|
Log-Analyse und Auswertung: Win 8.1 Framed Display Virus eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.11.2014, 13:27 | #1 |
| Win 8.1 Framed Display Virus eingefangen Hallo, ich habe einen neuen Rechner und dementsprechend installiere ich z.Z. viele Software. Bei der Installation einer Software ( ich vermute Jdownloader 2) habe ich mir den Virus "Framed Display" eingefangen. F-secure hat ihn gemeldet - konnte ihn aber nicht löschen. Ich habe dann Malewarebytes installiert, der wohl alles gelöscht hat. Zumindest konnte er bei einem zweiten Scan nichts mehr finden. Dennoch bin ich mir nicht sicher, ob mein PC jetzt clean ist. Deswegen würde ich mich freuen, wenn ihr mal drüberschauen könntet: FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014 Ran by Richard (administrator) on RICK on 02-11-2014 12:50:53 Running from C:\Users\Richard\Desktop Loaded Profile: Richard (Available profiles: Richard) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMIHookFnNotifier.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe () C:\Program Files\Rainmeter\Rainmeter.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-07-23] (Realtek Semiconductor) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [] => [X] HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-02-24] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation) HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1543957082-4200568014-2125959290-1002\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2342400 2011-01-06] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{FB55FA5A-08CB-4A14-A0C5-5BCDB3F1ACC4}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com SearchScopes: HKLM - DefaultScope {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS SearchScopes: HKLM - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS SearchScopes: HKLM-x32 - DefaultScope {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS SearchScopes: HKLM-x32 - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS SearchScopes: HKCU - DefaultScope {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = SearchScopes: HKCU - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default FF Homepage: about: FF Keyword.URL: https://startpage.com/do/search?language=deutsch&cat=web&query= FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\user.js FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\ixquick---deutsch.xml FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\linguee-de-en.xml FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\metager.xml FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\startpage-https---deutsch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\abs@avira.com [2014-11-01] FF Extension: German Dictionary - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-11-01] FF Extension: HTTPS-Everywhere - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\https-everywhere@eff.org [2014-11-01] FF Extension: rein - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\rein@notiz.jp [2014-11-01] FF Extension: No Name - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\temp [2014-11-01] FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-11-01] FF Extension: Linkification - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2014-11-01] FF Extension: Compact Menu 2 - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4} [2014-11-01] FF Extension: No Name - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{9w50ge7w-88c1-4wcg-bxg9-90g1a5d31c3z} [2014-11-01] FF Extension: WOT - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-01] FF Extension: DownloadHelper - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01] FF Extension: Dictionary Tooltip - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{C6128004-4838-4708-9A97-BB172D17767D}(2) [2014-11-01] FF Extension: BetterPrivacy - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2014-11-01] FF Extension: Whitehart - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9} [2014-11-01] FF Extension: ImageHost Grabber - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2014-11-01] FF Extension: checkCompatibility - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\check-compatibility@dactyl.googlecode.com.xpi [2014-11-01] FF Extension: Classic Theme Restorer - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-01] FF Extension: CookieKiller - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\cookiekiller@joseph.moran.xpi [2014-11-01] FF Extension: FireGestures - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\firegestures@xuldev.org.xpi [2014-11-01] FF Extension: YouTube mp3 - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\info@youtube-mp3.org.xpi [2014-11-01] FF Extension: Simple White - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\Simple@White.Theme.xpi [2014-11-01] FF Extension: Image Zoom - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-11-01] FF Extension: NoScript - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-01] FF Extension: MeasureIt - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-11-01] FF Extension: Adblock Plus - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01] FF HKLM-x32\...\Firefox\Extensions: [{306eaf01-4e65-43d2-8504-1ae0c1859338}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-10-31] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-01] CHR Extension: (Google Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-31] CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [364544 2014-07-23] (AVerMedia) [File not signed] R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2014-07-23] () [File not signed] R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation) R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation) R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-23] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-07-23] (Intel Corporation) R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-07-24] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] () S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-07-24] (Microsoft Corporation) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-03-03] (Qualcomm Atheros) [File not signed] S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-24] (Microsoft Corporation) R2 WMI_Hook_Service; C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [134792 2014-03-28] (MICRO-STAR INT'L,.LTD.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [81072 2014-02-20] (Qualcomm Atheros, Inc.) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.) R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202792 2014-10-31] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-10-31] (F-Secure Corporation) R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-10-31] () R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-10-31] (F-Secure Corporation) R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] () R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-07-23] (Intel Corporation) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-07-23] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3610592 2014-01-28] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_win8_x64.sys [42264 2013-07-03] (Nuvoton Technology Corp.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-24] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-02 12:50 - 2014-11-02 12:51 - 00022103 _____ () C:\Users\Richard\Desktop\FRST.txt 2014-11-02 12:50 - 2014-11-02 12:50 - 00000000 ____D () C:\FRST 2014-11-02 12:48 - 2014-11-02 12:48 - 02114048 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe 2014-11-02 12:29 - 2014-11-02 12:35 - 00051630 _____ () C:\Users\Richard\Downloads\Extras.Txt 2014-11-02 12:29 - 2014-11-02 12:33 - 00130812 _____ () C:\Users\Richard\Downloads\OTL.Txt 2014-11-02 12:20 - 2014-11-02 12:20 - 00602112 _____ (OldTimer Tools) C:\Users\Richard\Downloads\OTL.exe 2014-11-02 12:11 - 2014-11-02 12:11 - 00001197 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\mbam.lnk 2014-11-02 12:04 - 2014-11-02 12:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-02 12:04 - 2014-11-02 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-02 12:04 - 2014-11-02 12:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-02 12:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-02 12:04 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-02 12:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-02 11:56 - 2014-11-02 11:56 - 00048792 _____ () C:\Windows\system32\Drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp 2014-11-02 11:52 - 2014-11-02 11:53 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Richard\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-02 11:44 - 2014-11-02 11:45 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-02 11:44 - 2014-10-03 10:02 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-02 11:33 - 2014-11-02 11:33 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieUserList 2014-11-02 11:33 - 2014-11-02 11:33 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieSiteList 2014-11-02 03:46 - 2014-11-02 03:46 - 00002175 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\JDownloader 2.lnk 2014-11-02 03:13 - 2014-11-02 03:13 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2014-11-02 03:12 - 2014-11-02 03:24 - 00000000 ____D () C:\Users\Richard\AppData\Local\JDownloader v2.0 2014-11-02 02:57 - 2014-11-02 02:57 - 00000000 ____D () C:\Users\Richard\AppData\Local\Intel_Corporation 2014-11-01 21:38 - 2014-11-01 21:38 - 00001254 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Adobe Photoshop.lnk 2014-11-01 21:33 - 2014-11-01 21:33 