Win 8.1 Framed Display Virus eingefangen

Cooder · 02.11.2014, 13:27

Hallo,
ich habe einen neuen Rechner und dementsprechend installiere ich z.Z. viele Software. Bei der Installation einer Software ( ich vermute Jdownloader 2) habe ich mir den Virus "Framed Display" eingefangen.
F-secure hat ihn gemeldet - konnte ihn aber nicht löschen.
Ich habe dann Malewarebytes installiert, der wohl alles gelöscht hat. Zumindest konnte er bei einem zweiten Scan nichts mehr finden.
Dennoch bin ich mir nicht sicher, ob mein PC jetzt clean ist. Deswegen würde ich mich freuen, wenn ihr mal drüberschauen könntet:

FRST.txt:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Richard (administrator) on RICK on 02-11-2014 12:50:53
Running from C:\Users\Richard\Desktop
Loaded Profile: Richard (Available profiles: Richard)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMIHookFnNotifier.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-07-23] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [] => [X]
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-02-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1543957082-4200568014-2125959290-1002\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2342400 2011-01-06] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{FB55FA5A-08CB-4A14-A0C5-5BCDB3F1ACC4}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com
SearchScopes: HKLM - DefaultScope {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS
SearchScopes: HKLM - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS
SearchScopes: HKLM-x32 - DefaultScope {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS
SearchScopes: HKLM-x32 - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS
SearchScopes: HKCU - DefaultScope {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = 
SearchScopes: HKCU - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default
FF Homepage: about:
FF Keyword.URL: https://startpage.com/do/search?language=deutsch&cat=web&query=
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\user.js
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\linguee-de-en.xml
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\abs@avira.com [2014-11-01]
FF Extension: German Dictionary - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-11-01]
FF Extension: HTTPS-Everywhere - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\https-everywhere@eff.org [2014-11-01]
FF Extension: rein - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\rein@notiz.jp [2014-11-01]
FF Extension: No Name - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\temp [2014-11-01]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-11-01]
FF Extension: Linkification - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2014-11-01]
FF Extension: Compact Menu 2 - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4} [2014-11-01]
FF Extension: No Name - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{9w50ge7w-88c1-4wcg-bxg9-90g1a5d31c3z} [2014-11-01]
FF Extension: WOT - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-01]
FF Extension: DownloadHelper - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01]
FF Extension: Dictionary Tooltip - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{C6128004-4838-4708-9A97-BB172D17767D}(2) [2014-11-01]
FF Extension: BetterPrivacy - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2014-11-01]
FF Extension: Whitehart - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9} [2014-11-01]
FF Extension: ImageHost Grabber - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2014-11-01]
FF Extension: checkCompatibility - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\check-compatibility@dactyl.googlecode.com.xpi [2014-11-01]
FF Extension: Classic Theme Restorer - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-01]
FF Extension: CookieKiller - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\cookiekiller@joseph.moran.xpi [2014-11-01]
FF Extension: FireGestures - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\firegestures@xuldev.org.xpi [2014-11-01]
FF Extension: YouTube mp3 - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\info@youtube-mp3.org.xpi [2014-11-01]
FF Extension: Simple White - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\Simple@White.Theme.xpi [2014-11-01]
FF Extension: Image Zoom - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-11-01]
FF Extension: NoScript - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-01]
FF Extension: MeasureIt - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-11-01]
FF Extension: Adblock Plus - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{306eaf01-4e65-43d2-8504-1ae0c1859338}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-10-31]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-01]
CHR Extension: (Google Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-31]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [364544 2014-07-23] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2014-07-23] () [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-07-23] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-07-24] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-07-24] (Microsoft Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-03-03] (Qualcomm Atheros) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-24] (Microsoft Corporation)
R2 WMI_Hook_Service; C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [134792 2014-03-28] (MICRO-STAR INT'L,.LTD.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [81072 2014-02-20] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202792 2014-10-31] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-10-31] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-10-31] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-10-31] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-07-23] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-07-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3610592 2014-01-28] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_win8_x64.sys [42264 2013-07-03] (Nuvoton Technology Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 12:50 - 2014-11-02 12:51 - 00022103 _____ () C:\Users\Richard\Desktop\FRST.txt
2014-11-02 12:50 - 2014-11-02 12:50 - 00000000 ____D () C:\FRST
2014-11-02 12:48 - 2014-11-02 12:48 - 02114048 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2014-11-02 12:29 - 2014-11-02 12:35 - 00051630 _____ () C:\Users\Richard\Downloads\Extras.Txt
2014-11-02 12:29 - 2014-11-02 12:33 - 00130812 _____ () C:\Users\Richard\Downloads\OTL.Txt
2014-11-02 12:20 - 2014-11-02 12:20 - 00602112 _____ (OldTimer Tools) C:\Users\Richard\Downloads\OTL.exe
2014-11-02 12:11 - 2014-11-02 12:11 - 00001197 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\mbam.lnk
2014-11-02 12:04 - 2014-11-02 12:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 12:04 - 2014-11-02 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 12:04 - 2014-11-02 12:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-02 12:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 12:04 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 12:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 11:56 - 2014-11-02 11:56 - 00048792 _____ () C:\Windows\system32\Drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
2014-11-02 11:52 - 2014-11-02 11:53 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Richard\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-02 11:44 - 2014-11-02 11:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-02 11:44 - 2014-10-03 10:02 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-02 11:33 - 2014-11-02 11:33 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieUserList
2014-11-02 11:33 - 2014-11-02 11:33 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieSiteList
