|
Plagegeister aller Art und deren Bekämpfung: Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.08.2014, 16:37 | #1 |
| Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? Liebes Helferteam, ich bin derzeit etwas verunsichert. Und zwar hat mein F-Secure Internet Security 2014 gestern plötzlich eine Datei von meinem USV angemeckert. Angeblich soll dort ein Trojaner drin versteckt sein, den er sofort in die Quarantäne geschoben hat. Fund: Trojan.GenerickD.1822763 Verzeichnis:C:Programme\x86\Eaton\UPS Companion\mc2.exe Ich bereinigte ihn ohne Probleme. Doch, ich wollte Gewissheit und stellte ihn noch einmal her. Denn nur so konnte ich sehen, ob noch andere Virenscanner ihn auch erkennen. Nach einem Wiederherstellen des Virus probierte ich es also nochmal mit meinem Free Emisoft Emergency Kit 9.0, der ebenfalls diesen Trojaner erkannte. Anschließend konnte er glücklicherweise sofort und ohne Mühen wieder bereinigt werden vom F-Secure. Allerdings erkannte Emisoft auch noch im Download-Ordner denselben Trojaner. Aber wieder beim USV. Bei virustotal.com erkannten 7 von 54 Scannern ebenfalls den Trojaner. Fund von Emisoft: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ PUPs-Erkennung: An Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 28.08.2014 14:04:40 C:\Users\***Downloads\euc_win_1_03_014.exe gefunden: Trojan.GenericKD.1822763 (B) Gescannt 112617 Gefunden 1 Scan Ende: 28.08.2014 14:18:38 Scan Zeit: 0:13:58 F-Secure sagte mir aber, daß er den Virus leider nicht ganz bereinigen konnte. Den ersten konnte er aber mühelos in die Quarantäne schicken. Ich habe gelesen, daß angeblich, selbst wenn von F-Secure der Virus nicht entfernt werden konnte, er trotzdem unschädlich gemacht werden konnte, da es eventuell möglich sein könnte, daß es sich um eine wichtige Systemdatei handelt, die Auswirkungen hätte, wenn sie plötzlich ganz weg wäre. Nur woher soll ich das bitte wissen als Laie, ob er wirklich unschädlich gemacht ist? Aber trotzdem meckern ja die anderen 6 noch. Darum wende ich mich an Euch, um mir Gewissheit zu verschaffen. Mein System ist Windows 7. Ich habe auch ein RAID-System. Mein PC ist vor kurzem noch neu aufgesetzt worden. Was mir also umso unerklärlicher ist, daß sich wieder was eingeschlichen haben soll. Ich habe ja immer noch eine große Hoffnung, daß es eventuell ein Fehlalarm ist. Doch verunsichert mich, daß auch 6 andere Scanner zu demselben Ergebnis kommen. Es wäre super, wenn Ihr mal schauen könnt, ob der Schädling jetzt wirklich nichts mehr anrichten kann. Ich habe aber noch nichts bisher von Euch installiert oder Logs erstellt, da ich erst warten möchte, wie die genauen Anweisungen sind. Schonmal lieben Dank im Voraus für Eure Hilfe. Ich bin wirklich absoluter Laie, daher bitte ich um etwas Nachsicht, wenn ich nicht gleich immer alles verstehe. Ich werde mir aber Mühe geben. Ich hoffe auch, daß nichts Privates in dem Scan steht. Denke aber mal nicht, oder? Verdammt jetzt hat F-Secure nochwas in den Downloads gefunden: Allerdings be virustotal.com schlägt nur einer an von 48. Ich habe die Datei aber erstmal in den Papierkorb geschoben, da sie noch von 2003 ist und ich diese auch nicht mehr benötige. Suspicious:W32/Malware!Gemini (Vermutete Infektion) • D:PC-Ordner\Files und Downloads\Downloads\wace25d.exe Ich hoffe, daß Ihr mir helfen könnt! Tommy Geändert von Tommy L. (28.08.2014 um 16:48 Uhr) |
28.08.2014, 17:50 | #2 |
/// the machine /// TB-Ausbilder | Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? Hi,
__________________Du fragst dich wie das passieren kann? Die Dinger in deinem Download Ordner werden angemeckert. Ergo hast Du was geladen und installiert. Kennst Du die Programme und hast sie bewusst installiert? Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
28.08.2014, 19:14 | #3 |
| Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? Hallo Schrauber,
__________________das kann ich Dir leider nicht sagen. Ich kenne nur den Eaton, das ist mein USV und das, was in den Downloads angemeckert wurde, ist noch von 2003. Ich habe es damals sicher wissentlich installiert, aber wahrscheinlich vergessen, zu löschen. Was ich nicht begreife, denn ich surfe nur auf ganz ausgesuchten Seiten und downloade, wenn auch nur von den Herstellerseiten oder chip.de. Ich muß dazu sagen, vor einiger Zeig bin ich gehackt worden. Und da wurde der PC schon einmal neu aufgesetzt. Kann es vielleicht sein, daß doch noch Reste davon übriggeblieben sind und gar nicht alles weggegangen ist? Hier ist zuerst einmal das Log vom FRST.text: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014 Ran by *** (administrator) on **** on 28-08-2014 19:23:55 Running from C:\Users\***\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (Dawicontrol GmbH) C:\Program Files (x86)\Dawicontrol GmbH\Dawicontrol RAID Monitor\RAIDservice.