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-11-01 21:33 - 1998-11-05 11:08 - 00087392 ____N (Twain Working Group) C:\Windows\twain.dll 2014-11-01 21:30 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe 2014-11-01 20:56 - 2014-11-01 20:59 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\.minecraft 2014-11-01 20:56 - 2014-11-01 20:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\java 2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Sun 2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\Program Files (x86)\Java 2014-11-01 20:15 - 2014-11-02 03:33 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\XnViewMP 2014-11-01 20:15 - 2014-11-01 20:15 - 00001048 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\XnViewMP.lnk 2014-11-01 20:10 - 2014-11-01 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP 2014-11-01 20:10 - 2014-11-01 20:10 - 00000000 ____D () C:\Program Files\XnViewMP 2014-11-01 19:57 - 2014-11-01 19:57 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\MPC-HC 2014-11-01 19:56 - 2014-11-01 19:56 - 00000000 ____D () C:\Program Files\MPC-HC 2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Users\Richard\Documents\Rainmeter 2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Rainmeter 2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Program Files\Rainmeter 2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Users\Richard\Documents\Splashtop Whiteboard 2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Users\Richard\Documents\Splashtop Presenter 2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\ProgramData\SplitMediaLabs 2014-11-01 15:04 - 2014-11-01 15:04 - 00000955 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\geek.lnk 2014-11-01 12:48 - 2014-11-01 12:48 - 00000000 ____D () C:\Users\Richard\AppData\Local\AVerMedia TV Player 2014-11-01 12:47 - 2014-11-01 12:47 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\WebApp 2014-11-01 12:47 - 2014-11-01 12:47 - 00000000 ____D () C:\Users\Public\CyberLink 2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\Documents\CyberLink 2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\CyberLink 2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\Cyberlink 2014-11-01 12:46 - 2014-11-01 16:38 - 00000000 ____D () C:\Users\Richard\Documents\MediaCloud 2014-11-01 12:44 - 2014-11-01 12:44 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2014-11-01 12:44 - 2014-11-01 12:44 - 00000000 ____D () C:\ProgramData\GamingControlCenter 2014-11-01 12:43 - 2014-11-02 12:10 - 00000000 ___HD () C:\Users\Richard\.rainlendar2 2014-11-01 12:43 - 2014-11-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Rainlendar2 2014-11-01 12:41 - 2013-09-07 10:10 - 00675988 _____ () C:\Users\Richard\Downloads\Minecraft.exe 2014-11-01 12:39 - 2014-11-01 12:39 - 00000000 ____D () C:\ProgramData\ROCCAT 2014-11-01 12:38 - 2014-11-01 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT 2014-11-01 12:38 - 2014-11-01 12:38 - 00000000 ____D () C:\Program Files (x86)\ROCCAT 2014-11-01 11:37 - 2014-11-01 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Thunderbird 2014-11-01 11:37 - 2014-11-01 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Local\Thunderbird 2014-11-01 11:33 - 2014-11-01 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-11-01 11:00 - 2014-11-01 11:00 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys 2014-11-01 10:53 - 2014-11-01 12:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-01 10:53 - 2014-11-01 10:54 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla 2014-11-01 10:53 - 2014-11-01 10:54 - 00000000 ____D () C:\Users\Richard\AppData\Local\Mozilla 2014-11-01 10:53 - 2014-11-01 10:53 - 00000000 ____D () C:\ProgramData\Mozilla 2014-11-01 10:53 - 2014-11-01 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-01 10:42 - 2014-11-01 10:42 - 00000000 ___RD () C:\Users\Richard\Documents\xls 2014-11-01 10:42 - 2014-11-01 10:42 - 00000000 ____D () C:\Users\Richard\Documents\txt 2014-11-01 10:42 - 2014-10-12 14:42 - 430346312 _____ () C:\Users\Richard\Documents\backup.dpb 2014-11-01 10:41 - 2014-11-01 10:42 - 00000000 ____D () C:\Users\Richard\Documents\roman 2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\pdf 2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\Papyrus Backups 2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\netbank 2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\firma 2014-11-01 10:40 - 2014-11-01 13:47 - 00000000 ____D () C:\Users\Richard\Documents\diverses 2014-11-01 10:40 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\DVD Profiler 2014-11-01 10:40 - 2014-11-01 10:40 - 00000000 ____D () C:\Users\Richard\Documents\doc 2014-11-01 10:07 - 2014-11-01 10:07 - 00000000 ____D () C:\Users\Richard\AppData\Local\FreeCommanderXE 2014-11-01 10:07 - 2014-11-01 10:07 - 00000000 ____D () C:\Program Files (x86)\FreeCommander XE 2014-11-01 10:05 - 2014-11-01 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-11-01 10:05 - 2014-11-01 10:05 - 00000000 ____D () C:\Program Files\7-Zip 2014-11-01 10:02 - 2014-11-01 10:02 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps 2014-11-01 01:06 - 2014-11-02 12:19 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\ClassicShell 2014-11-01 01:04 - 2014-11-01 01:05 - 00000000 ____D () C:\ProgramData\ClassicShell 2014-11-01 01:01 - 2014-11-01 01:01 - 00000000 ____D () C:\Program Files\Classic Shell 2014-10-31 22:36 - 2014-10-31 22:45 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys 2014-10-31 22:36 - 2014-10-31 22:36 - 00000657 _____ () C:\Windows\fsav_db_setup.log 2014-10-31 22:35 - 2014-10-31 22:36 - 04143130 _____ () C:\Windows\FSISU.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00895110 _____ () C:\Windows\FSSFM.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00804920 _____ () C:\Windows\FSSETUP.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00136077 _____ () C:\Windows\FSPROD.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00088490 _____ () C:\Windows\RunSetup.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00070869 _____ () C:\Windows\FSAVINST.LOG 2014-10-31 22:35 - 2014-10-31 22:36 - 00009874 _____ () C:\Windows\FSAVCSIN.LOG 2014-10-31 22:35 - 2014-10-31 22:36 - 00004347 _____ () C:\Windows\FSGKIAIN.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00004230 _____ () C:\Windows\fstnbins.LOG 2014-10-31 22:35 - 2014-10-31 22:36 - 00003335 _____ () C:\Windows\fsavunin.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00001837 _____ () C:\Windows\FSLDIN.LOG 2014-10-31 22:35 - 2014-10-31 22:35 - 00140799 _____ () C:\Windows\FSDEPH.log 2014-10-31 22:35 - 2014-10-31 22:35 - 00020560 _____ () C:\Windows\prodsett_copy.ini 2014-10-31 22:35 - 2014-10-31 22:35 - 00019322 _____ () C:\Windows\fspplugin.log 2014-10-31 22:31 - 2014-10-31 22:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\F-Secure 2014-10-31 22:31 - 2014-10-31 22:36 - 00000000 ____D () C:\ProgramData\F-Secure 2014-10-31 22:31 - 2014-10-31 22:36 - 00000000 ____D () C:\Program Files (x86)\F-Secure 2014-10-31 22:31 - 2014-10-31 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure 2014-10-31 22:18 - 2014-10-31 22:18 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Macromedia 2014-10-31 22:17 - 2014-11-02 12:27 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-31 22:17 - 2014-11-02 12:09 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-31 22:17 - 2014-10-31 22:22 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-31 22:17 - 2014-10-31 22:22 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Micro-Star_International_ 2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Google 2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-31 22:16 - 2014-10-31 22:21 - 00000564 _____ () C:\SSUUpdater.log 2014-10-31 22:15 - 2014-11-02 03:56 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1543957082-4200568014-2125959290-1002 2014-10-31 22:10 - 2014-10-31 22:10 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Intel Corporation 2014-10-31 22:09 - 2014-11-01 21:35 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Adobe 2014-10-31 22:09 - 2014-11-01 12:43 - 00000000 ____D () C:\Users\Richard 2014-10-31 22:09 - 2014-11-01 12:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\VirtualStore 2014-10-31 22:09 - 2014-10-31 22:09 - 00000020 ___SH () C:\Users\Richard\ntuser.ini 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Vorlagen 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Startmenü 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Netzwerkumgebung 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Lokale Einstellungen 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Eigene Dateien 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Druckumgebung 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Documents\Eigene Musik 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Documents\Eigene Bilder 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Local\Verlauf 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Local\Anwendungsdaten 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Anwendungsdaten 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Intel 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Local\Packages 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Local\AVerMedia 2014-10-31 22:09 - 2014-07-24 02:17 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-31 22:09 - 2014-03-18 11:33 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-31 22:09 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-31 22:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-31 22:06 - 2014-11-02 12:28 - 01452911 _____ () C:\Windows\WindowsUpdate.