2014-11-02 03:46 - 2014-11-02 03:46 - 00002175 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\JDownloader 2.lnk
2014-11-02 03:13 - 2014-11-02 03:13 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-11-02 03:12 - 2014-11-02 03:24 - 00000000 ____D () C:\Users\Richard\AppData\Local\JDownloader v2.0
2014-11-02 02:57 - 2014-11-02 02:57 - 00000000 ____D () C:\Users\Richard\AppData\Local\Intel_Corporation
2014-11-01 21:38 - 2014-11-01 21:38 - 00001254 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Adobe Photoshop.lnk
2014-11-01 21:33 - 2014-11-01 21:33 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-01 21:33 - 1998-11-05 11:08 - 00087392 ____N (Twain Working Group) C:\Windows\twain.dll
2014-11-01 21:30 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2014-11-01 20:56 - 2014-11-01 20:59 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\.minecraft
2014-11-01 20:56 - 2014-11-01 20:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\java
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Sun
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-01 20:15 - 2014-11-02 03:33 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\XnViewMP
2014-11-01 20:15 - 2014-11-01 20:15 - 00001048 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\XnViewMP.lnk
2014-11-01 20:10 - 2014-11-01 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP
2014-11-01 20:10 - 2014-11-01 20:10 - 00000000 ____D () C:\Program Files\XnViewMP
2014-11-01 19:57 - 2014-11-01 19:57 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\MPC-HC
2014-11-01 19:56 - 2014-11-01 19:56 - 00000000 ____D () C:\Program Files\MPC-HC
2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Users\Richard\Documents\Rainmeter
2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Rainmeter
2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Program Files\Rainmeter
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Users\Richard\Documents\Splashtop Whiteboard
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Users\Richard\Documents\Splashtop Presenter
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-11-01 15:04 - 2014-11-01 15:04 - 00000955 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\geek.lnk
2014-11-01 12:48 - 2014-11-01 12:48 - 00000000 ____D () C:\Users\Richard\AppData\Local\AVerMedia TV Player
2014-11-01 12:47 - 2014-11-01 12:47 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\WebApp
2014-11-01 12:47 - 2014-11-01 12:47 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\Documents\CyberLink
2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\CyberLink
2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\Cyberlink
2014-11-01 12:46 - 2014-11-01 16:38 - 00000000 ____D () C:\Users\Richard\Documents\MediaCloud
2014-11-01 12:44 - 2014-11-01 12:44 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-11-01 12:44 - 2014-11-01 12:44 - 00000000 ____D () C:\ProgramData\GamingControlCenter
2014-11-01 12:43 - 2014-11-02 12:10 - 00000000 ___HD () C:\Users\Richard\.rainlendar2
2014-11-01 12:43 - 2014-11-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Rainlendar2
2014-11-01 12:41 - 2013-09-07 10:10 - 00675988 _____ () C:\Users\Richard\Downloads\Minecraft.exe
2014-11-01 12:39 - 2014-11-01 12:39 - 00000000 ____D () C:\ProgramData\ROCCAT
2014-11-01 12:38 - 2014-11-01 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
2014-11-01 12:38 - 2014-11-01 12:38 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-11-01 11:37 - 2014-11-01 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Thunderbird
2014-11-01 11:37 - 2014-11-01 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Local\Thunderbird
2014-11-01 11:33 - 2014-11-01 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-11-01 11:00 - 2014-11-01 11:00 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-11-01 10:53 - 2014-11-01 12:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-01 10:53 - 2014-11-01 10:54 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla
2014-11-01 10:53 - 2014-11-01 10:54 - 00000000 ____D () C:\Users\Richard\AppData\Local\Mozilla
2014-11-01 10:53 - 2014-11-01 10:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-01 10:53 - 2014-11-01 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-01 10:42 - 2014-11-01 10:42 - 00000000 ___RD () C:\Users\Richard\Documents\xls
2014-11-01 10:42 - 2014-11-01 10:42 - 00000000 ____D () C:\Users\Richard\Documents\txt
2014-11-01 10:42 - 2014-10-12 14:42 - 430346312 _____ () C:\Users\Richard\Documents\backup.dpb
2014-11-01 10:41 - 2014-11-01 10:42 - 00000000 ____D () C:\Users\Richard\Documents\roman
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\pdf
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\Papyrus Backups
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\netbank
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\firma
2014-11-01 10:40 - 2014-11-01 13:47 - 00000000 ____D () C:\Users\Richard\Documents\diverses
2014-11-01 10:40 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\DVD Profiler
2014-11-01 10:40 - 2014-11-01 10:40 - 00000000 ____D () C:\Users\Richard\Documents\doc
2014-11-01 10:07 - 2014-11-01 10:07 - 00000000 ____D () C:\Users\Richard\AppData\Local\FreeCommanderXE
2014-11-01 10:07 - 2014-11-01 10:07 - 00000000 ____D () C:\Program Files (x86)\FreeCommander XE
2014-11-01 10:05 - 2014-11-01 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-01 10:05 - 2014-11-01 10:05 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-01 10:02 - 2014-11-01 10:02 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps
2014-11-01 01:06 - 2014-11-02 12:19 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\ClassicShell
2014-11-01 01:04 - 2014-11-01 01:05 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-11-01 01:01 - 2014-11-01 01:01 - 00000000 ____D () C:\Program Files\Classic Shell
2014-10-31 22:36 - 2014-10-31 22:45 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-10-31 22:36 - 2014-10-31 22:36 - 00000657 _____ () C:\Windows\fsav_db_setup.log
2014-10-31 22:35 - 2014-10-31 22:36 - 04143130 _____ () C:\Windows\FSISU.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00895110 _____ () C:\Windows\FSSFM.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00804920 _____ () C:\Windows\FSSETUP.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00136077 _____ () C:\Windows\FSPROD.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00088490 _____ () C:\Windows\RunSetup.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00070869 _____ () C:\Windows\FSAVINST.LOG
2014-10-31 22:35 - 2014-10-31 22:36 - 00009874 _____ () C:\Windows\FSAVCSIN.LOG
2014-10-31 22:35 - 2014-10-31 22:36 - 00004347 _____ () C:\Windows\FSGKIAIN.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00004230 _____ () C:\Windows\fstnbins.LOG
2014-10-31 22:35 - 2014-10-31 22:36 - 00003335 _____ () C:\Windows\fsavunin.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00001837 _____ () C:\Windows\FSLDIN.LOG
2014-10-31 22:35 - 2014-10-31 22:35 - 00140799 _____ () C:\Windows\FSDEPH.log
2014-10-31 22:35 - 2014-10-31 22:35 - 00020560 _____ () C:\Windows\prodsett_copy.ini
2014-10-31 22:35 - 2014-10-31 22:35 - 00019322 _____ () C:\Windows\fspplugin.log
2014-10-31 22:31 - 2014-10-31 22:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\F-Secure
2014-10-31 22:31 - 2014-10-31 22:36 - 00000000 ____D () C:\ProgramData\F-Secure
2014-10-31 22:31 - 2014-10-31 22:36 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2014-10-31 22:31 - 2014-10-31 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2014-10-31 22:18 - 2014-10-31 22:18 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Macromedia
2014-10-31 22:17 - 2014-11-02 12:27 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 22:17 - 2014-11-02 12:09 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-31 22:17 - 2014-10-31 22:22 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-31 22:17 - 2014-10-31 22:22 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Micro-Star_International_
