-07 09:28 - 00000066 _____ () C:\Windows\Brfaxrx.ini
2014-08-07 09:29 - 2014-08-07 09:28 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-08-07 09:28 - 2014-08-07 09:28 - 00000000 ____D () C:\ProgramData\PCFaxTx
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\****\AppData\Roaming\InstallShield
2014-08-07 09:27 - 2014-07-01 12:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\ProgramData\zeon
2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\Program Files\Nuance
2014-08-07 09:26 - 2014-08-07 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2014-08-07 09:26 - 2014-08-07 09:24 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-08-07 09:25 - 2014-08-07 09:25 - 00001868 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-08-07 09:25 - 2014-08-07 09:25 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-08-07 09:24 - 2014-08-07 09:24 - 00000000 ____D () C:\Users\*****\Documents\MeineWebSeiten
2014-08-07 09:24 - 2014-08-07 09:24 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-07 04:06 - 2014-08-13 13:44 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 13:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-01 01:41 - 2014-08-13 14:18 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 14:18 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\****\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\****\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe
C:\Users\****\AppData\Local\Temp\ose00000.exe
C:\Users\****\AppData\Local\Temp\readSTILog.dll
C:\Users\****\AppData\Local\Temp\vcredist_x64.exe
C:\Users\****\AppData\Local\Temp\_isA775.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 02:30

==================== End Of Log ============================
--- --- ---

--- --- ---


Hier noch der Additional txt: Der läßt sicher auch schon einige Rückschlüsse zu, da dort auch etwas steht von Application-Warnungen und Abbrüchen. Ich hoffe, daß ich soweit meine privaten Namen rausgenommen habe. Sollte mir etwas entgangen sein, sage mir bite Bescheid, daß ich das editieren kann.
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by **** at 2014-08-28 19:24:18
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Brother MFL-Pro Suite MFC-J470DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
CassetteMate (HKLM-x32\...\CassetteMate) (Version:  - )
Computer Security 14.106.101.0 (release) (x32 Version: 14.106.101.0 - F-Secure Corporation) Hidden
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.3919.58 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.3919.58 - CyberLink Corp.) Hidden
Dawicontrol RAID Monitor (HKLM-x32\...\{8DCEBC6F-892D-43CF-A764-5A89388D977A}) (Version: 3.4.0 - Dawicontrol GmbH)
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.15.0134 - Fujitsu Technology Solutions)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.06.303.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.06.303.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 1.1.25.2280 - F-Secure) Hidden
F-Secure CCF Scanning 1.43.102.193 (release) (x32 Version: 1.43.102.193 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.136 (x32 Version: 1.02.136 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.146.0 (release) (x32 Version: 1.03.146.0 - F-Secure Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{E6E1AE09-1B6D-4D80-A42F-2AE0EA448DE5}) (Version: 15.0.01000 - Nero AG)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.1.20081 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.24900 - Nero AG) Hidden
Nero Device Updates (x32 Version: 15.0.1002 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (x32 Version: 15.0.12032 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Express (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 15.0.12000 - Nero AG) Hidden
Nero MediaHome (x32 Version: 1.22.5700 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Recode (x32 Version: 15.0.27001 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15005 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13600.45.0 - Nero AG) Hidden
Nero Video (x32 Version: 15.0.27001 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Online Safety 2.107.2552.1523 (x32 Version: 2.107.2552.1523 - F-Secure Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0029 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Scansoft PDF Professional (x32 Version:  - ) Hidden
True Image 2013 (HKLM-x32\...\{4AA75223-6CBF-46F4-8EE4-7BF0591089F7}Visible) (Version: 16.0.6514 - Acronis)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WD WinDLG (HKLM-x32\...\{B7086234-C00D-4DD0-A7A2-2B2CAEAAC75B}) (Version: 1.0.0 - WDC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-08-2014 16:59:26 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3880A782-DE4A-4E6A-A93A-195EC186BB9C} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2013-12-11] (Fujitsu Technology Solutions)
Task: {584F4336-ABCB-49F5-ABCB-1D54F9E95CD4} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsav.exe [2014-02-28] (F-Secure Corporation)
Task: {5BC127A8-370C-4BFE-8B4F-AACBA4DF6096} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {6B0C5ECE-3F5C-4CB3-AD17-2E72C5802825} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {A22D8A0D-0E76-4B3E-8A21-527D9855F992} - System32\Tasks\AdobeAAMUpdater-1.0-FUJ385987-**** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\Program Files (x86)\F-Secure\apps\COMPUT~1\ANTI-V~1\fsav.exe

==================== Loaded Modules (whitelisted) =============

2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: WD My Book Device USB Device
Description: WD My Book Device USB Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2014 07:24:20 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 3  2014-08-28  19:24:20+02:00  FUJ385987  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4

Error: (08/28/2014 07:20:19 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 2  2014-08-28  19:20:19+02:00  FUJ385987  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4

Error: (08/28/2014 05:45:04 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2014-08-28  17:45:04+02:00  FUJ385987  FUJ385987\****  F-Secure Anti-Virus
 Manual scanning was finished - workstation was found infected!

Error: (08/28/2014 02:45:56 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2014-08-28  14:45:56+02:00  FUJ385987  FUJ385987\****  F-Secure Anti-Virus
 Crash detected.

Error: (08/28/2014 02:02:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 02:00:05 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2014-08-28  14:00:05+02:00  FUJ385987  FUJ385987\****  F-Secure Anti-Virus
 Manual scanning was finished - workstation was found infected!

Error: (08/28/2014 01:43:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 01:32:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 01:58:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 01:53:51 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2  2014-08-28  01:53:51+02:00  FUJ385987  FUJ385987\****  F-Secure Anti-Virus
 Manual scanning was finished - workstation was found infected!