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-02 12:16 - 2014-04-13 00:06 - 00450712 _____ () C:\Windows\system32\prfh0404.dat 2014-11-02 12:16 - 2014-04-13 00:06 - 00135868 _____ () C:\Windows\system32\prfc0404.dat 2014-11-02 12:16 - 2014-04-12 23:58 - 00436346 _____ () C:\Windows\system32\prfh0804.dat 2014-11-02 12:16 - 2014-04-12 23:58 - 00135868 _____ () C:\Windows\system32\prfc0804.dat 2014-11-02 12:16 - 2014-04-12 23:45 - 00715654 _____ () C:\Windows\system32\perfh01F.dat 2014-11-02 12:16 - 2014-04-12 23:45 - 00150298 _____ () C:\Windows\system32\perfc01F.dat 2014-11-02 12:16 - 2014-04-12 23:33 - 00725516 _____ () C:\Windows\system32\perfh01D.dat 2014-11-02 12:16 - 2014-04-12 23:33 - 00152370 _____ () C:\Windows\system32\perfc01D.dat 2014-11-02 12:16 - 2014-04-12 23:11 - 00781168 _____ () C:\Windows\system32\perfh019.dat 2014-11-02 12:16 - 2014-04-12 23:11 - 00161704 _____ () C:\Windows\system32\perfc019.dat 2014-11-02 12:16 - 2014-04-12 22:59 - 00789596 _____ () C:\Windows\system32\prfh0816.dat 2014-11-02 12:16 - 2014-04-12 22:59 - 00164166 _____ () C:\Windows\system32\prfc0816.dat 2014-11-02 12:16 - 2014-04-12 22:52 - 00775740 _____ () C:\Windows\system32\prfh0416.dat 2014-11-02 12:16 - 2014-04-12 22:52 - 00158832 _____ () C:\Windows\system32\prfc0416.dat 2014-11-02 12:16 - 2014-04-12 22:45 - 00798800 _____ () C:\Windows\system32\perfh015.dat 2014-11-02 12:16 - 2014-04-12 22:45 - 00163682 _____ () C:\Windows\system32\perfc015.dat 2014-11-02 12:16 - 2014-04-12 22:39 - 00798252 _____ () C:\Windows\system32\perfh013.dat 2014-11-02 12:16 - 2014-04-12 22:39 - 00162330 _____ () C:\Windows\system32\perfc013.dat 2014-11-02 12:16 - 2014-04-12 22:32 - 00441600 _____ () C:\Windows\system32\perfh014.dat 2014-11-02 12:16 - 2014-04-12 22:32 - 00077252 _____ () C:\Windows\system32\perfc014.dat 2014-11-02 12:16 - 2014-04-12 22:17 - 00508106 _____ () C:\Windows\system32\perfh012.dat 2014-11-02 12:16 - 2014-04-12 22:17 - 00135868 _____ () C:\Windows\system32\perfc012.dat 2014-11-02 12:16 - 2014-04-12 22:10 - 00498064 _____ () C:\Windows\system32\perfh011.dat 2014-11-02 12:16 - 2014-04-12 22:10 - 00135868 _____ () C:\Windows\system32\perfc011.dat 2014-11-02 12:16 - 2014-04-12 22:03 - 00794000 _____ () C:\Windows\system32\perfh010.dat 2014-11-02 12:16 - 2014-04-12 22:03 - 00156420 _____ () C:\Windows\system32\perfc010.dat 2014-11-02 12:16 - 2014-04-12 21:56 - 00743402 _____ () C:\Windows\system32\perfh00E.dat 2014-11-02 12:16 - 2014-04-12 21:56 - 00177988 _____ () C:\Windows\system32\perfc00E.dat 2014-11-02 12:16 - 2014-04-12 21:46 - 00408958 _____ () C:\Windows\system32\perfh00D.dat 2014-11-02 12:16 - 2014-04-12 21:46 - 00064964 _____ () C:\Windows\system32\perfc00D.dat 2014-11-02 12:16 - 2014-04-12 21:36 - 00427206 _____ () C:\Windows\system32\perfh00B.dat 2014-11-02 12:16 - 2014-04-12 21:36 - 00081788 _____ () C:\Windows\system32\perfc00B.dat 2014-11-02 12:16 - 2014-04-12 21:26 - 00800660 _____ () C:\Windows\system32\perfh00A.dat 2014-11-02 12:16 - 2014-04-12 21:26 - 00166550 _____ () C:\Windows\system32\perfc00A.dat 2014-11-02 12:16 - 2014-04-12 21:15 - 00542632 _____ () C:\Windows\system32\perfh008.dat 2014-11-02 12:16 - 2014-04-12 21:15 - 00089196 _____ () C:\Windows\system32\perfc008.dat 2014-11-02 12:16 - 2014-04-12 21:09 - 00765378 _____ () C:\Windows\system32\perfh007.dat 2014-11-02 12:16 - 2014-04-12 21:09 - 00159696 _____ () C:\Windows\system32\perfc007.dat 2014-11-02 12:16 - 2014-04-12 21:03 - 00456508 _____ () C:\Windows\system32\perfh006.dat 2014-11-02 12:16 - 2014-04-12 21:03 - 00079760 _____ () C:\Windows\system32\perfc006.dat 2014-11-02 12:16 - 2014-04-12 20:58 - 00731574 _____ () C:\Windows\system32\perfh005.dat 2014-11-02 12:16 - 2014-04-12 20:58 - 00151818 _____ () C:\Windows\system32\perfc005.dat 2014-11-02 12:16 - 2014-04-12 20:49 - 00802234 _____ () C:\Windows\system32\perfh00C.dat 2014-11-02 12:16 - 2014-04-12 20:49 - 00422260 _____ () C:\Windows\system32\perfh001.dat 2014-11-02 12:16 - 2014-04-12 20:49 - 00159184 _____ () C:\Windows\system32\perfc00C.dat 2014-11-02 12:16 - 2014-04-12 20:49 - 00064964 _____ () C:\Windows\system32\perfc001.dat 2014-11-02 12:16 - 2014-03-18 11:03 - 18547198 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-02 12:09 - 2014-07-24 02:36 - 00000000 ____D () C:\Windows\Driver Cache 2014-11-02 12:09 - 2014-03-18 10:54 - 00727292 _____ () C:\Windows\PFRO.log 2014-11-02 12:09 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-02 12:09 - 2013-08-22 14:25 - 00000194 _____ () C:\Windows\win.ini 2014-11-02 11:56 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-02 11:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-11-02 11:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-11-01 16:39 - 2014-07-24 02:48 - 00000000 ____D () C:\ProgramData\CyberLink 2014-11-01 16:39 - 2014-07-24 02:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-01 16:37 - 2014-07-24 02:45 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2014-11-01 16:37 - 2014-07-24 02:41 - 00000000 ____D () C:\Program Files (x86)\Splashtop 2014-11-01 16:37 - 2014-07-24 02:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI 2014-11-01 16:37 - 2014-07-24 02:38 - 00000000 ____D () C:\Program Files (x86)\MSI 2014-11-01 13:46 - 2013-08-22 15:46 - 00021872 _____ () C:\Windows\setupact.log 2014-10-31 23:00 - 2014-04-25 15:05 - 00000000 ____D () C:\Windows\RE_DRIVE 2014-10-31 22:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-31 22:34 - 2014-07-24 02:43 - 00000000 ____D () C:\ProgramData\Norton 2014-10-31 22:34 - 2013-08-22 15:44 - 00344824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-31 22:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-10-31 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore 2014-10-31 22:08 - 2014-04-12 20:15 - 00000000 ____D () C:\Windows\Panther Some content of TEMP: ==================== C:\Users\Richard\AppData\Local\Temp\13059367852645321960.exe C:\Users\Richard\AppData\Local\Temp\JDSetup130593678509519648.exe C:\Users\Richard\AppData\Local\Temp\proxy_vole8461006690750503778.dll C:\Users\Richard\AppData\Local\Temp\SetupUtil.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-04-12 19:16 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014 Ran by Richard at 2014-11-02 12:51:12 Running from C:\Users\Richard\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Antivirus (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Antivirus (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) AVerMedia H335 MiniCard DVB-T 2.3.64.28 (HKLM-x32\...\AVerMedia H335 MiniCard DVB-T) (Version: 2.3.64.28 - AVerMedia TECHNOLOGIES, Inc.) AVerMedia TV Player (HKLM-x32\...\InstallShield_{DFD1F64D-2AF0-4CE2-9752-D701E80F8D1C}) (Version: 1.8.0 - AVerMedia Technologies, Inc.) AVerMedia TV Player (x32 Version: 1.8.0 - AVerMedia Technologies, Inc.) Hidden Boot Configure (HKLM-x32\...\{A055E402-0EA0-4969-B751-B9373081B405}) (Version: 21.014.05141 - Micro-Star International Co., Ltd.) BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1309.301 - ) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Computer Security 14.115.100.0 (release) (x32 Version: 14.115.100.0 - F-Secure Corporation) Hidden FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski) F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.15.358.0 - F-Secure Corporation) F-Secure (x32 Version: 2.15.358.0 - F-Secure Corporation) Hidden F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden F-Secure Network CCF 1.02.141 (x32 Version: 1.02.141 - F-Secure Corporation) Hidden F-Secure SafeSearch 1.03.159.0 (release) (x32 Version: 1.03.159.0 - F-Secure Corporation) Hidden Gaming Control Center (HKLM-x32\...\Installshield_{25BFC31F-27BF-4870-B043-CBC8400C97F8}) (Version: 0.0.1.4 - MICRO-STAR INT'L,.LTD.) Gaming Control Center (Version: 0.0.1.4 - MSI) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla) Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla) MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team) Nuvoton NCT6681 CIR Device Driver (HKLM-x32\...\{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}) (Version: 1.4.1003 - Nuvoton Technology Corp.) NVIDIA Graphics Driver 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation) Online Safety 2.115.2783.1598 (x32 Version: 2.115.2783.1598 - F-Secure Corporation) Hidden Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.41.1042 - Qualcomm Atheros) Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - ) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.) ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version: - Roccat GmbH) Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.06 - Creative Technology Limited) XnViewMP 0.69 (HKLM\...