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-02-28] (F-Secure Corporation) HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2014-03-26] (CyberLink Corp.) HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-12-11] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1890819657-3060126964-3928026559-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC) HKU\S-1-5-21-1890819657-3060126964-3928026559-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x38FC834E1D95CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: F-Secure Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation) BHO: F-Secure Search -> {690EF1CF-5775-4CB3-A5B8-85A63FD0262B} -> C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch64.dll (F-Secure Corporation) BHO-x32: F-Secure Online Safety -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: F-Secure Search -> {690EF1CF-5775-4CB3-A5B8-85A63FD0262B} -> C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch.dll (F-Secure Corporation) Toolbar: HKLM - F-Secure Search Toolbar - {B242FC32-2B60-48EA-A8E3-2E280EDBC48F} - C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch64.dll (F-Secure Corporation) Toolbar: HKLM-x32 - F-Secure Search Toolbar - {B242FC32-2B60-48EA-A8E3-2E280EDBC48F} - C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch.dll (F-Secure Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\lb0uo6e5.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lb0uo6e5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04] FF HKLM-x32\...\Firefox\Extensions: [{3233651c-dac7-49ea-b18d-aa18e812ad9e}] - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\deploy\fs_firefox_https FF Extension: Online Safety - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\deploy\fs_firefox_https [2014-07-02] FF HKCU\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Users\****\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn FF Extension: F-Secure Search - C:\Users\***AppData\Roaming\F-Secure\SafeSearch\FFPlugIn [2014-07-02] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\browser\install\fs_chrome_https\fs_chrome_https.crx [2014-05-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2014-03-26] (CyberLink) R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2014-03-26] (CyberLink) R2 DcRaidMoSrv; C:\Program Files (x86)\Dawicontrol GmbH\Dawicontrol RAID Monitor\RAIDservice.exe [3601920 2014-04-27] (Dawicontrol GmbH) [File not signed] R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation) R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-02-28] (F-Secure Corporation) R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-10] (F-Secure Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-04-23] (Emsisoft GmbH) R0 DC300e; C:\Windows\System32\drivers\DC300e.sys [41944 2014-06-18] (Dawicontrol GmbH) R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-07-02] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-07-02] (F-Secure Corporation) R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-07-02] () R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys [86056 2014-06-19] (F-Secure Corporation) R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] () R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-09] (Intel Corporation) S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [638896 2012-03-09] (Intel Corporation) R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44448 2014-07-02] (hxxp://libusb-win32.sourceforge.net) S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51280 2010-11-02] (LSI Corporation) S3 megasr1; C:\Windows\system32\drivers\megasr1.sys [806696 2012-02-08] (LSI Corporation, Inc.) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-07-02] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-07-02] (Acronis) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-07-02] (Acronis International GmbH) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-28 19:20 - 2014-08-28 19:20 - 00022497 _____ () C:\Users\*****\Downloads\Addition.txt 2014-08-28 19:19 - 2014-08-28 19:23 - 00015947 _____ () C:\Users\****\Downloads\FRST.txt 2014-08-28 19:19 - 2014-08-28 19:23 - 00000000 ____D () C:\FRST 2014-08-28 19:15 - 2014-08-28 19:16 - 02103296 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe 2014-08-28 13:37 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 13:37 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 13:37 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-14 15:51 - 2014-08-14 15:52 - 00110466 _____ () C:\Users\****\Documents\ttest.xps 2014-08-14 15:44 - 2014-08-14 15:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\TeamViewer 2014-08-14 13:41 - 