System errors:
=============
Error: (08/28/2014 01:41:11 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.

Error: (08/27/2014 03:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Eaton UPS Companion" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%5

Error: (08/27/2014 03:40:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Eaton UPS Companion" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2014 02:24:48 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/23/2014 02:18:47 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/22/2014 02:38:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/21/2014 10:29:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/21/2014 10:29:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.

Error: (08/21/2014 02:29:15 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/14/2014 08:34:25 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (07/04/2014 06:57:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 72%
Total physical RAM: 3972.38 MB
Available physical RAM: 1072.91 MB
Total Pagefile: 7942.94 MB
Available Pagefile: 5262.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:585.84 GB) (Free:542.66 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1277.08 GB) (Free:1249.71 GB) NTFS
Drive e: (G Platte 5) (CDROM) (Total:4.03 GB) (Free:0 GB) UDF
Drive f: (My Book) (Fixed) (Total:931.5 GB) (Free:160.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 51D1DB7E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=585.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1277.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 1B3954B4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---
__________________
Alt 29.08.2014, 12:35   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? - Standard

Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?


Zitat:
und downloade, wenn auch nur von den Herstellerseiten oder chip.de
möööp, erster Fehler

Formatieren und Neuaufsetzen überlebt eigentlich fast nix. Logs sehen gut aus, ich würde die Funde jetzt mal nicht so ernst nehmen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.08.2014, 23:42   #5
Tommy L.
 
Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? - Standard

Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?


Ui, also ist chip.de doch keine so gute Adresse? Werde ich mir merken und laß das in Zukunft lieber von dort sein.

Na dann muß ja alles weggegangen sein beim Formatieren und Neuaufsetzen.

Vielen Dank, Schrauber, das beruhigt mich doch sehr.

Man ist immer beruhigter, wenn ein Profi über die Logs schaut.

Dann werde ich das machen, was Du gesagt hast und die Funde erstmal nicht weiter beachten. Bisher zeigt der PC auch keine bösen Auffälligkeiten. Sollte sich etwas verschlimmern, melde ich mich auf jeden Fall wieder.

Dann bedanke ich mich für die prompte und schnelle Hilfe und wünsche ein schönes Wochenende!



PS: Kann ich das Programm FRST über Systemsteuerung manuell wieder löschen? Oder wäre es ratsam, es zu behalten?

Geändert von Tommy L. (29.08.2014 um 23:49 Uhr)

Alt 30.08.2014, 07:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? - Standard

Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?


Einfach FRST und die Logs löschen, ebenso den Ordner C:\FRST
__________________
--> Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?

Antwort

Themen zu Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?
datei, ergebnis, erstellt, fehlalarm, festplatte, free, infektion, internet, neu, plötzlich, programme, quarantäne, rootkits, scan, scanner, schädling, security, speicher, super, trojaner, ups, virenscanner, virus, win, windows, zugriff


« Zlob Trojan-Downloader & Gen:Trojan.Heur.mu!@YoPlN | chrome://quick_start/content/index.html entfernen? »


Ähnliche Themen: Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?


  1. Avira meldet 'TR/Crypt.ZPACK.Gen [trojan]' - Fehlalarm oder echt?
    Plagegeister aller Art und deren Bekämpfung - 23.08.2015 (5)
  2. Windows 7: Trojan.GenericKD.2460578 (B) gefunden
    Log-Analyse und Auswertung - 05.06.2015 (10)
  3. Trojan.GenericKD.2269178 (B) + Trojan.Generic.13051484 (B) + Trojan.Generic.12905642 (B)
    Log-Analyse und Auswertung - 10.04.2015 (12)
  4. Win32: Malware-gen / Win32: Trojan-gen bei Routinescan mit AVAST gefunden! Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (5)
  5. TR/Crypt.Xpack.110471[trojan Antivirus Meldung, Was tuhen ? Fehlermeldung oder echt ?
    Antiviren-, Firewall- und andere Schutzprogramme - 26.12.2014 (20)
  6. Trojan.GenericKD.1991409
    Plagegeister aller Art und deren Bekämpfung - 11.12.2014 (3)
  7. Win 8.1: Virusfund Trojan.GenericKD.2011851 (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 07.12.2014 (4)
  8. Avira Scan, Trojaner TR/Crypt.ZPACK.50636 gefunden, Fehlalarm oder echter Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (17)
  9. Viren : Trojan.GenericKD.1843822 - Gen:Variant.Adware.BHO.Agent.4 - Trojan.Ciusky.Gen.13
    Plagegeister aller Art und deren Bekämpfung - 08.09.2014 (3)
  10. Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a.
    Log-Analyse und Auswertung - 11.07.2014 (19)
  11. Win 8: Virusfund Trojan.GenericKD 1687892 (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 03.06.2014 (3)
  12. W7: Phising-Page bei Onlinebanking in FF + Trojan.GenericKD.1659055 ?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (14)
  13. WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (3)
  14. Trojan.GenericKD.1582797 und 1574997 werden nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 23.03.2014 (33)
  15. Bitdefender meldet Trojan.GenericKD.1440205
    Log-Analyse und Auswertung - 16.01.2014 (12)
  16. Fehlalarm oder echt
    Plagegeister aller Art und deren Bekämpfung - 15.07.2009 (1)
  17. obfustat.DEH an filetopia.exe mit AVG gefunden - Seuche oder Fehlalarm???
    Plagegeister aller Art und deren Bekämpfung - 02.08.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? - Liebes Helferteam, ich bin derzeit etwas verunsichert. Und zwar hat mein F-Secure Internet Security 2014 gestern plötzlich eine Datei von meinem USV angemeckert. Angeblich soll dort ein Trojaner drin versteckt - Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?...
Archiv
Du betrachtest: Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129