\XnViewMP_is1) (Version: 0.69 - Gougelet Pierre-e) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 31-10-2014 21:18:10 Removed Splashtop Streamer ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23E35DFE-72D9-420E-A2D6-E9A53D7CCC3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3EA8CB6B-127F-4DFF-80E1-6F7B5884D7FB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {477E572F-58B6-4FA9-BD66-17C0720A3FC8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-03] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7861768D-65BF-4E01-9D37-EF0950E0F5CD} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8BF9A406-B81D-47D8-869E-91375F0038CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-24 02:33 - 2014-01-08 01:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-07-24 02:45 - 2014-07-23 08:38 - 00403456 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe 2014-07-24 02:45 - 2014-07-23 08:38 - 00163840 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe 2014-07-24 02:37 - 2014-02-21 19:21 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL 2014-07-24 02:37 - 2014-02-21 19:19 - 00366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL 2011-01-06 14:27 - 2011-01-06 14:27 - 02342400 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe 2014-03-03 20:53 - 2014-03-03 20:53 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2014-05-25 15:18 - 2014-05-25 15:18 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe 2014-05-25 15:18 - 2014-05-25 15:18 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll 2014-05-25 15:17 - 2014-05-25 15:17 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1543957082-4200568014-2125959290-500 - Administrator - Disabled) Gast (S-1-5-21-1543957082-4200568014-2125959290-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1543957082-4200568014-2125959290-1004 - Limited - Enabled) Richard (S-1-5-21-1543957082-4200568014-2125959290-1002 - Administrator - Enabled) => C:\Users\Richard ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/02/2014 00:51:13 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 5 2014-11-02 12:51:13+02:00 RICK SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\windows\mod_frst.exe File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4 Error: (11/02/2014 00:51:10 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 4 2014-11-02 12:51:10+02:00 RICK Rick\Richard F-Secure Anti-Virus Spyware detected: Type: adware Family: Name: Adware.SwiftBrowse.CH Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp Error: (11/02/2014 00:23:28 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 3 2014-11-02 12:23:28+02:00 RICK Rick\Richard F-Secure Anti-Virus Spyware detected: Type: adware Family: Name: Adware.SwiftBrowse.CH Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp Error: (11/02/2014 00:23:13 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 2 2014-11-02 12:23:13+02:00 RICK Rick\Richard F-Secure Anti-Virus Spyware detected: Type: adware Family: Name: Adware.SwiftBrowse.CH Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp Error: (11/02/2014 00:13:51 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 1 2014-11-02 12:13:51+02:00 RICK Rick\Richard F-Secure Anti-Virus Spyware detected: Type: adware Family: Name: Adware.SwiftBrowse.CH Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp Error: (11/02/2014 00:09:25 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 29 2014-11-02 12:09:25+02:00 RICK Rick\Richard F-Secure Anti-Virus Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. Infection: Gen:Variant.Adware.Graftor.159320 Error: (11/02/2014 00:09:00 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 28 2014-11-02 12:09:00+02:00 RICK Rick\Richard F-Secure Anti-Virus Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. Infection: Gen:Variant.Adware.Graftor.159320 Error: (11/02/2014 00:08:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 27 2014-11-02 12:08:54+02:00 RICK Rick\Richard F-Secure Anti-Virus Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. Infection: Gen:Variant.Adware.Graftor.159320 Error: (11/02/2014 00:08:24 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 26 2014-11-02 12:08:24+02:00 RICK Rick\Richard F-Secure Anti-Virus Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. Infection: Gen:Variant.Adware.Graftor.159320 Error: (11/02/2014 00:07:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 25 2014-11-02 12:07:54+02:00 RICK Rick\Richard F-Secure Anti-Virus Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. Infection: Gen:Variant.Adware.Graftor.159320 System errors: ============= Error: (11/02/2014 00:12:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (11/02/2014 00:12:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1326 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (11/02/2014 11:53:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (11/02/2014 11:53:17 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1326 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (11/02/2014 11:50:55 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (11/02/2014 11:50:22 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (11/02/2014 11:48:09 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (11/02/2014 11:47:36 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (11/01/2014 04:45:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105. Error: (11/01/2014 04:34:42 PM) (Source: disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden. Microsoft Office Sessions: ========================= Error: (11/02/2014 00:51:13 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 5 2014-11-02 12:51:13+02:00 RICK SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\windows\mod_frst.exe File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4 Error: (11/02/2014 00:51:10 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 4 2014-11-02 12:51:10+02:00 RICK Rick\Richard F-Secure Anti-Virus Spyware detected: Type: adware Family: Name: Adware.SwiftBrowse.CH Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp Error: (11/02/2014 00:23:28 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 3 2014-11-02 12:23:28+02:00 RICK Rick\Richard F-Secure Anti-Virus Spyware detected: Type: adware Family: Name: Adware.SwiftBrowse.CH Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp Error: (11/02/2014 00:23:13 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 2 2014-11-02 12:23:13+02:00 RICK Rick\Richard F-Secure Anti-Virus Spyware detected: Type: adware Family: Name: Adware.SwiftBrowse.CH Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp Error: (11/02/2014 00:13:51 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 1 2014-11-02 12:13:51+02:00 RICK Rick\Richard F-Secure Anti-Virus Spyware detected: Type: adware Family: Name: Adware.SwiftBrowse.CH Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp Error: (11/02/2014 00:09:25 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 29 2014-11-02 12:09:25+02:00 RICK Rick\Richard F-Secure Anti-Virus Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. Infection: Gen:Variant.Adware.Graftor.159320 Error: (11/02/2014 00:09:00 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 28 2014-11-02 12:09:00+02:00 RICK Rick\Richard F-Secure Anti-Virus Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. Infection: Gen:Variant.Adware.Graftor.159320 Error: (11/02/2014 00:08:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 27 2014-11-02 12:08:54+02:00 RICK Rick\Richard F-Secure Anti-Virus Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. Infection: Gen:Variant.Adware.Graftor.159320 Error: (11/02/2014 00:08:24 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 26 2014-11-02 12:08:24+02:00 RICK Rick\Richard F-Secure Anti-Virus Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. Infection: Gen:Variant.Adware.Graftor.159320 Error: (11/02/2014 00:07:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: ) Description: 25 2014-11-02 12:07:54+02:00 RICK Rick\Richard F-Secure Anti-Virus Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. Infection: Gen:Variant.Adware.Graftor.159320 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz Percentage of memory in use: 19% Total physical RAM: 16306 MB Available physical RAM: 13122.47 MB Total Pagefile: 19250 MB Available Pagefile: 16370.48 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS_Install) (Fixed) (Total:237.67 GB) (Free:178.54 GB) NTFS Drive d: (Data) (Fixed) (Total:912.18 GB) (Free:479.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: F1EDCD87) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: F1EDCDA0) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 02.11.2014 Scan Time: 12:04:30 Logfile: mwb_scan_log1.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.02.03 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Richard Scan Type: Threat Scan Result: Completed Objects Scanned: 350412 Time Elapsed: 4 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe, 2296, Delete-on-Reboot, [44b7e84e19639e98e235c2073fc2629e] PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe, 2572, Delete-on-Reboot, [817af541bfbd1b1b4ec9e2e7748db848] PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter64.exe, 4852, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83] Modules: 0 (No malicious items detected) Registry Keys: 23 PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Framed Display, Quarantined, [44b7e84e19639e98e235c2073fc2629e], PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Framed Display, Quarantined, [817af541bfbd1b1b4ec9e2e7748db848], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [7e7d8fa782fa6ccac39f697c649ec33d], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [7e7d8fa782fa6ccac39f697c649ec33d], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{05b5ef3f-4c6a-426e-b77e-48ebb3e721f1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A6CEB2DE-65F7-46FE-89DA-446DD487F293}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5B81129C-6563-411B-A509-6BBB01EC25FF}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5B81129C-6563-411B-A509-6BBB01EC25FF}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A6CEB2DE-65F7-46FE-89DA-446DD487F293}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{05B5EF3F-4C6A-426E-B77E-48EBB3E721F1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{05B5EF3F-4C6A-426E-B77E-48EBB3E721F1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{05B5EF3F-4C6A-426E-B77E-48EBB3E721F1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Framed Display, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [24d7fd39cdafdd59c7f6c59c23e0b848], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [e51669cd275538fe47b589eec53f10f0], Registry Values: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, Quarantined, [e51669cd275538fe47b589eec53f10f0] Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins, Quarantined, [e813e5514834d660ad73f3aa83817d83], Files: 30 PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe, Delete-on-Reboot, [44b7e84e19639e98e235c2073fc2629e], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe, Delete-on-Reboot, [817af541bfbd1b1b4ec9e2e7748db848], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplaybho.dll, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.BPlug, C:\Users\Richard\AppData\Local\Temp\is1901864539\1DE257BB_stp.EXE, Quarantined, [72890c2a56269e980381b60bbb46817f], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplay.ico, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\0, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\7za.