2014-08-14 13:48 - 18607792 _____ (Adobe Systems Incorporated) C:\Users\****\Downloads\install_flash_player_ax.exe 2014-08-14 13:33 - 2014-08-14 13:40 - 19182768 _____ (Adobe Systems Incorporated) C:\Users\****\Downloads\install_flash_player.exe 2014-08-13 14:40 - 2014-08-13 14:40 - 00000000 ____D () C:\Users\****\Documents\Eigene PaperPort-Dokumente 2014-08-13 14:40 - 2014-08-13 14:40 - 00000000 ____D () C:\Users\****\AppData\Roaming\Zeon 2014-08-13 14:19 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-13 14:19 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-13 14:19 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-13 14:19 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 14:19 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 14:19 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-13 14:19 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-13 14:19 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-13 14:18 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-13 14:18 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-13 14:18 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-13 14:18 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-13 14:18 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-13 14:18 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-13 14:18 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-13 14:18 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-13 14:18 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-13 14:18 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-13 14:18 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-13 14:18 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-13 14:18 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-13 14:18 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-13 14:18 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-13 14:18 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-13 14:18 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-13 14:18 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-13 14:18 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-13 14:18 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-13 14:18 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-13 14:18 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-13 14:18 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-13 14:18 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-13 14:18 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-13 14:18 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-13 14:18 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-13 14:18 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-13 14:18 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-13 14:18 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-13 14:18 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-13 14:18 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-13 14:18 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-13 14:18 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-13 14:18 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-13 14:18 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-13 14:18 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-13 14:18 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-13 14:18 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-13 14:18 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-13 14:18 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-13 14:18 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-13 14:18 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-13 14:17 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-13 14:17 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-13 14:17 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-13 14:17 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-13 14:17 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-13 14:17 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-13 14:17 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-13 14:17 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-13 14:17 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-13 14:17 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-13 14:17 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-13 14:17 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-13 14:17 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-13 13:44 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-13 13:44 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-13 13:44 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-13 13:44 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-13 13:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-13 13:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-13 13:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-13 13:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-13 13:43 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-13 13:43 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-13 13:43 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-13 13:43 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-13 13:43 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-13 13:43 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-13 13:43 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-13 13:43 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-13 13:43 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-13 13:43 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-13 13:43 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 13:43 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 13:43 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-13 13:43 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 13:43 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-13 13:43 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-13 13:43 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-13 13:42 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-13 13:42 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-13 13:42 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-07 10:26 - 2014-08-07 10:26 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Brother 2014-08-07 10:20 - 2014-08-07 10:20 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nuance 2014-08-07 10:16 - 2014-08-07 10:16 - 00000000 _____ () C:\Users\****\Sti_Trace.log 2014-08-07 10:12 - 2014-08-07 10:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ControlCenter4 2014-08-07 10:08 - 2014-08-07 10:08 - 00000000 _____ () C:\Users\*****\Sti_Trace.log 2014-08-07 10:04 - 2014-08-07 10:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\FLEXnet 2014-08-07 10:04 - 2014-08-07 10:04 - 00000000 ____D () C:\Users\****AppData\Roaming\ControlCenter4 2014-08-07 10:01 - 2014-08-07 10:01 - 00002154 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk 2014-08-07 10:01 - 2014-08-07 10:01 - 00002037 _____ () C:\Users\Public\Desktop\OmniJoin-Testversion.lnk 2014-08-07 10:00 - 2014-08-07 10:00 - 00000103 _____ () C:\Windows\brpcfx.ini 2014-08-07 10:00 - 2014-08-07 10:00 - 00000024 _____ () C:\Windows\Brpfx04a.ini 2014-08-07 10:00 - 2014-08-07 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2014-08-07 09:58 - 2014-08-28 16:46 - 00007891 _____ () C:\Windows\BRRBCOM.INI 2014-08-07 09:58 - 2014-08-07 09:58 - 00007819 _____ () C:\Windows\BROMJ470DW.INI 2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx 2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\ProgramData\ControlCenter4 2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4 2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\Browny02 2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Brother 2014-08-07 09:29 - 2014-07-01 09:31 - 10485760 _____ () C:\Users\*****\Downloads\places.sqlite 2014-08-07 09:29 - 2014-07-01 09:31 - 00016384 _____ () C:\Users\****\Downloads\key3.db 2014-08-07 09:29 - 2014-04-11 13:43 - 00327680 _____ () C:\Users\****\Downloads\signons.sqlite 2014-08-07 09:28 - 2014-08-07 09:29 - 00000066 _____ () C:\Windows\Brfaxrx.ini 2014-08-07 09:28 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\Brother 2014-08-07 09:28 - 2014-08-07 09:28 - 00000000 ____D () C:\ProgramData\PCFaxTx 2014-08-07 09:28 - 2013-01-10 13:56 - 00253952 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll 2014-08-07 09:28 - 2012-12-12 11:37 - 00318464 ____N (Brother Industries, Ltd.) C:\Windows\system32\BrFaxTxAppRun64.dll 2014-08-07 09:28 - 2012-10-22 14:41 - 00002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll 2014-08-07 09:28 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll 2014-08-07 09:28 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll 2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\InstallShield 2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\ProgramData\zeon 2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\Program Files\Nuance 2014-08-07 09:25 - 2014-08-13 14:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nuance 2014-08-07 09:25 - 2014-08-07 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12 2014-08-07 09:25 - 2014-08-07 09:25 - 00001868 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk 2014-08-07 09:25 - 2014-08-07 09:25 - 00000000 ____D () C:\ProgramData\ScanSoft 2014-08-07 09:24 - 2014-08-07 10:08 - 00000000 ____D () C:\ProgramData\Nuance 2014-08-07 09:24 - 2014-08-07 09:26 - 00000000 ____D () C:\Program Files (x86)\Nuance 2014-08-07 09:24 - 2014-08-07 09:24 - 00000000 ____D () C:\Users\****\Documents\MeineWebSeiten 2014-08-07 09:24 - 2014-08-07 09:24 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-08-07 09:21 - 2014-08-07 09:58 - 00000000 ____D () C:\ProgramData\Brother 2014-08-02 13:59 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-02 13:59 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-02 13:59 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-02 13:59 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-02 13:58 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-02 13:58 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-02 13:58 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-02 13:58 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-02 13:58 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-02 13:58 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-02 13:58 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-02 13:58 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-02 13:58 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-02 13:58 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-28 19:23 - 2014-08-28 19:19 - 00015947 _____ () C:\Users\****\Downloads\FRST.txt 2014-08-28 19:23 - 2014-08-28 19:19 - 00000000 ____D () C:\FRST 2014-08-28 19:23 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-28 19:23 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-28 19:20 - 2014-08-28 19:20 - 00022497 _____ () C:\Users\****\Downloads\Addition.txt 2014-08-28 19:16 - 2014-08-28 19:15 - 02103296 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe 2014-08-28 19:12 - 2014-07-02 11:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-28 17:53 - 2014-07-01 22:29 - 00698688 _____ () C:\Windows\system32\perfh007.dat 2014-08-28 17:53 - 2014-07-01 22:29 - 00148828 _____ () C:\Windows\system32\perfc007.dat 2014-08-28 17:53 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-28 17:14 - 2014-07-01 12:37 - 01734667 _____ () C:\Windows\WindowsUpdate.log 2014-08-28 17:13 - 2014-07-02 11:10 - 00000000 ____D () C:\EEK 2014-08-28 16:46 - 2014-08-07 09:58 - 00007891 _____ () C:\Windows\BRRBCOM.INI 2014-08-28 14:01 - 2010-11-21 05:47 - 00009132 _____ () C:\Windows\PFRO.log 2014-08-28 14:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-28 14:01 - 2009-07-14 06:51 - 00028772 _____ () C:\Windows\setupact.log 2014-08-28 13:42 - 2009-07-14 06:45 - 00376856 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-28 01:57 - 2014-07-02 13:36 - 00000684 _____ () C:\Windows\Tasks\Scheduled scanning task.job 2014-08-28 01:45 - 2014-07-02 12:02 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe 2014-08-28 01:45 - 2014-07-02 11:49 - 00002566 _____ () C:\Windows\Sandboxie.ini 2014-08-28 00:00 - 2014-07-02 13:36 - 00003458 _____ () C:\Windows\System32\Tasks\Scheduled scanning task 2014-08-27 17:10 - 2014-07-19 17:05 - 00000000 ____D () C:\Users\****\AppData\Local\F-Secure 2014-08-27 02:00 - 2014-07-04 11:31 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe 2014-08-24 16:31 - 2014-07-17 22:49 - 00000000 ____D () C:\Users\****\Documents\CassetteMate Record Files 2014-08-23 04:07 - 2014-08-28 13:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-28 13:37 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-28 13:37 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-21 14:05 - 2014-07-09 15:33 - 00002119 _____ () C:\Users\Public\Desktop\Nero MediaHome.lnk 2014-08-21 14:05 - 2014-07-09 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2014-08-14 15:57 - 2014-07-01 13:03 - 00069896 _____ () C:\Users\****AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-14 15:52 - 2014-08-14 15:51 - 00110466 _____ () C:\Users\****\Documents\ttest.xps 2014-08-14 15:44 - 2014-08-14 15:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\TeamViewer 2014-08-14 15:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-14 13:49 - 2014-07-02 11:47 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-14 13:49 - 2014-07-02 11:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-14 13:49 - 2014-07-02 11:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-14 13:48 - 2014-08-14 13:41 - 18607792 _____ (Adobe Systems Incorporated) C:\Users\****\Downloads\install_flash_player_ax.exe 2014-08-14 13:40 - 2014-08-14 13:33 - 19182768 _____ (Adobe Systems Incorporated) C:\Users\****\Downloads\install_flash_player.exe 2014-08-13 14:40 - 2014-08-13 14:40 - 00000000 ____D () C:\Users\****\Documents\Eigene PaperPort-Dokumente 2014-08-13 14:40 - 2014-08-13 14:40 - 00000000 ____D () C:\Users\****\AppData\Roaming\Zeon 2014-08-13 14:40 - 2014-08-07 09:25 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nuance 