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Google
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-31 22:16 - 2014-10-31 22:21 - 00000564 _____ () C:\SSUUpdater.log
2014-10-31 22:15 - 2014-11-02 03:56 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1543957082-4200568014-2125959290-1002
2014-10-31 22:10 - 2014-10-31 22:10 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Intel Corporation
2014-10-31 22:09 - 2014-11-01 21:35 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Adobe
2014-10-31 22:09 - 2014-11-01 12:43 - 00000000 ____D () C:\Users\Richard
2014-10-31 22:09 - 2014-11-01 12:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\VirtualStore
2014-10-31 22:09 - 2014-10-31 22:09 - 00000020 ___SH () C:\Users\Richard\ntuser.ini
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Vorlagen
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Startmenü
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Netzwerkumgebung
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Lokale Einstellungen
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Eigene Dateien
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Druckumgebung
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Documents\Eigene Musik
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Documents\Eigene Bilder
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Local\Verlauf
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Local\Anwendungsdaten
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Anwendungsdaten
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Intel
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Local\Packages
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Local\AVerMedia
2014-10-31 22:09 - 2014-07-24 02:17 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-31 22:09 - 2014-03-18 11:33 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-31 22:09 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-31 22:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-31 22:06 - 2014-11-02 12:28 - 01452911 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 12:16 - 2014-04-13 00:06 - 00450712 _____ () C:\Windows\system32\prfh0404.dat
2014-11-02 12:16 - 2014-04-13 00:06 - 00135868 _____ () C:\Windows\system32\prfc0404.dat
2014-11-02 12:16 - 2014-04-12 23:58 - 00436346 _____ () C:\Windows\system32\prfh0804.dat
2014-11-02 12:16 - 2014-04-12 23:58 - 00135868 _____ () C:\Windows\system32\prfc0804.dat
2014-11-02 12:16 - 2014-04-12 23:45 - 00715654 _____ () C:\Windows\system32\perfh01F.dat
2014-11-02 12:16 - 2014-04-12 23:45 - 00150298 _____ () C:\Windows\system32\perfc01F.dat
2014-11-02 12:16 - 2014-04-12 23:33 - 00725516 _____ () C:\Windows\system32\perfh01D.dat
2014-11-02 12:16 - 2014-04-12 23:33 - 00152370 _____ () C:\Windows\system32\perfc01D.dat
2014-11-02 12:16 - 2014-04-12 23:11 - 00781168 _____ () C:\Windows\system32\perfh019.dat
2014-11-02 12:16 - 2014-04-12 23:11 - 00161704 _____ () C:\Windows\system32\perfc019.dat
2014-11-02 12:16 - 2014-04-12 22:59 - 00789596 _____ () C:\Windows\system32\prfh0816.dat
2014-11-02 12:16 - 2014-04-12 22:59 - 00164166 _____ () C:\Windows\system32\prfc0816.dat
2014-11-02 12:16 - 2014-04-12 22:52 - 00775740 _____ () C:\Windows\system32\prfh0416.dat
2014-11-02 12:16 - 2014-04-12 22:52 - 00158832 _____ () C:\Windows\system32\prfc0416.dat
2014-11-02 12:16 - 2014-04-12 22:45 - 00798800 _____ () C:\Windows\system32\perfh015.dat
2014-11-02 12:16 - 2014-04-12 22:45 - 00163682 _____ () C:\Windows\system32\perfc015.dat
2014-11-02 12:16 - 2014-04-12 22:39 - 00798252 _____ () C:\Windows\system32\perfh013.dat
2014-11-02 12:16 - 2014-04-12 22:39 - 00162330 _____ () C:\Windows\system32\perfc013.dat
2014-11-02 12:16 - 2014-04-12 22:32 - 00441600 _____ () C:\Windows\system32\perfh014.dat
2014-11-02 12:16 - 2014-04-12 22:32 - 00077252 _____ () C:\Windows\system32\perfc014.dat
2014-11-02 12:16 - 2014-04-12 22:17 - 00508106 _____ () C:\Windows\system32\perfh012.dat
2014-11-02 12:16 - 2014-04-12 22:17 - 00135868 _____ () C:\Windows\system32\perfc012.dat
2014-11-02 12:16 - 2014-04-12 22:10 - 00498064 _____ () C:\Windows\system32\perfh011.dat
2014-11-02 12:16 - 2014-04-12 22:10 - 00135868 _____ () C:\Windows\system32\perfc011.dat
2014-11-02 12:16 - 2014-04-12 22:03 - 00794000 _____ () C:\Windows\system32\perfh010.dat
2014-11-02 12:16 - 2014-04-12 22:03 - 00156420 _____ () C:\Windows\system32\perfc010.dat
2014-11-02 12:16 - 2014-04-12 21:56 - 00743402 _____ () C:\Windows\system32\perfh00E.dat
2014-11-02 12:16 - 2014-04-12 21:56 - 00177988 _____ () C:\Windows\system32\perfc00E.dat
2014-11-02 12:16 - 2014-04-12 21:46 - 00408958 _____ () C:\Windows\system32\perfh00D.dat
2014-11-02 12:16 - 2014-04-12 21:46 - 00064964 _____ () C:\Windows\system32\perfc00D.dat
2014-11-02 12:16 - 2014-04-12 21:36 - 00427206 _____ () C:\Windows\system32\perfh00B.dat
2014-11-02 12:16 - 2014-04-12 21:36 - 00081788 _____ () C:\Windows\system32\perfc00B.dat
2014-11-02 12:16 - 2014-04-12 21:26 - 00800660 _____ () C:\Windows\system32\perfh00A.dat
2014-11-02 12:16 - 2014-04-12 21:26 - 00166550 _____ () C:\Windows\system32\perfc00A.dat
2014-11-02 12:16 - 2014-04-12 21:15 - 00542632 _____ () C:\Windows\system32\perfh008.dat
2014-11-02 12:16 - 2014-04-12 21:15 - 00089196 _____ () C:\Windows\system32\perfc008.dat
2014-11-02 12:16 - 2014-04-12 21:09 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2014-11-02 12:16 - 2014-04-12 21:09 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2014-11-02 12:16 - 2014-04-12 21:03 - 00456508 _____ () C:\Windows\system32\perfh006.dat
2014-11-02 12:16 - 2014-04-12 21:03 - 00079760 _____ () C:\Windows\system32\perfc006.dat
2014-11-02 12:16 - 2014-04-12 20:58 - 00731574 _____ () C:\Windows\system32\perfh005.dat
2014-11-02 12:16 - 2014-04-12 20:58 - 00151818 _____ () C:\Windows\system32\perfc005.dat
2014-11-02 12:16 - 2014-04-12 20:49 - 00802234 _____ () C:\Windows\system32\perfh00C.dat
2014-11-02 12:16 - 2014-04-12 20:49 - 00422260 _____ () C:\Windows\system32\perfh001.dat
2014-11-02 12:16 - 2014-04-12 20:49 - 00159184 _____ () C:\Windows\system32\perfc00C.dat
2014-11-02 12:16 - 2014-04-12 20:49 - 00064964 _____ () C:\Windows\system32\perfc001.dat
2014-11-02 12:16 - 2014-03-18 11:03 - 18547198 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 12:09 - 2014-07-24 02:36 - 00000000 ____D () C:\Windows\Driver Cache
2014-11-02 12:09 - 2014-03-18 10:54 - 00727292 _____ () C:\Windows\PFRO.log
2014-11-02 12:09 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 12:09 - 2013-08-22 14:25 - 00000194 _____ () C:\Windows\win.ini
2014-11-02 11:56 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-02 11:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-02 11:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-01 16:39 - 2014-07-24 02:48 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-01 16:39 - 2014-07-24 02:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-01 16:37 - 2014-07-24 02:45 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-11-01 16:37 - 2014-07-24 02:41 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2014-11-01 16:37 - 2014-07-24 02:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-11-01 16:37 - 2014-07-24 02:38 - 00000000 ____D () C:\Program Files (x86)\MSI
2014-11-01 13:46 - 2013-08-22 15:46 - 00021872 _____ () C:\Windows\setupact.log
2014-10-31 23:00 - 2014-04-25 15:05 - 00000000 ____D () C:\Windows\RE_DRIVE
2014-10-31 22:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-31 22:34 - 2014-07-24 02:43 - 00000000 ____D () C:\ProgramData\Norton
2014-10-31 22:34 - 2013-08-22 15:44 - 00344824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-31 22:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-31 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore
2014-10-31 22:08 - 2014-04-12 20:15 - 00000000 ____D () C:\Windows\Panther