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplayUninstall.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.InstallState, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\6db7eb66a30b41a3809c.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\6db7eb66a30b41a3809c64.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\7za.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\bau, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\BrowserAdapter.7z, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter64.exe, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.PurBrowse64.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.PurBrowseG.zip, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.InstallState, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\{6db7eb66-a30b-41a3-809c-addb2341dafb}.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\{6db7eb66-a30b-41a3-809c-addb2341dafb}64.dll, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.Bromon.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.BroStats.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.BrowserAdapter.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.CompatibilityChecker.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.FFUpdate.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.GCUpdate.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.IEUpdate.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.Msvcmon.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.PurBrowseG.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 02.11.2014 Scan Time: 12:11:29 Logfile: mwb_scan_log.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.02.03 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Richard Scan Type: Threat Scan Result: Completed Objects Scanned: 349669 Time Elapsed: 4 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Schon mal vielen Dank im Voraus. |
02.11.2014, 13:34 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1 Framed Display Virus eingefangen Hallo und
__________________Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
02.11.2014, 14:06 | #3 |
| Win 8.1 Framed Display Virus eingefangen AdwCleaner:
__________________Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 02/11/2014 um 13:41:20 # DB v2014-10-26.6 # Aktualisiert 27/10/2014 von Xplode # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Richard - RICK # Gestartet von : C:\Users\Richard\Desktop\AdwCleaner_4.002.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Richard\AppData\Local\Temp\Framed Display Datei Gelöscht : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\user.js ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKCU\Software\Framed Display Schlüssel Gelöscht : HKLM\SOFTWARE\Framed Display Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17037 -\\ Mozilla Firefox v33.0.2 (x86 de) -\\ Google Chrome v38.0.2125.111 ************************* AdwCleaner[R0].txt - [1325 octets] - [02/11/2014 13:39:24] AdwCleaner[S0].txt - [1181 octets] - [02/11/2014 13:41:20] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1241 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.5 (10.31.2014:1) OS: Windows 8.1 x64 Ran by Richard on 02.11.2014 at 13:58:26,52 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Successfully deleted: [File] C:\Users\Richard\AppData\Roaming\mozilla\firefox\profiles\kix51rke.default\invalidprefs.js Emptied folder: C:\Users\Richard\AppData\Roaming\mozilla\firefox\profiles\kix51rke.default\minidumps [44 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.11.2014 at 13:59:56,36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014 Ran by Richard (administrator) on RICK on 02-11-2014 14:00:39 Running from C:\Users\Richard\Desktop Loaded Profile: Richard (Available profiles: Richard) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe (MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMIHookFnNotifier.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe () C:\Program Files\Rainmeter\Rainmeter.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-07-23] (Realtek Semiconductor) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [] => [X] HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-02-24] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation) HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1543957082-4200568014-2125959290-1002\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2342400 2011-01-06] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{FB55FA5A-08CB-4A14-A0C5-5BCDB3F1ACC4}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com SearchScopes: HKLM - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS SearchScopes: HKLM-x32 - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS SearchScopes: HKCU - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default FF Homepage: about: FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\ixquick---deutsch.xml FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\linguee-de-en.xml FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\metager.xml FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\startpage-https---deutsch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\abs@avira.com [2014-11-01] FF Extension: German Dictionary - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-11-01] FF Extension: HTTPS-Everywhere - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\https-everywhere@eff.org [2014-11-01] FF Extension: rein - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\rein@notiz.jp [2014-11-01] FF Extension: No Name - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\temp [2014-11-01] FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-11-01] FF Extension: Linkification - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2014-11-01] FF Extension: Compact Menu 2 - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4} [2014-11-01] FF Extension: No Name - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{9w50ge7w-88c1-4wcg-bxg9-90g1a5d31c3z} [2014-11-01] FF Extension: WOT - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-01] FF Extension: DownloadHelper - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01] FF Extension: Dictionary Tooltip - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{C6128004-4838-4708-9A97-BB172D17767D}(2) [2014-11-01] FF Extension: BetterPrivacy - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2014-11-01] FF Extension: Whitehart - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9} [2014-11-01] FF Extension: ImageHost Grabber - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2014-11-01] FF Extension: checkCompatibility - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\check-compatibility@dactyl.googlecode.com.xpi [2014-11-01] FF Extension: Classic Theme Restorer - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-01] FF Extension: CookieKiller - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\cookiekiller@joseph.moran.xpi [2014-11-01] FF Extension: FireGestures - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\firegestures@xuldev.org.xpi [2014-11-01] FF Extension: YouTube mp3 - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\info@youtube-mp3.org.xpi [2014-11-01] FF Extension: Simple White - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\Simple@White.Theme.xpi [2014-11-01] FF Extension: Image Zoom - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-11-01] FF Extension: NoScript - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-01] FF Extension: MeasureIt - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-11-01] FF Extension: Adblock Plus - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01] FF HKLM-x32\...\Firefox\Extensions: [{306eaf01-4e65-43d2-8504-1ae0c1859338}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-10-31] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-01] CHR Extension: (Google Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-31] CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [364544 2014-07-23] (AVerMedia) [File not signed] R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2014-07-23] () [File not signed] R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation) R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation) R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-23] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-07-23] (Intel Corporation) R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-07-24] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] () S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-07-24] (Microsoft Corporation) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-03-03] (Qualcomm Atheros) [File not signed] S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-24] (Microsoft Corporation) R2 WMI_Hook_Service; C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [134792 2014-03-28] (MICRO-STAR INT'L,.LTD.