2014-08-13 14:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-13 14:31 - 2014-07-02 09:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-13 14:25 - 2014-07-01 15:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-13 14:23 - 2014-07-01 15:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-13 14:19 - 2014-07-01 16:08 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-12 01:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-08-07 11:16 - 2014-07-09 15:29 - 00002813 _____ () C:\Users\Public\Desktop\Nero Video 2014.lnk 2014-08-07 10:30 - 2014-07-04 11:46 - 00069896 _____ () C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-07 10:26 - 2014-08-07 10:26 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Brother 2014-08-07 10:20 - 2014-08-07 10:20 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nuance 2014-08-07 10:16 - 2014-08-07 10:16 - 00000000 _____ () C:\Users\****\Sti_Trace.log 2014-08-07 10:16 - 2014-07-04 11:30 - 00000000 ____D () C:\Users\**** 2014-08-07 10:12 - 2014-08-07 10:12 - 00000000 ____D () C:\Users\****\AppData\Roaming\ControlCenter4 2014-08-07 10:08 - 2014-08-07 10:08 - 00000000 _____ () C:\Users\****\Sti_Trace.log 2014-08-07 10:08 - 2014-08-07 09:24 - 00000000 ____D () C:\ProgramData\Nuance 2014-08-07 10:08 - 2014-07-01 12:50 - 00000000 ____D () C:\Users\***** 2014-08-07 10:04 - 2014-08-07 10:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\FLEXnet 2014-08-07 10:04 - 2014-08-07 10:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\ControlCenter4 2014-08-07 10:01 - 2014-08-07 10:01 - 00002154 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk 2014-08-07 10:01 - 2014-08-07 10:01 - 00002037 _____ () C:\Users\Public\Desktop\OmniJoin-Testversion.lnk 2014-08-07 10:00 - 2014-08-07 10:00 - 00000103 _____ () C:\Windows\brpcfx.ini 2014-08-07 10:00 - 2014-08-07 10:00 - 00000024 _____ () C:\Windows\Brpfx04a.ini 2014-08-07 10:00 - 2014-08-07 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2014-08-07 09:58 - 2014-08-07 09:58 - 00007819 _____ () C:\Windows\BROMJ470DW.INI 2014-08-07 09:58 - 2014-08-07 09:21 - 00000000 ____D () C:\ProgramData\Brother 2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx 2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\ProgramData\ControlCenter4 2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4 2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\Browny02 2014-08-07 09:29 - 2014-08-07 09:29 - 00000000 ____D () C:\Brother 2014-08-07 09:29 - 2014-08-07 09:28 - 00000066 _____ () C:\Windows\Brfaxrx.ini 2014-08-07 09:29 - 2014-08-07 09:28 - 00000000 ____D () C:\Program Files (x86)\Brother 2014-08-07 09:28 - 2014-08-07 09:28 - 00000000 ____D () C:\ProgramData\PCFaxTx 2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\****\AppData\Roaming\InstallShield 2014-08-07 09:27 - 2014-07-01 12:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\ProgramData\zeon 2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\Program Files\Nuance 2014-08-07 09:26 - 2014-08-07 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12 2014-08-07 09:26 - 2014-08-07 09:24 - 00000000 ____D () C:\Program Files (x86)\Nuance 2014-08-07 09:25 - 2014-08-07 09:25 - 00001868 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk 2014-08-07 09:25 - 2014-08-07 09:25 - 00000000 ____D () C:\ProgramData\ScanSoft 2014-08-07 09:24 - 2014-08-07 09:24 - 00000000 ____D () C:\Users\*****\Documents\MeineWebSeiten 2014-08-07 09:24 - 2014-08-07 09:24 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-08-07 04:06 - 2014-08-13 13:44 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-07 04:01 - 2014-08-13 13:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-01 01:41 - 2014-08-13 14:18 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-01 01:16 - 2014-08-13 14:18 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll Some content of TEMP: ==================== C:\Users\****\AppData\Local\Temp\AdobeApplicationManager.exe C:\Users\****\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\****\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe C:\Users\****\AppData\Local\Temp\ose00000.exe C:\Users\****\AppData\Local\Temp\readSTILog.dll C:\Users\****\AppData\Local\Temp\vcredist_x64.exe C:\Users\****\AppData\Local\Temp\_isA775.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-28 02:30 ==================== End Of Log ============================ --- --- --- Hier noch der Additional txt: Der läßt sicher auch schon einige Rückschlüsse zu, da dort auch etwas steht von Application-Warnungen und Abbrüchen. Ich hoffe, daß ich soweit meine privaten Namen rausgenommen habe. Sollte mir etwas entgangen sein, sage mir bite Bescheid, daß ich das editieren kann. FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014 Ran by **** at 2014-08-28 19:24:18 Running from C:\Users\****\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17} AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Brother MFL-Pro Suite MFC-J470DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.) CassetteMate (HKLM-x32\...