Some content of TEMP:
====================
C:\Users\Richard\AppData\Local\Temp\13059367852645321960.exe
C:\Users\Richard\AppData\Local\Temp\JDSetup130593678509519648.exe
C:\Users\Richard\AppData\Local\Temp\proxy_vole8461006690750503778.dll
C:\Users\Richard\AppData\Local\Temp\SetupUtil.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-04-12 19:16

==================== End Of Log ============================

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014
Ran by Richard at 2014-11-02 12:51:12
Running from C:\Users\Richard\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Antivirus (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivirus (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AVerMedia H335 MiniCard DVB-T 2.3.64.28 (HKLM-x32\...\AVerMedia H335 MiniCard DVB-T) (Version: 2.3.64.28 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia TV Player (HKLM-x32\...\InstallShield_{DFD1F64D-2AF0-4CE2-9752-D701E80F8D1C}) (Version: 1.8.0 - AVerMedia Technologies, Inc.)
AVerMedia TV Player (x32 Version: 1.8.0 - AVerMedia Technologies, Inc.) Hidden
Boot Configure (HKLM-x32\...\{A055E402-0EA0-4969-B751-B9373081B405}) (Version: 21.014.05141 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1309.301 - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Computer Security 14.115.100.0 (release) (x32 Version: 14.115.100.0 - F-Secure Corporation) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.15.358.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.15.358.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.141 (x32 Version: 1.02.141 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (x32 Version: 1.03.159.0 - F-Secure Corporation) Hidden
Gaming Control Center (HKLM-x32\...\Installshield_{25BFC31F-27BF-4870-B043-CBC8400C97F8}) (Version: 0.0.1.4 - MICRO-STAR INT'L,.LTD.)
Gaming Control Center (Version: 0.0.1.4 - MSI) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
Nuvoton NCT6681 CIR Device Driver (HKLM-x32\...\{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}) (Version: 1.4.1003 - Nuvoton Technology Corp.)
NVIDIA Graphics Driver 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Online Safety 2.115.2783.1598 (x32 Version: 2.115.2783.1598 - F-Secure Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.41.1042 - Qualcomm Atheros)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.06 - Creative Technology Limited)
XnViewMP 0.69 (HKLM\...\XnViewMP_is1) (Version: 0.69 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-10-2014 21:18:10 Removed Splashtop Streamer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23E35DFE-72D9-420E-A2D6-E9A53D7CCC3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EA8CB6B-127F-4DFF-80E1-6F7B5884D7FB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {477E572F-58B6-4FA9-BD66-17C0720A3FC8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-03] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7861768D-65BF-4E01-9D37-EF0950E0F5CD} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BF9A406-B81D-47D8-869E-91375F0038CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-24 02:33 - 2014-01-08 01:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-24 02:45 - 2014-07-23 08:38 - 00403456 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2014-07-24 02:45 - 2014-07-23 08:38 - 00163840 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
2014-07-24 02:37 - 2014-02-21 19:21 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-07-24 02:37 - 2014-02-21 19:19 - 00366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2011-01-06 14:27 - 2011-01-06 14:27 - 02342400 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2014-03-03 20:53 - 2014-03-03 20:53 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1543957082-4200568014-2125959290-500 - Administrator - Disabled)
Gast (S-1-5-21-1543957082-4200568014-2125959290-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1543957082-4200568014-2125959290-1004 - Limited - Enabled)
Richard (S-1-5-21-1543957082-4200568014-2125959290-1002 - Administrator - Enabled) => C:\Users\Richard

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 00:51:13 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 5  2014-11-02  12:51:13+02:00  RICK  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4

Error: (11/02/2014 00:51:10 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 4  2014-11-02  12:51:10+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Adware.SwiftBrowse.CH 
 Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp

Error: (11/02/2014 00:23:28 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3  2014-11-02  12:23:28+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Adware.SwiftBrowse.CH 
 Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp

Error: (11/02/2014 00:23:13 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2  2014-11-02  12:23:13+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Adware.SwiftBrowse.CH 
 Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp

Error: (11/02/2014 00:13:51 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2014-11-02  12:13:51+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Adware.SwiftBrowse.CH 
 Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp

Error: (11/02/2014 00:09:25 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 29  2014-11-02  12:09:25+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. 
 Infection: Gen:Variant.Adware.Graftor.159320

Error: (11/02/2014 00:09:00 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 28  2014-11-02  12:09:00+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. 
 Infection: Gen:Variant.Adware.Graftor.159320

Error: (11/02/2014 00:08:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 27  2014-11-02  12:08:54+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. 
 Infection: Gen:Variant.Adware.Graftor.159320

Error: (11/02/2014 00:08:24 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 26  2014-11-02  12:08:24+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. 
 Infection: Gen:Variant.Adware.Graftor.159320

Error: (11/02/2014 00:07:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 25  2014-11-02  12:07:54+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. 
 Infection: Gen:Variant.Adware.Graftor.159320


System errors:
=============
Error: (11/02/2014 00:12:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/02/2014 00:12:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/02/2014 11:53:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/02/2014 11:53:17 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/02/2014 11:50:55 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (11/02/2014 11:50:22 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (11/02/2014 11:48:09 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (11/02/2014 11:47:36 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (11/01/2014 04:45:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (11/01/2014 04:34:42 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden.


Microsoft Office Sessions:
=========================
Error: (11/02/2014 00:51:13 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 5  2014-11-02  12:51:13+02:00  RICK  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4

Error: (11/02/2014 00:51:10 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 4  2014-11-02  12:51:10+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Adware.SwiftBrowse.CH 
 Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp

Error: (11/02/2014 00:23:28 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3  2014-11-02  12:23:28+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Adware.SwiftBrowse.CH 
 Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp

Error: (11/02/2014 00:23:13 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2  2014-11-02  12:23:13+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Adware.SwiftBrowse.CH 
 Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp

Error: (11/02/2014 00:13:51 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2014-11-02  12:13:51+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Spyware detected: 
 Type: adware 
 Family:  
 Name: Adware.SwiftBrowse.CH 
 Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp

Error: (11/02/2014 00:09:25 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 29  2014-11-02  12:09:25+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. 
 Infection: Gen:Variant.Adware.Graftor.159320

Error: (11/02/2014 00:09:00 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 28  2014-11-02  12:09:00+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. 
 Infection: Gen:Variant.Adware.Graftor.159320

Error: (11/02/2014 00:08:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 27  2014-11-02  12:08:54+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. 
 Infection: Gen:Variant.Adware.Graftor.159320

Error: (11/02/2014 00:08:24 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 26  2014-11-02  12:08:24+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. 
 Infection: Gen:Variant.Adware.Graftor.159320

Error: (11/02/2014 00:07:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 25  2014-11-02  12:07:54+02:00  RICK  Rick\Richard  F-Secure Anti-Virus
 Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe. 
 Infection: Gen:Variant.Adware.Graftor.159320


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 19%
Total physical RAM: 16306 MB
Available physical RAM: 13122.47 MB
Total Pagefile: 19250 MB
Available Pagefile: 16370.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:237.67 GB) (Free:178.54 GB) NTFS
Drive d: (Data) (Fixed) (Total:912.18 GB) (Free:479.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: F1EDCD87)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F1EDCDA0)

Partition: GPT Partition Type.

==================== End Of Log ============================

Malewarebytes Scan Fund:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 02.11.2014
Scan Time: 12:04:30
Logfile: mwb_scan_log1.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.02.03
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Richard

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350412
Time Elapsed: 4 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe, 2296, Delete-on-Reboot, [44b7e84e19639e98e235c2073fc2629e]
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe, 2572, Delete-on-Reboot, [817af541bfbd1b1b4ec9e2e7748db848]
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter64.exe, 4852, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83]

Modules: 0
(No malicious items detected)

Registry Keys: 23
PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Framed Display, Quarantined, [44b7e84e19639e98e235c2073fc2629e], 
PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Framed Display, Quarantined, [817af541bfbd1b1b4ec9e2e7748db848], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [7e7d8fa782fa6ccac39f697c649ec33d], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [7e7d8fa782fa6ccac39f697c649ec33d], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{05b5ef3f-4c6a-426e-b77e-48ebb3e721f1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A6CEB2DE-65F7-46FE-89DA-446DD487F293}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5B81129C-6563-411B-A509-6BBB01EC25FF}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5B81129C-6563-411B-A509-6BBB01EC25FF}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A6CEB2DE-65F7-46FE-89DA-446DD487F293}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{05B5EF3F-4C6A-426E-B77E-48EBB3E721F1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], 
PUP.Optional.FramedDisplay.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{05B5EF3F-4C6A-426E-B77E-48EBB3E721F1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], 
PUP.Optional.FramedDisplay.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{05B5EF3F-4C6A-426E-B77E-48EBB3E721F1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Framed Display, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [24d7fd39cdafdd59c7f6c59c23e0b848], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [e51669cd275538fe47b589eec53f10f0], 