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [81072 2014-02-20] (Qualcomm Atheros, Inc.) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.) R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202792 2014-10-31] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-10-31] (F-Secure Corporation) R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-10-31] () R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-10-31] (F-Secure Corporation) R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] () R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-07-23] (Intel Corporation) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-07-23] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3610592 2014-01-28] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_win8_x64.sys [42264 2013-07-03] (Nuvoton Technology Corp.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-24] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-02 13:59 - 2014-11-02 13:59 - 00000941 _____ () C:\Users\Richard\Desktop\JRT.txt 2014-11-02 13:58 - 2014-11-02 13:58 - 00000000 ____D () C:\Windows\ERUNT 2014-11-02 13:50 - 2014-11-02 13:50 - 01706359 _____ (Thisisu) C:\Users\Richard\Desktop\JRT.exe 2014-11-02 13:49 - 2014-11-02 13:49 - 00001321 _____ () C:\Users\Richard\Desktop\AdwCleaner[S0].txt 2014-11-02 13:39 - 2014-11-02 13:41 - 00000000 ____D () C:\AdwCleaner 2014-11-02 13:37 - 2014-11-02 13:37 - 01998336 _____ () C:\Users\Richard\Desktop\AdwCleaner_4.002.exe 2014-11-02 12:51 - 2014-11-02 12:51 - 00024661 _____ () C:\Users\Richard\Desktop\Addition.txt 2014-11-02 12:50 - 2014-11-02 14:00 - 00021326 _____ () C:\Users\Richard\Desktop\FRST.txt 2014-11-02 12:50 - 2014-11-02 14:00 - 00000000 ____D () C:\FRST 2014-11-02 12:48 - 2014-11-02 12:48 - 02114048 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe 2014-11-02 12:29 - 2014-11-02 12:35 - 00051630 _____ () C:\Users\Richard\Desktop\Extras.Txt 2014-11-02 12:29 - 2014-11-02 12:33 - 00130812 _____ () C:\Users\Richard\Desktop\OTL.Txt 2014-11-02 12:20 - 2014-11-02 12:20 - 00602112 _____ (OldTimer Tools) C:\Users\Richard\Downloads\OTL.exe 2014-11-02 12:11 - 2014-11-02 12:11 - 00001197 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Malwarebytes.lnk 2014-11-02 12:04 - 2014-11-02 12:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-02 12:04 - 2014-11-02 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-02 12:04 - 2014-11-02 12:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-02 12:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-02 12:04 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-02 12:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-02 11:56 - 2014-11-02 11:56 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp 2014-11-02 11:52 - 2014-11-02 11:53 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Richard\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-02 11:44 - 2014-11-02 11:45 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-02 11:44 - 2014-10-03 10:02 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-02 11:33 - 2014-11-02 11:33 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieUserList 2014-11-02 11:33 - 2014-11-02 11:33 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieSiteList 2014-11-02 03:46 - 2014-11-02 03:46 - 00002175 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\JDownloader 2.lnk 2014-11-02 03:13 - 2014-11-02 03:13 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2014-11-02 03:12 - 2014-11-02 03:24 - 00000000 ____D () C:\Users\Richard\AppData\Local\JDownloader v2.0 2014-11-02 02:57 - 2014-11-02 02:57 - 00000000 ____D () C:\Users\Richard\AppData\Local\Intel_Corporation 2014-11-01 21:38 - 2014-11-01 21:38 - 00001254 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Adobe Photoshop.lnk 2014-11-01 21:33 - 2014-11-01 21:33 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-11-01 21:33 - 1998-11-05 11:08 - 00087392 ____N (Twain Working Group) C:\Windows\twain.dll 2014-11-01 21:30 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe 2014-11-01 20:56 - 2014-11-01 20:59 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\.minecraft 2014-11-01 20:56 - 2014-11-01 20:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\java 2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Sun 2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\Program Files (x86)\Java 2014-11-01 20:15 - 2014-11-02 13:00 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\XnViewMP 2014-11-01 20:15 - 2014-11-01 20:15 - 00001048 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\XnViewMP.lnk 2014-11-01 20:10 - 2014-11-01 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP 2014-11-01 20:10 - 2014-11-01 20:10 - 00000000 ____D () C:\Program Files\XnViewMP 2014-11-01 19:57 - 2014-11-01 19:57 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\MPC-HC 2014-11-01 19:56 - 2014-11-01 19:56 - 00000000 ____D () C:\Program Files\MPC-HC 2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Users\Richard\Documents\Rainmeter 2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Rainmeter 2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Program Files\Rainmeter 2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Users\Richard\Documents\Splashtop Whiteboard 2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Users\Richard\Documents\Splashtop Presenter 2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\ProgramData\SplitMediaLabs 2014-11-01 15:04 - 2014-11-01 15:04 - 00000955 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\geek.lnk 2014-11-01 12:48 - 2014-11-01 12:48 - 00000000 ____D () C:\Users\Richard\AppData\Local\AVerMedia TV Player 2014-11-01 12:47 - 2014-11-01 12:47 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\WebApp 2014-11-01 12:47 - 2014-11-01 12:47 - 00000000 ____D () C:\Users\Public\CyberLink 2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\Documents\CyberLink 2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\CyberLink 2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\Cyberlink 2014-11-01 12:46 - 2014-11-01 16:38 - 00000000 ____D () C:\Users\Richard\Documents\MediaCloud 2014-11-01 12:44 - 2014-11-01 12:44 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2014-11-01 12:44 - 2014-11-01 12:44 - 00000000 ____D () C:\ProgramData\GamingControlCenter 2014-11-01 12:43 - 2014-11-02 13:42 - 00000000 ___HD () C:\Users\Richard\.rainlendar2 2014-11-01 12:43 - 2014-11-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Rainlendar2 2014-11-01 12:41 - 2013-09-07 10:10 - 00675988 _____ () C:\Users\Richard\Downloads\Minecraft.exe 2014-11-01 12:39 - 2014-11-01 12:39 - 00000000 ____D () C:\ProgramData\ROCCAT 2014-11-01 12:38 - 2014-11-01 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT 2014-11-01 12:38 - 2014-11-01 12:38 - 00000000 ____D () C:\Program Files (x86)\ROCCAT 2014-11-01 11:37 - 2014-11-01 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Thunderbird 2014-11-01 11:37 - 2014-11-01 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Local\Thunderbird 2014-11-01 11:33 - 2014-11-01 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-11-01 11:00 - 2014-11-01 11:00 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys 2014-11-01 10:53 - 2014-11-01 12:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-01 10:53 - 2014-11-01 10:54 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla 2014-11-01 10:53 - 2014-11-01 10:54 - 00000000 ____D () C:\Users\Richard\AppData\Local\Mozilla 2014-11-01 10:53 - 2014-11-01 10:53 - 00000000 ____D () C:\ProgramData\Mozilla 2014-11-01 10:53 - 2014-11-01 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-01 10:42 - 2014-11-01 10:42 - 00000000 ___RD () C:\Users\Richard\Documents\xls 2014-11-01 10:42 - 2014-11-01 10:42 - 00000000 ____D () C:\Users\Richard\Documents\txt 2014-11-01 10:42 - 2014-10-12 14:42 - 430346312 _____ () C:\Users\Richard\Documents\backup.dpb 2014-11-01 10:41 - 2014-11-01 10:42 - 00000000 ____D () C:\Users\Richard\Documents\roman 2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\pdf 2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\Papyrus Backups 2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\netbank 2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\firma 2014-11-01 10:40 - 2014-11-01 13:47 - 00000000 ____D () C:\Users\Richard\Documents\diverses 2014-11-01 10:40 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\DVD Profiler 2014-11-01 10:40 - 2014-11-01 10:40 - 00000000 ____D () C:\Users\Richard\Documents\doc 2014-11-01 10:07 - 2014-11-01 10:07 - 00000000 ____D () C:\Users\Richard\AppData\Local\FreeCommanderXE 2014-11-01 10:07 - 2014-11-01 10:07 - 00000000 ____D () C:\Program Files (x86)\FreeCommander XE 2014-11-01 10:05 - 2014-11-01 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-11-01 10:05 - 2014-11-01 10:05 - 00000000 ____D () C:\Program Files\7-Zip 2014-11-01 10:02 - 2014-11-01 10:02 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps 2014-11-01 01:06 - 2014-11-02 13:54 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\ClassicShell 2014-11-01 01:04 - 2014-11-01 01:05 - 00000000 ____D () C:\ProgramData\ClassicShell 2014-11-01 01:01 - 2014-11-01 01:01 - 00000000 ____D () C:\Program Files\Classic Shell 2014-10-31 22:36 - 2014-10-31 22:45 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys 2014-10-31 22:36 - 2014-10-31 22:36 - 00000657 _____ () C:\Windows\fsav_db_setup.log 2014-10-31 22:35 - 2014-10-31 22:36 - 04143130 _____ () C:\Windows\FSISU.