\CassetteMate) (Version: - ) Computer Security 14.106.101.0 (release) (x32 Version: 14.106.101.0 - F-Secure Corporation) Hidden CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.3919.58 - CyberLink Corp.) CyberLink PowerDVD 13 (x32 Version: 13.0.3919.58 - CyberLink Corp.) Hidden Dawicontrol RAID Monitor (HKLM-x32\...\{8DCEBC6F-892D-43CF-A764-5A89388D977A}) (Version: 3.4.0 - Dawicontrol GmbH) DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.15.0134 - Fujitsu Technology Solutions) Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.06.303.0 - F-Secure Corporation) F-Secure (x32 Version: 2.06.303.0 - F-Secure Corporation) Hidden F-Secure CCF Reputation (x32 Version: 1.1.25.2280 - F-Secure) Hidden F-Secure CCF Scanning 1.43.102.193 (release) (x32 Version: 1.43.102.193 - F-Secure Corporation) Hidden F-Secure Network CCF 1.02.136 (x32 Version: 1.02.136 - F-Secure Corporation) Hidden F-Secure SafeSearch 1.03.146.0 (release) (x32 Version: 1.03.146.0 - F-Secure Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero 2014 (HKLM-x32\...\{E6E1AE09-1B6D-4D80-A42F-2AE0EA448DE5}) (Version: 15.0.01000 - Nero AG) Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden Nero Blu-ray Player (x32 Version: 12.1.20081 - Nero AG) Hidden Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden Nero Burning Core (x32 Version: 15.0.25001 - Nero AG) Hidden Nero Burning ROM (x32 Version: 15.0.25001 - Nero AG) Hidden Nero Burning ROM Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.24900 - Nero AG) Hidden Nero Device Updates (x32 Version: 15.0.1002 - Nero AG) Hidden Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc to Device (x32 Version: 15.0.12032 - Nero AG) Hidden Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden Nero Express (x32 Version: 15.0.25001 - Nero AG) Hidden Nero Express Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG) Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Launcher (x32 Version: 15.0.12000 - Nero AG) Hidden Nero MediaHome (x32 Version: 1.22.5700 - Nero AG) Hidden Nero MediaHome Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden Nero Recode (x32 Version: 15.0.27001 - Nero AG) Hidden Nero Recode Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden Nero SharedVideoCodecs (x32 Version: 1.0.15005 - Nero AG) Hidden Nero Update (x32 Version: 11.0.13600.45.0 - Nero AG) Hidden Nero Video (x32 Version: 15.0.27001 - Nero AG) Hidden Nero Video Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) Online Safety 2.107.2552.1523 (x32 Version: 2.107.2552.1523 - F-Secure Corporation) Hidden PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0029 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) Scansoft PDF Professional (x32 Version: - ) Hidden True Image 2013 (HKLM-x32\...\{4AA75223-6CBF-46F4-8EE4-7BF0591089F7}Visible) (Version: 16.0.6514 - Acronis) True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) WD WinDLG (HKLM-x32\...\{B7086234-C00D-4DD0-A7A2-2B2CAEAAC75B}) (Version: 1.0.0 - WDC) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-08-2014 16:59:26 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3880A782-DE4A-4E6A-A93A-195EC186BB9C} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2013-12-11] (Fujitsu Technology Solutions) Task: {584F4336-ABCB-49F5-ABCB-1D54F9E95CD4} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsav.exe [2014-02-28] (F-Secure Corporation) Task: {5BC127A8-370C-4BFE-8B4F-AACBA4DF6096} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated) Task: {6B0C5ECE-3F5C-4CB3-AD17-2E72C5802825} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG) Task: {A22D8A0D-0E76-4B3E-8A21-527D9855F992} - System32\Tasks\AdobeAAMUpdater-1.0-FUJ385987-**** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\Program Files (x86)\F-Secure\apps\COMPUT~1\ANTI-V~1\fsav.