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, Quarantined, [e51669cd275538fe47b589eec53f10f0]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins, Quarantined, [e813e5514834d660ad73f3aa83817d83], 

Files: 30
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe, Delete-on-Reboot, [44b7e84e19639e98e235c2073fc2629e], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe, Delete-on-Reboot, [817af541bfbd1b1b4ec9e2e7748db848], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplaybho.dll, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], 
PUP.Optional.BPlug, C:\Users\Richard\AppData\Local\Temp\is1901864539\1DE257BB_stp.EXE, Quarantined, [72890c2a56269e980381b60bbb46817f], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplay.ico, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\0, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\7za.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplayUninstall.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.InstallState, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\6db7eb66a30b41a3809c.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\6db7eb66a30b41a3809c64.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\7za.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\bau, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\BrowserAdapter.7z, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter64.exe, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.PurBrowse64.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.PurBrowseG.zip, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.InstallState, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\{6db7eb66-a30b-41a3-809c-addb2341dafb}.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\{6db7eb66-a30b-41a3-809c-addb2341dafb}64.dll, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.Bromon.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.BroStats.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.BrowserAdapter.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.CompatibilityChecker.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.FFUpdate.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.GCUpdate.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.IEUpdate.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.Msvcmon.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.PurBrowseG.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], 

Physical Sectors: 0
(No malicious items detected)


(end)

Malewarebytes Scan nach Bereinigung:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 02.11.2014
Scan Time: 12:11:29
Logfile: mwb_scan_log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.02.03
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Richard

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349669
Time Elapsed: 4 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Bei Bedarf kann ich auch noch die OTL Logs posten.
Schon mal vielen Dank im Voraus.

cosinus · 02.11.2014, 13:34

Hallo und

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Cooder · 02.11.2014, 14:06

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.002 - Bericht erstellt am 02/11/2014 um 13:41:20
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Richard - RICK
# Gestartet von : C:\Users\Richard\Desktop\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Richard\AppData\Local\Temp\Framed Display
Datei Gelöscht : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\Framed Display
Schlüssel Gelöscht : HKLM\SOFTWARE\Framed Display
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v33.0.2 (x86 de)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [1325 octets] - [02/11/2014 13:39:24]
AdwCleaner[S0].txt - [1181 octets] - [02/11/2014 13:41:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1241 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 8.1 x64
Ran by Richard on 02.11.2014 at 13:58:26,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\Richard\AppData\Roaming\mozilla\firefox\profiles\kix51rke.default\invalidprefs.js
Emptied folder: C:\Users\Richard\AppData\Roaming\mozilla\firefox\profiles\kix51rke.default\minidumps [44 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.11.2014 at 13:59:56,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST neu