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00895110 _____ () C:\Windows\FSSFM.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00804920 _____ () C:\Windows\FSSETUP.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00136077 _____ () C:\Windows\FSPROD.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00088490 _____ () C:\Windows\RunSetup.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00070869 _____ () C:\Windows\FSAVINST.LOG 2014-10-31 22:35 - 2014-10-31 22:36 - 00009874 _____ () C:\Windows\FSAVCSIN.LOG 2014-10-31 22:35 - 2014-10-31 22:36 - 00004347 _____ () C:\Windows\FSGKIAIN.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00004230 _____ () C:\Windows\fstnbins.LOG 2014-10-31 22:35 - 2014-10-31 22:36 - 00003335 _____ () C:\Windows\fsavunin.log 2014-10-31 22:35 - 2014-10-31 22:36 - 00001837 _____ () C:\Windows\FSLDIN.LOG 2014-10-31 22:35 - 2014-10-31 22:35 - 00140799 _____ () C:\Windows\FSDEPH.log 2014-10-31 22:35 - 2014-10-31 22:35 - 00020560 _____ () C:\Windows\prodsett_copy.ini 2014-10-31 22:35 - 2014-10-31 22:35 - 00019322 _____ () C:\Windows\fspplugin.log 2014-10-31 22:31 - 2014-11-02 13:52 - 00000000 ____D () C:\Users\Richard\AppData\Local\F-Secure 2014-10-31 22:31 - 2014-10-31 22:36 - 00000000 ____D () C:\ProgramData\F-Secure 2014-10-31 22:31 - 2014-10-31 22:36 - 00000000 ____D () C:\Program Files (x86)\F-Secure 2014-10-31 22:31 - 2014-10-31 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure 2014-10-31 22:18 - 2014-10-31 22:18 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Macromedia 2014-10-31 22:17 - 2014-11-02 13:41 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-31 22:17 - 2014-11-02 13:27 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-31 22:17 - 2014-10-31 22:22 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-31 22:17 - 2014-10-31 22:22 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Micro-Star_International_ 2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Google 2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-31 22:16 - 2014-10-31 22:21 - 00000564 _____ () C:\SSUUpdater.log 2014-10-31 22:15 - 2014-11-02 13:32 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1543957082-4200568014-2125959290-1002 2014-10-31 22:10 - 2014-10-31 22:10 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Intel Corporation 2014-10-31 22:09 - 2014-11-01 21:35 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Adobe 2014-10-31 22:09 - 2014-11-01 12:43 - 00000000 ____D () C:\Users\Richard 2014-10-31 22:09 - 2014-11-01 12:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\VirtualStore 2014-10-31 22:09 - 2014-10-31 22:09 - 00000020 ___SH () C:\Users\Richard\ntuser.ini 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Vorlagen 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Startmenü 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Netzwerkumgebung 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Lokale Einstellungen 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Eigene Dateien 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Druckumgebung 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Documents\Eigene Musik 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Documents\Eigene Bilder 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Local\Verlauf 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Local\Anwendungsdaten 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Anwendungsdaten 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Intel 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Local\Packages 2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Local\AVerMedia 2014-10-31 22:09 - 2014-07-24 02:17 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-31 22:09 - 2014-03-18 11:33 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-31 22:09 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-31 22:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-31 22:06 - 2014-11-02 13:52 - 01470660 _____ () C:\Windows\WindowsUpdate.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-02 13:45 - 2014-04-13 00:06 - 00450712 _____ () C:\Windows\system32\prfh0404.dat 2014-11-02 13:45 - 2014-04-13 00:06 - 00135868 _____ () C:\Windows\system32\prfc0404.dat 2014-11-02 13:45 - 2014-04-12 23:58 - 00436346 _____ () C:\Windows\system32\prfh0804.dat 2014-11-02 13:45 - 2014-04-12 23:58 - 00135868 _____ () C:\Windows\system32\prfc0804.dat 2014-11-02 13:45 - 2014-04-12 23:45 - 00715654 _____ () C:\Windows\system32\perfh01F.dat 2014-11-02 13:45 - 2014-04-12 23:45 - 00150298 _____ () C:\Windows\system32\perfc01F.dat 2014-11-02 13:45 - 2014-04-12 23:33 - 00725516 _____ () C:\Windows\system32\perfh01D.dat 2014-11-02 13:45 - 2014-04-12 23:33 - 00152370 _____ () C:\Windows\system32\perfc01D.dat 2014-11-02 13:45 - 2014-04-12 23:11 - 00781168 _____ () C:\Windows\system32\perfh019.dat 2014-11-02 13:45 - 2014-04-12 23:11 - 00161704 _____ () C:\Windows\system32\perfc019.dat 2014-11-02 13:45 - 2014-04-12 22:59 - 00789596 _____ () C:\Windows\system32\prfh0816.dat 2014-11-02 13:45 - 2014-04-12 22:59 - 00164166 _____ () C:\Windows\system32\prfc0816.dat 2014-11-02 13:45 - 2014-04-12 22:52 - 00775740 _____ () C:\Windows\system32\prfh0416.dat 2014-11-02 13:45 - 2014-04-12 22:52 - 00158832 _____ () C:\Windows\system32\prfc0416.dat 2014-11-02 13:45 - 2014-04-12 22:45 - 00798800 _____ () C:\Windows\system32\perfh015.dat 2014-11-02 13:45 - 2014-04-12 22:45 - 00163682 _____ () C:\Windows\system32\perfc015.dat 2014-11-02 13:45 - 2014-04-12 22:39 - 00798252 _____ () C:\Windows\system32\perfh013.dat 2014-11-02 13:45 - 2014-04-12 22:39 - 00162330 _____ () C:\Windows\system32\perfc013.dat 2014-11-02 13:45 - 2014-04-12 22:32 - 00441600 _____ () C:\Windows\system32\perfh014.dat 2014-11-02 13:45 - 2014-04-12 22:32 - 00077252 _____ () C:\Windows\system32\perfc014.dat 2014-11-02 13:45 - 2014-04-12 22:17 - 00508106 _____ () C:\Windows\system32\perfh012.dat 2014-11-02 13:45 - 2014-04-12 22:17 - 00135868 _____ () C:\Windows\system32\perfc012.dat 2014-11-02 13:45 - 2014-04-12 22:10 - 00498064 _____ () C:\Windows\system32\perfh011.dat 2014-11-02 13:45 - 2014-04-12 22:10 - 00135868 _____ () C:\Windows\system32\perfc011.dat 2014-11-02 13:45 - 2014-04-12 22:03 - 00794000 _____ () C:\Windows\system32\perfh010.dat 2014-11-02 13:45 - 2014-04-12 22:03 - 00156420 _____ () C:\Windows\system32\perfc010.dat 2014-11-02 13:45 - 2014-04-12 21:56 - 00743402 _____ () C:\Windows\system32\perfh00E.dat 2014-11-02 13:45 - 2014-04-12 21:56 - 00177988 _____ () C:\Windows\system32\perfc00E.dat 2014-11-02 13:45 - 2014-04-12 21:46 - 00408958 _____ () C:\Windows\system32\perfh00D.dat 2014-11-02 13:45 - 2014-04-12 21:46 - 00064964 _____ () C:\Windows\system32\perfc00D.dat 2014-11-02 13:45 - 2014-04-12 21:36 - 00427206 _____ () C:\Windows\system32\perfh00B.dat 2014-11-02 13:45 - 2014-04-12 21:36 - 00081788 _____ () C:\Windows\system32\perfc00B.dat 2014-11-02 13:45 - 2014-04-12 21:26 - 00800660 _____ () C:\Windows\system32\perfh00A.dat 2014-11-02 13:45 - 2014-04-12 21:26 - 00166550 _____ () C:\Windows\system32\perfc00A.dat 2014-11-02 13:45 - 2014-04-12 21:15 - 00542632 _____ () C:\Windows\system32\perfh008.dat 2014-11-02 13:45 - 2014-04-12 21:15 - 00089196 _____ () C:\Windows\system32\perfc008.dat 2014-11-02 13:45 - 2014-04-12 21:09 - 00765378 _____ () C:\Windows\system32\perfh007.dat 2014-11-02 13:45 - 2014-04-12 21:09 - 00159696 _____ () C:\Windows\system32\perfc007.dat 2014-11-02 13:45 - 2014-04-12 21:03 - 00456508 _____ () C:\Windows\system32\perfh006.dat 2014-11-02 13:45 - 2014-04-12 21:03 - 00079760 _____ () C:\Windows\system32\perfc006.dat 2014-11-02 13:45 - 2014-04-12 20:58 - 00731574 _____ () C:\Windows\system32\perfh005.dat 2014-11-02 13:45 - 2014-04-12 20:58 - 00151818 _____ () C:\Windows\system32\perfc005.dat 2014-11-02 13:45 - 2014-04-12 20:49 - 00802234 _____ () C:\Windows\system32\perfh00C.dat 2014-11-02 13:45 - 2014-04-12 20:49 - 00422260 _____ () C:\Windows\system32\perfh001.dat 2014-11-02 13:45 - 2014-04-12 20:49 - 00159184 _____ () C:\Windows\system32\perfc00C.dat 2014-11-02 13:45 - 2014-04-12 20:49 - 00064964 _____ () C:\Windows\system32\perfc001.dat 2014-11-02 13:45 - 2014-03-18 11:03 - 18547198 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-02 13:41 - 2014-03-18 10:54 - 00727854 _____ () C:\Windows\PFRO.log 2014-11-02 13:41 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-02 12:09 - 2014-07-24 02:36 - 00000000 ____D () C:\Windows\Driver Cache 2014-11-02 12:09 - 2013-08-22 14:25 - 00000194 _____ () C:\Windows\win.ini 2014-11-02 11:56 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-02 11:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-11-02 11:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-11-01 16:39 - 2014-07-24 02:48 - 00000000 ____D () C:\ProgramData\CyberLink 2014-11-01 16:39 - 2014-07-24 02:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-01 16:37 - 2014-07-24 02:41 - 00000000 ____D () C:\Program Files (x86)\Splashtop 2014-11-01 16:37 - 2014-07-24 02:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI 2014-11-01 16:37 - 2014-07-24 02:38 - 00000000 ____D () C:\Program Files (x86)\MSI 2014-11-01 13:46 - 2013-08-22 15:46 - 00021872 _____ () C:\Windows\setupact.log 2014-10-31 23:00 - 2014-04-25 15:05 - 00000000 ____D () C:\Windows\RE_DRIVE 2014-10-31 22:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-31 22:34 - 2014-07-24 02:43 - 00000000 ____D () C:\ProgramData\Norton 2014-10-31 22:34 - 2013-08-22 15:44 - 00344824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-31 22:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-10-31 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore 2014-10-31 22:08 - 2014-04-12 20:15 - 00000000 ____D () C:\Windows\Panther Some content of TEMP: ==================== C:\Users\Richard\AppData\Local\Temp\13059367852645321960.exe C:\Users\Richard\AppData\Local\Temp\JDSetup130593678509519648.exe C:\Users\Richard\AppData\Local\Temp\proxy_vole8461006690750503778.dll C:\Users\Richard\AppData\Local\Temp\Quarantine.exe C:\Users\Richard\AppData\Local\Temp\SetupUtil.exe C:\Users\Richard\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-04-12 19:16 ==================== End Of Log ============================ --- --- --- Addition_neu: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014 Ran by Richard at 2014-11-02 14:02:40 Running from C:\Users\Richard\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Antivirus (Disabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Antivirus (Disabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) AVerMedia H335 MiniCard DVB-T 2.3.64.28 (HKLM-x32\...