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll 2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: WD My Book Device USB Device Description: WD My Book Device USB Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/28/2014 07:24:20 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 3 2014-08-28 19:24:20+02:00 FUJ385987 SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\windows\mod_frst.exe File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4 Error: (08/28/2014 07:20:19 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 2 2014-08-28 19:20:19+02:00 FUJ385987 SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\windows\mod_frst.exe File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4 Error: (08/28/2014 05:45:04 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 1 2014-08-28 17:45:04+02:00 FUJ385987 FUJ385987\**** F-Secure Anti-Virus Manual scanning was finished - workstation was found infected! Error: (08/28/2014 02:45:56 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 1 2014-08-28 14:45:56+02:00 FUJ385987 FUJ385987\**** F-Secure Anti-Virus Crash detected. Error: (08/28/2014 02:02:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/28/2014 02:00:05 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 1 2014-08-28 14:00:05+02:00 FUJ385987 FUJ385987\**** F-Secure Anti-Virus Manual scanning was finished - workstation was found infected! Error: (08/28/2014 01:43:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/28/2014 01:32:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/28/2014 01:58:20 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/28/2014 01:53:51 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 2 2014-08-28 01:53:51+02:00 FUJ385987 FUJ385987\**** F-Secure Anti-Virus Manual scanning was finished - workstation was found infected! System errors: ============= Error: (08/28/2014 01:41:11 PM) (Source: volsnap) (EventID: 14) (User: ) Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen. Error: (08/27/2014 03:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Eaton UPS Companion" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Error: (08/27/2014 03:40:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Eaton UPS Companion" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/27/2014 02:24:48 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (08/23/2014 02:18:47 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (08/22/2014 02:38:00 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (08/21/2014 10:29:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (08/21/2014 10:29:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105. Error: (08/21/2014 02:29:15 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (08/14/2014 08:34:25 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Microsoft Office Sessions: ========================= Error: (07/04/2014 06:57:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz Percentage of memory in use: 72% Total physical RAM: 3972.38 MB Available physical RAM: 1072.91 MB Total Pagefile: 7942.94 MB Available Pagefile: 5262.41 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:585.84 GB) (Free:542.66 GB) NTFS Drive d: (Daten) (Fixed) (Total:1277.08 GB) (Free:1249.71 GB) NTFS Drive e: (G Platte 5) (CDROM) (Total:4.03 GB) (Free:0 GB) UDF Drive f: (My Book) (Fixed) (Total:931.5 GB) (Free:160.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 51D1DB7E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=585.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1277.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 1B3954B4) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
29.08.2014, 12:35 | #4 | |
/// the machine /// TB-Ausbilder | Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?Zitat:
Formatieren und Neuaufsetzen überlebt eigentlich fast nix. Logs sehen gut aus, ich würde die Funde jetzt mal nicht so ernst nehmen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.08.2014, 23:42 | #5 |
| Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? Ui, also ist chip.de doch keine so gute Adresse? Werde ich mir merken und laß das in Zukunft lieber von dort sein. Na dann muß ja alles weggegangen sein beim Formatieren und Neuaufsetzen. Vielen Dank, Schrauber, das beruhigt mich doch sehr. Man ist immer beruhigter, wenn ein Profi über die Logs schaut. Dann werde ich das machen, was Du gesagt hast und die Funde erstmal nicht weiter beachten. Bisher zeigt der PC auch keine bösen Auffälligkeiten. Sollte sich etwas verschlimmern, melde ich mich auf jeden Fall wieder. Dann bedanke ich mich für die prompte und schnelle Hilfe und wünsche ein schönes Wochenende! PS: Kann ich das Programm FRST über Systemsteuerung manuell wieder löschen? Oder wäre es ratsam, es zu behalten? Geändert von Tommy L. (29.08.2014 um 23:49 Uhr) |
30.08.2014, 07:26 | #6 |
/// the machine /// TB-Ausbilder | Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? Einfach FRST und die Logs löschen, ebenso den Ordner C:\FRST
__________________ --> Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? |
Themen zu Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm? |
datei, ergebnis, erstellt, fehlalarm, festplatte, free, infektion, internet, neu, plötzlich, programme, quarantäne, rootkits, scan, scanner, schädling, security, speicher, super, trojaner, ups, virenscanner, virus, win, windows, zugriff |