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Richard (administrator) on RICK on 02-11-2014 14:00:39
Running from C:\Users\Richard\Desktop
Loaded Profile: Richard (Available profiles: Richard)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMIHookFnNotifier.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-07-23] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [] => [X]
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-02-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1543957082-4200568014-2125959290-1002\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2342400 2011-01-06] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{FB55FA5A-08CB-4A14-A0C5-5BCDB3F1ACC4}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com
SearchScopes: HKLM - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS
SearchScopes: HKLM-x32 - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS
SearchScopes: HKCU - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default
FF Homepage: about:
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\linguee-de-en.xml
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\abs@avira.com [2014-11-01]
FF Extension: German Dictionary - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-11-01]
FF Extension: HTTPS-Everywhere - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\https-everywhere@eff.org [2014-11-01]
FF Extension: rein - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\rein@notiz.jp [2014-11-01]
FF Extension: No Name - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\temp [2014-11-01]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-11-01]
FF Extension: Linkification - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2014-11-01]
FF Extension: Compact Menu 2 - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4} [2014-11-01]
FF Extension: No Name - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{9w50ge7w-88c1-4wcg-bxg9-90g1a5d31c3z} [2014-11-01]
FF Extension: WOT - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-01]
FF Extension: DownloadHelper - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01]
FF Extension: Dictionary Tooltip - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{C6128004-4838-4708-9A97-BB172D17767D}(2) [2014-11-01]
FF Extension: BetterPrivacy - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2014-11-01]
FF Extension: Whitehart - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9} [2014-11-01]
FF Extension: ImageHost Grabber - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2014-11-01]
FF Extension: checkCompatibility - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\check-compatibility@dactyl.googlecode.com.xpi [2014-11-01]
FF Extension: Classic Theme Restorer - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-01]
FF Extension: CookieKiller - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\cookiekiller@joseph.moran.xpi [2014-11-01]
FF Extension: FireGestures - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\firegestures@xuldev.org.xpi [2014-11-01]
FF Extension: YouTube mp3 - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\info@youtube-mp3.org.xpi [2014-11-01]
FF Extension: Simple White - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\Simple@White.Theme.xpi [2014-11-01]
FF Extension: Image Zoom - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-11-01]
FF Extension: NoScript - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-01]
FF Extension: MeasureIt - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-11-01]
FF Extension: Adblock Plus - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{306eaf01-4e65-43d2-8504-1ae0c1859338}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-10-31]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-01]
CHR Extension: (Google Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-31]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [364544 2014-07-23] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2014-07-23] () [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-07-23] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-07-24] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-07-24] (Microsoft Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-03-03] (Qualcomm Atheros) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-24] (Microsoft Corporation)
R2 WMI_Hook_Service; C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [134792 2014-03-28] (MICRO-STAR INT'L,.LTD.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [81072 2014-02-20] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202792 2014-10-31] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-10-31] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-10-31] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-10-31] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-07-23] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-07-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3610592 2014-01-28] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_win8_x64.sys [42264 2013-07-03] (Nuvoton Technology Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 13:59 - 2014-11-02 13:59 - 00000941 _____ () C:\Users\Richard\Desktop\JRT.txt
2014-11-02 13:58 - 2014-11-02 13:58 - 00000000 ____D () C:\Windows\ERUNT
2014-11-02 13:50 - 2014-11-02 13:50 - 01706359 _____ (Thisisu) C:\Users\Richard\Desktop\JRT.exe
2014-11-02 13:49 - 2014-11-02 13:49 - 00001321 _____ () C:\Users\Richard\Desktop\AdwCleaner[S0].txt
2014-11-02 13:39 - 2014-11-02 13:41 - 00000000 ____D () C:\AdwCleaner
2014-11-02 13:37 - 2014-11-02 13:37 - 01998336 _____ () C:\Users\Richard\Desktop\AdwCleaner_4.002.exe
2014-11-02 12:51 - 2014-11-02 12:51 - 00024661 _____ () C:\Users\Richard\Desktop\Addition.txt
2014-11-02 12:50 - 2014-11-02 14:00 - 00021326 _____ () C:\Users\Richard\Desktop\FRST.txt
2014-11-02 12:50 - 2014-11-02 14:00 - 00000000 ____D () C:\FRST
2014-11-02 12:48 - 2014-11-02 12:48 - 02114048 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2014-11-02 12:29 - 2014-11-02 12:35 - 00051630 _____ () C:\Users\Richard\Desktop\Extras.Txt
2014-11-02 12:29 - 2014-11-02 12:33 - 00130812 _____ () C:\Users\Richard\Desktop\OTL.Txt
2014-11-02 12:20 - 2014-11-02 12:20 - 00602112 _____ (OldTimer Tools) C:\Users\Richard\Downloads\OTL.exe
2014-11-02 12:11 - 2014-11-02 12:11 - 00001197 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Malwarebytes.lnk
2014-11-02 12:04 - 2014-11-02 12:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 12:04 - 2014-11-02 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 12:04 - 2014-11-02 12:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-02 12:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 12:04 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 12:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 11:56 - 2014-11-02 11:56 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
2014-11-02 11:52 - 2014-11-02 11:53 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Richard\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-02 11:44 - 2014-11-02 11:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-02 11:44 - 2014-10-03 10:02 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-02 11:33 - 2014-11-02 11:33 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieUserList
2014-11-02 11:33 - 2014-11-02 11:33 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieSiteList
2014-11-02 03:46 - 2014-11-02 03:46 - 00002175 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\JDownloader 2.lnk
2014-11-02 03:13 - 2014-11-02 03:13 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-11-02 03:12 - 2014-11-02 03:24 - 00000000 ____D () C:\Users\Richard\AppData\Local\JDownloader v2.0
2014-11-02 02:57 - 2014-11-02 02:57 - 00000000 ____D () C:\Users\Richard\AppData\Local\Intel_Corporation
2014-11-01 21:38 - 2014-11-01 21:38 - 00001254 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Adobe Photoshop.lnk
2014-11-01 21:33 - 2014-11-01 21:33 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-01 21:33 - 1998-11-05 11:08 - 00087392 ____N (Twain Working Group) C:\Windows\twain.dll
2014-11-01 21:30 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2014-11-01 20:56 - 2014-11-01 20:59 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\.minecraft
2014-11-01 20:56 - 2014-11-01 20:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\java
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Sun
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-01 20:15 - 2014-11-02 13:00 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\XnViewMP
2014-11-01 20:15 - 2014-11-01 20:15 - 00001048 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\XnViewMP.lnk
2014-11-01 20:10 - 2014-11-01 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP
2014-11-01 20:10 - 2014-11-01 20:10 - 00000000 ____D () C:\Program Files\XnViewMP
2014-11-01 19:57 - 2014-11-01 19:57 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\MPC-HC
2014-11-01 19:56 - 2014-11-01 19:56 - 00000000 ____D () C:\Program Files\MPC-HC
2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Users\Richard\Documents\Rainmeter
2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Rainmeter
2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Program Files\Rainmeter
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Users\Richard\Documents\Splashtop Whiteboard
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Users\Richard\Documents\Splashtop Presenter
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-11-01 15:04 - 2014-11-01 15:04 - 00000955 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\geek.lnk
2014-11-01 12:48 - 2014-11-01 12:48 - 00000000 ____D () C:\Users\Richard\AppData\Local\AVerMedia TV Player
2014-11-01 12:47 - 2014-11-01 12:47 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\WebApp
2014-11-01 12:47 - 2014-11-01 12:47 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\Documents\CyberLink
2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\CyberLink
2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\Cyberlink
2014-11-01 12:46 - 2014-11-01 16:38 - 00000000 ____D () C:\Users\Richard\Documents\MediaCloud
2014-11-01 12:44 - 2014-11-01 12:44 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-11-01 12:44 - 2014-11-01 12:44 - 00000000 ____D () C:\ProgramData\GamingControlCenter
2014-11-01 12:43 - 2014-11-02 13:42 - 00000000 ___HD () C:\Users\Richard\.rainlendar2
2014-11-01 12:43 - 2014-11-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Rainlendar2
2014-11-01 12:41 - 2013-09-07 10:10 - 00675988 _____ () C:\Users\Richard\Downloads\Minecraft.exe
2014-11-01 12:39 - 2014-11-01 12:39 - 00000000 ____D () C:\ProgramData\ROCCAT
2014-11-01 12:38 - 2014-11-01 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
2014-11-01 12:38 - 2014-11-01 12:38 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-11-01 11:37 - 2014-11-01 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Thunderbird
2014-11-01 11:37 - 2014-11-01 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Local\Thunderbird
2014-11-01 11:33 - 2014-11-01 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-11-01 11:00 - 2014-11-01 11:00 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-11-01 10:53 - 2014-11-01 12:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-01 10:53 - 2014-11-01 10:54 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla
2014-11-01 10:53 - 2014-11-01 10:54 - 00000000 ____D () C:\Users\Richard\AppData\Local\Mozilla