\AVerMedia H335 MiniCard DVB-T) (Version: 2.3.64.28 - AVerMedia TECHNOLOGIES, Inc.) AVerMedia TV Player (HKLM-x32\...\InstallShield_{DFD1F64D-2AF0-4CE2-9752-D701E80F8D1C}) (Version: 1.8.0 - AVerMedia Technologies, Inc.) AVerMedia TV Player (x32 Version: 1.8.0 - AVerMedia Technologies, Inc.) Hidden Boot Configure (HKLM-x32\...\{A055E402-0EA0-4969-B751-B9373081B405}) (Version: 21.014.05141 - Micro-Star International Co., Ltd.) BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1309.301 - ) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Computer Security 14.115.100.0 (release) (x32 Version: 14.115.100.0 - F-Secure Corporation) Hidden FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski) F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.15.358.0 - F-Secure Corporation) F-Secure (x32 Version: 2.15.358.0 - F-Secure Corporation) Hidden F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden F-Secure Network CCF 1.02.141 (x32 Version: 1.02.141 - F-Secure Corporation) Hidden F-Secure SafeSearch 1.03.159.0 (release) (x32 Version: 1.03.159.0 - F-Secure Corporation) Hidden Gaming Control Center (HKLM-x32\...\Installshield_{25BFC31F-27BF-4870-B043-CBC8400C97F8}) (Version: 0.0.1.4 - MICRO-STAR INT'L,.LTD.) Gaming Control Center (Version: 0.0.1.4 - MSI) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla) Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla) MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team) Nuvoton NCT6681 CIR Device Driver (HKLM-x32\...\{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}) (Version: 1.4.1003 - Nuvoton Technology Corp.) NVIDIA Graphics Driver 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation) Online Safety 2.115.2783.1598 (x32 Version: 2.115.2783.1598 - F-Secure Corporation) Hidden Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.41.1042 - Qualcomm Atheros) Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - ) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.) ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version: - Roccat GmbH) Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.06 - Creative Technology Limited) XnViewMP 0.69 (HKLM\...\XnViewMP_is1) (Version: 0.69 - Gougelet Pierre-e) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 31-10-2014 21:18:10 Removed Splashtop Streamer ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23E35DFE-72D9-420E-A2D6-E9A53D7CCC3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3EA8CB6B-127F-4DFF-80E1-6F7B5884D7FB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {477E572F-58B6-4FA9-BD66-17C0720A3FC8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-03] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7861768D-65BF-4E01-9D37-EF0950E0F5CD} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8BF9A406-B81D-47D8-869E-91375F0038CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-24 02:33 - 2014-01-08 01:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-07-24 02:45 - 2014-07-23 08:38 - 00403456 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe 2014-07-24 02:45 - 2014-07-23 08:38 - 00163840 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe 2011-01-06 14:27 - 2011-01-06 14:27 - 02342400 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe 2014-03-03 20:53 - 2014-03-03 20:53 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2014-05-25 15:18 - 2014-05-25 15:18 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe 2014-05-25 15:18 - 2014-05-25 15:18 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll 2014-05-25 15:17 - 2014-05-25 15:17 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll 2014-07-24 02:45 - 2014-07-23 08:38 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL 2014-07-08 15:16 - 2014-07-08 15:16 - 00220200 _____ () C:\Program Files (x86)\F-Secure\daas2.dll 2014-10-31 22:39 - 2014-10-31 22:39 - 00030888 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll 2014-10-31 22:35 - 2014-10-31 22:39 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll 2010-05-23 19:20 - 2010-05-23 19:20 - 00126976 _____ () C:\Program Files (x86)\Rainlendar2\lua51.dll 2011-01-06 14:27 - 2011-01-06 14:27 - 00194560 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll 2010-05-23 19:20 - 2010-05-23 19:20 - 00012288 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll 2014-10-31 22:31 - 2014-10-31 22:31 - 00592936 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll 2014-11-01 12:38 - 2012-06-17 11:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll 2014-07-24 02:34 - 2014-07-23 08:34 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1543957082-4200568014-2125959290-500 - Administrator - Disabled) Gast (S-1-5-21-1543957082-4200568014-2125959290-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1543957082-4200568014-2125959290-1004 - Limited - Enabled) Richard (S-1-5-21-1543957082-4200568014-2125959290-1002 - Administrator - Enabled) => C:\Users\Richard ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz Percentage of memory in use: 10% Total physical RAM: 16306 MB Available physical RAM: 14541.39 MB Total Pagefile: 19250 MB Available Pagefile: 17476.11 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (OS_Install) (Fixed) (Total:237.67 GB) (Free:178.43 GB) NTFS Drive d: (Data) (Fixed) (Total:912.18 GB) (Free:479.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: F1EDCD87) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: F1EDCDA0) Partition: GPT Partition Type. ==================== End Of Log ============================ |
02.11.2014, 14:45 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1 Framed Display Virus eingefangen Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
02.11.2014, 15:26 | #5 |
| Win 8.1 Framed Display Virus eingefangen Malewarebytes hat nichts gefunden: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.11.2014 Suchlauf-Zeit: 14:47:17 Logdatei: mwb_scan_log_neu.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.02.03 Rootkit Datenbank: v2014.11.01.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Richard Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 350643 Verstrichene Zeit: 4 Min, 48 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=a69e3a37999de3478457c4190e4e8687 # engine=20894 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-11-02 02:19:01 # local_time=2014-11-02 03:19:01 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 7939544 8773324 0 0 # scanned=703505 # found=1 # cleaned=0 # scan_time=1349 sh=3B519E7788402D4B9DD3D586F88DBCE4A6AB05D0 ft=1 fh=d4e158c1b995bbc3 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richard\AppData\Local\Microsoft\Windows\INetCache\IE\4NPJHBN6\FramedDisplay[1].dll" |
02.11.2014, 16:06 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1 Framed Display Virus eingefangen Nur Müll im Browsercache Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter EmptyTemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> Win 8.1 Framed Display Virus eingefangen |
02.11.2014, 16:41 | #7 |
| Win 8.1 Framed Display Virus eingefangen Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014 Ran by Richard at 2014-11-02 16:36:11 Run:1 Running from C:\Users\Richard\Desktop Loaded Profile: Richard (Available profiles: Richard) Boot Mode: Normal ============================================== Content of fixlist: ***************** EmptyTemp: ***************** EmptyTemp: => Removed 113.8 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== |
02.11.2014, 19:33 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1 Framed Display Virus eingefangenZitat:
Die kommen eigentlich nur dann ins System, wenn man irgendwelche Programmesetups nicht sorgfältig liest bzw nicht die benutzerdefinierte Methode verwendet.
__________________ Logfiles bitte immer in CODE-Tags posten |
02.11.2014, 21:55 | #9 |
| Win 8.1 Framed Display Virus eingefangen Da stimme ich Dir zu, aber ich kann dir garantieren, dass dies hier nicht der Fall war. Ich installiere immer von vertrauenswürdigen Seiten (Chip, heise, etc.) und immer benutzerdefiniert und sehr sorgfältig. Ist aber egal. Der Virus ist runter und ich danke Dir nochmals für deine Hilfe. |
02.11.2014, 22:21 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1 Framed Display Virus eingefangen Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Win 8.1 Framed Display Virus eingefangen |
adware, avira, browser, device driver, fehlercode 70, firefox, helper, install.exe, installation, mozilla, object, performance, pup.optional.bplug, pup.optional.browsefox.a, pup.optional.frameddisplay.a, pup.optional.installcore.a, realtek, registry, scan, spyware, system, usb, warnung, win32/browsefox.o, windows |