2014-11-01 10:53 - 2014-11-01 10:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-01 10:53 - 2014-11-01 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-01 10:42 - 2014-11-01 10:42 - 00000000 ___RD () C:\Users\Richard\Documents\xls
2014-11-01 10:42 - 2014-11-01 10:42 - 00000000 ____D () C:\Users\Richard\Documents\txt
2014-11-01 10:42 - 2014-10-12 14:42 - 430346312 _____ () C:\Users\Richard\Documents\backup.dpb
2014-11-01 10:41 - 2014-11-01 10:42 - 00000000 ____D () C:\Users\Richard\Documents\roman
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\pdf
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\Papyrus Backups
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\netbank
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\firma
2014-11-01 10:40 - 2014-11-01 13:47 - 00000000 ____D () C:\Users\Richard\Documents\diverses
2014-11-01 10:40 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\DVD Profiler
2014-11-01 10:40 - 2014-11-01 10:40 - 00000000 ____D () C:\Users\Richard\Documents\doc
2014-11-01 10:07 - 2014-11-01 10:07 - 00000000 ____D () C:\Users\Richard\AppData\Local\FreeCommanderXE
2014-11-01 10:07 - 2014-11-01 10:07 - 00000000 ____D () C:\Program Files (x86)\FreeCommander XE
2014-11-01 10:05 - 2014-11-01 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-01 10:05 - 2014-11-01 10:05 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-01 10:02 - 2014-11-01 10:02 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps
2014-11-01 01:06 - 2014-11-02 13:54 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\ClassicShell
2014-11-01 01:04 - 2014-11-01 01:05 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-11-01 01:01 - 2014-11-01 01:01 - 00000000 ____D () C:\Program Files\Classic Shell
2014-10-31 22:36 - 2014-10-31 22:45 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-10-31 22:36 - 2014-10-31 22:36 - 00000657 _____ () C:\Windows\fsav_db_setup.log
2014-10-31 22:35 - 2014-10-31 22:36 - 04143130 _____ () C:\Windows\FSISU.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00895110 _____ () C:\Windows\FSSFM.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00804920 _____ () C:\Windows\FSSETUP.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00136077 _____ () C:\Windows\FSPROD.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00088490 _____ () C:\Windows\RunSetup.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00070869 _____ () C:\Windows\FSAVINST.LOG
2014-10-31 22:35 - 2014-10-31 22:36 - 00009874 _____ () C:\Windows\FSAVCSIN.LOG
2014-10-31 22:35 - 2014-10-31 22:36 - 00004347 _____ () C:\Windows\FSGKIAIN.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00004230 _____ () C:\Windows\fstnbins.LOG
2014-10-31 22:35 - 2014-10-31 22:36 - 00003335 _____ () C:\Windows\fsavunin.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00001837 _____ () C:\Windows\FSLDIN.LOG
2014-10-31 22:35 - 2014-10-31 22:35 - 00140799 _____ () C:\Windows\FSDEPH.log
2014-10-31 22:35 - 2014-10-31 22:35 - 00020560 _____ () C:\Windows\prodsett_copy.ini
2014-10-31 22:35 - 2014-10-31 22:35 - 00019322 _____ () C:\Windows\fspplugin.log
2014-10-31 22:31 - 2014-11-02 13:52 - 00000000 ____D () C:\Users\Richard\AppData\Local\F-Secure
2014-10-31 22:31 - 2014-10-31 22:36 - 00000000 ____D () C:\ProgramData\F-Secure
2014-10-31 22:31 - 2014-10-31 22:36 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2014-10-31 22:31 - 2014-10-31 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2014-10-31 22:18 - 2014-10-31 22:18 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Macromedia
2014-10-31 22:17 - 2014-11-02 13:41 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-31 22:17 - 2014-11-02 13:27 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 22:17 - 2014-10-31 22:22 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-31 22:17 - 2014-10-31 22:22 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Micro-Star_International_
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Google
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-31 22:16 - 2014-10-31 22:21 - 00000564 _____ () C:\SSUUpdater.log
2014-10-31 22:15 - 2014-11-02 13:32 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1543957082-4200568014-2125959290-1002
2014-10-31 22:10 - 2014-10-31 22:10 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Intel Corporation
2014-10-31 22:09 - 2014-11-01 21:35 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Adobe
2014-10-31 22:09 - 2014-11-01 12:43 - 00000000 ____D () C:\Users\Richard
2014-10-31 22:09 - 2014-11-01 12:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\VirtualStore
2014-10-31 22:09 - 2014-10-31 22:09 - 00000020 ___SH () C:\Users\Richard\ntuser.ini
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Vorlagen
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Startmenü
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Netzwerkumgebung
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Lokale Einstellungen
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Eigene Dateien
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Druckumgebung
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Documents\Eigene Musik
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Documents\Eigene Bilder
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Local\Verlauf
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Local\Anwendungsdaten
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Anwendungsdaten
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Intel
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Local\Packages
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Local\AVerMedia
2014-10-31 22:09 - 2014-07-24 02:17 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-31 22:09 - 2014-03-18 11:33 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-31 22:09 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-31 22:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-31 22:06 - 2014-11-02 13:52 - 01470660 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 13:45 - 2014-04-13 00:06 - 00450712 _____ () C:\Windows\system32\prfh0404.dat
2014-11-02 13:45 - 2014-04-13 00:06 - 00135868 _____ () C:\Windows\system32\prfc0404.dat
2014-11-02 13:45 - 2014-04-12 23:58 - 00436346 _____ () C:\Windows\system32\prfh0804.dat
2014-11-02 13:45 - 2014-04-12 23:58 - 00135868 _____ () C:\Windows\system32\prfc0804.dat
2014-11-02 13:45 - 2014-04-12 23:45 - 00715654 _____ () C:\Windows\system32\perfh01F.dat
2014-11-02 13:45 - 2014-04-12 23:45 - 00150298 _____ () C:\Windows\system32\perfc01F.dat
2014-11-02 13:45 - 2014-04-12 23:33 - 00725516 _____ () C:\Windows\system32\perfh01D.dat
2014-11-02 13:45 - 2014-04-12 23:33 - 00152370 _____ () C:\Windows\system32\perfc01D.dat
2014-11-02 13:45 - 2014-04-12 23:11 - 00781168 _____ () C:\Windows\system32\perfh019.dat
2014-11-02 13:45 - 2014-04-12 23:11 - 00161704 _____ () C:\Windows\system32\perfc019.dat
2014-11-02 13:45 - 2014-04-12 22:59 - 00789596 _____ () C:\Windows\system32\prfh0816.dat
2014-11-02 13:45 - 2014-04-12 22:59 - 00164166 _____ () C:\Windows\system32\prfc0816.dat
2014-11-02 13:45 - 2014-04-12 22:52 - 00775740 _____ () C:\Windows\system32\prfh0416.dat
2014-11-02 13:45 - 2014-04-12 22:52 - 00158832 _____ () C:\Windows\system32\prfc0416.dat
2014-11-02 13:45 - 2014-04-12 22:45 - 00798800 _____ () C:\Windows\system32\perfh015.dat
2014-11-02 13:45 - 2014-04-12 22:45 - 00163682 _____ () C:\Windows\system32\perfc015.dat
2014-11-02 13:45 - 2014-04-12 22:39 - 00798252 _____ () C:\Windows\system32\perfh013.dat
2014-11-02 13:45 - 2014-04-12 22:39 - 00162330 _____ () C:\Windows\system32\perfc013.dat
2014-11-02 13:45 - 2014-04-12 22:32 - 00441600 _____ () C:\Windows\system32\perfh014.dat
2014-11-02 13:45 - 2014-04-12 22:32 - 00077252 _____ () C:\Windows\system32\perfc014.dat
2014-11-02 13:45 - 2014-04-12 22:17 - 00508106 _____ () C:\Windows\system32\perfh012.dat
2014-11-02 13:45 - 2014-04-12 22:17 - 00135868 _____ () C:\Windows\system32\perfc012.dat
2014-11-02 13:45 - 2014-04-12 22:10 - 00498064 _____ () C:\Windows\system32\perfh011.dat
2014-11-02 13:45 - 2014-04-12 22:10 - 00135868 _____ () C:\Windows\system32\perfc011.dat
2014-11-02 13:45 - 2014-04-12 22:03 - 00794000 _____ () C:\Windows\system32\perfh010.dat
2014-11-02 13:45 - 2014-04-12 22:03 - 00156420 _____ () C:\Windows\system32\perfc010.dat
2014-11-02 13:45 - 2014-04-12 21:56 - 00743402 _____ () C:\Windows\system32\perfh00E.dat
2014-11-02 13:45 - 2014-04-12 21:56 - 00177988 _____ () C:\Windows\system32\perfc00E.dat
2014-11-02 13:45 - 2014-04-12 21:46 - 00408958 _____ () C:\Windows\system32\perfh00D.dat
2014-11-02 13:45 - 2014-04-12 21:46 - 00064964 _____ () C:\Windows\system32\perfc00D.dat
2014-11-02 13:45 - 2014-04-12 21:36 - 00427206 _____ () C:\Windows\system32\perfh00B.dat
2014-11-02 13:45 - 2014-04-12 21:36 - 00081788 _____ () C:\Windows\system32\perfc00B.dat
2014-11-02 13:45 - 2014-04-12 21:26 - 00800660 _____ () C:\Windows\system32\perfh00A.dat
2014-11-02 13:45 - 2014-04-12 21:26 - 00166550 _____ () C:\Windows\system32\perfc00A.dat
2014-11-02 13:45 - 2014-04-12 21:15 - 00542632 _____ () C:\Windows\system32\perfh008.dat
2014-11-02 13:45 - 2014-04-12 21:15 - 00089196 _____ () C:\Windows\system32\perfc008.dat
2014-11-02 13:45 - 2014-04-12 21:09 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2014-11-02 13:45 - 2014-04-12 21:09 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2014-11-02 13:45 - 2014-04-12 21:03 - 00456508 _____ () C:\Windows\system32\perfh006.dat
2014-11-02 13:45 - 2014-04-12 21:03 - 00079760 _____ () C:\Windows\system32\perfc006.dat
2014-11-02 13:45 - 2014-04-12 20:58 - 00731574 _____ () C:\Windows\system32\perfh005.dat
2014-11-02 13:45 - 2014-04-12 20:58 - 00151818 _____ () C:\Windows\system32\perfc005.dat
2014-11-02 13:45 - 2014-04-12 20:49 - 00802234 _____ () C:\Windows\system32\perfh00C.dat
2014-11-02 13:45 - 2014-04-12 20:49 - 00422260 _____ () C:\Windows\system32\perfh001.dat
2014-11-02 13:45 - 2014-04-12 20:49 - 00159184 _____ () C:\Windows\system32\perfc00C.dat
2014-11-02 13:45 - 2014-04-12 20:49 - 00064964 _____ () C:\Windows\system32\perfc001.dat
2014-11-02 13:45 - 2014-03-18 11:03 - 18547198 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 13:41 - 2014-03-18 10:54 - 00727854 _____ () C:\Windows\PFRO.log
2014-11-02 13:41 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 12:09 - 2014-07-24 02:36 - 00000000 ____D () C:\Windows\Driver Cache
2014-11-02 12:09 - 2013-08-22 14:25 - 00000194 _____ () C:\Windows\win.ini
2014-11-02 11:56 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-02 11:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-02 11:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-01 16:39 - 2014-07-24 02:48 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-01 16:39 - 2014-07-24 02:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-01 16:37 - 2014-07-24 02:41 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2014-11-01 16:37 - 2014-07-24 02:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-11-01 16:37 - 2014-07-24 02:38 - 00000000 ____D () C:\Program Files (x86)\MSI
2014-11-01 13:46 - 2013-08-22 15:46 - 00021872 _____ () C:\Windows\setupact.log
2014-10-31 23:00 - 2014-04-25 15:05 - 00000000 ____D () C:\Windows\RE_DRIVE
2014-10-31 22:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-31 22:34 - 2014-07-24 02:43 - 00000000 ____D () C:\ProgramData\Norton
2014-10-31 22:34 - 2013-08-22 15:44 - 00344824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-31 22:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-31 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore
2014-10-31 22:08 - 2014-04-12 20:15 - 00000000 ____D () C:\Windows\Panther

Some content of TEMP:
====================
C:\Users\Richard\AppData\Local\Temp\13059367852645321960.exe
C:\Users\Richard\AppData\Local\Temp\JDSetup130593678509519648.exe
C:\Users\Richard\AppData\Local\Temp\proxy_vole8461006690750503778.dll
C:\Users\Richard\AppData\Local\Temp\Quarantine.exe
C:\Users\Richard\AppData\Local\Temp\SetupUtil.exe
C:\Users\Richard\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-04-12 19:16

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition_neu:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014
Ran by Richard at 2014-11-02 14:02:40
Running from C:\Users\Richard\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Antivirus (Disabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivirus (Disabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AVerMedia H335 MiniCard DVB-T 2.3.64.28 (HKLM-x32\...\AVerMedia H335 MiniCard DVB-T) (Version: 2.3.64.28 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia TV Player (HKLM-x32\...\InstallShield_{DFD1F64D-2AF0-4CE2-9752-D701E80F8D1C}) (Version: 1.8.0 - AVerMedia Technologies, Inc.)
AVerMedia TV Player (x32 Version: 1.8.0 - AVerMedia Technologies, Inc.) Hidden
Boot Configure (HKLM-x32\...\{A055E402-0EA0-4969-B751-B9373081B405}) (Version: 21.014.05141 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1309.301 - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Computer Security 14.115.100.0 (release) (x32 Version: 14.115.100.0 - F-Secure Corporation) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.15.358.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.15.358.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.141 (x32 Version: 1.02.141 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (x32 Version: 1.03.159.0 - F-Secure Corporation) Hidden
Gaming Control Center (HKLM-x32\...\Installshield_{25BFC31F-27BF-4870-B043-CBC8400C97F8}) (Version: 0.0.1.4 - MICRO-STAR INT'L,.LTD.)
Gaming Control Center (Version: 0.0.1.4 - MSI) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
Nuvoton NCT6681 CIR Device Driver (HKLM-x32\...\{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}) (Version: 1.4.1003 - Nuvoton Technology Corp.)
NVIDIA Graphics Driver 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Online Safety 2.115.2783.1598 (x32 Version: 2.115.2783.1598 - F-Secure Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.41.1042 - Qualcomm Atheros)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.06 - Creative Technology Limited)
XnViewMP 0.69 (HKLM\...\XnViewMP_is1) (Version: 0.69 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-10-2014 21:18:10 Removed Splashtop Streamer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23E35DFE-72D9-420E-A2D6-E9A53D7CCC3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EA8CB6B-127F-4DFF-80E1-6F7B5884D7FB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {477E572F-58B6-4FA9-BD66-17C0720A3FC8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-03] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7861768D-65BF-4E01-9D37-EF0950E0F5CD} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BF9A406-B81D-47D8-869E-91375F0038CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-24 02:33 - 2014-01-08 01:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-24 02:45 - 2014-07-23 08:38 - 00403456 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2014-07-24 02:45 - 2014-07-23 08:38 - 00163840 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
2011-01-06 14:27 - 2011-01-06 14:27 - 02342400 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2014-03-03 20:53 - 2014-03-03 20:53 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
2014-07-24 02:45 - 2014-07-23 08:38 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2014-07-08 15:16 - 2014-07-08 15:16 - 00220200 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2014-10-31 22:39 - 2014-10-31 22:39 - 00030888 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2014-10-31 22:35 - 2014-10-31 22:39 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll
2010-05-23 19:20 - 2010-05-23 19:20 - 00126976 _____ () C:\Program Files (x86)\Rainlendar2\lua51.dll
2011-01-06 14:27 - 2011-01-06 14:27 - 00194560 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2010-05-23 19:20 - 2010-05-23 19:20 - 00012288 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2014-10-31 22:31 - 2014-10-31 22:31 - 00592936 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll
2014-11-01 12:38 - 2012-06-17 11:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll
2014-07-24 02:34 - 2014-07-23 08:34 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1543957082-4200568014-2125959290-500 - Administrator - Disabled)
Gast (S-1-5-21-1543957082-4200568014-2125959290-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1543957082-4200568014-2125959290-1004 - Limited - Enabled)
Richard (S-1-5-21-1543957082-4200568014-2125959290-1002 - Administrator - Enabled) => C:\Users\Richard

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 10%
Total physical RAM: 16306 MB
Available physical RAM: 14541.39 MB
Total Pagefile: 19250 MB
Available Pagefile: 17476.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:237.67 GB) (Free:178.43 GB) NTFS
Drive d: (Data) (Fixed) (Total:912.18 GB) (Free:479.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: F1EDCD87)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F1EDCDA0)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus · 02.11.2014, 14:45

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Cooder · 02.11.2014, 15:26

Malewarebytes hat nichts gefunden:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.11.2014
Suchlauf-Zeit: 14:47:17
Logdatei: mwb_scan_log_neu.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.02.03
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Richard

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 350643
Verstrichene Zeit: 4 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

ESET dafür eine Bedrohung:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a69e3a37999de3478457c4190e4e8687
# engine=20894
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-02 02:19:01
# local_time=2014-11-02 03:19:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7939544 8773324 0 0
# scanned=703505
# found=1
# cleaned=0
# scan_time=1349
sh=3B519E7788402D4B9DD3D586F88DBCE4A6AB05D0 ft=1 fh=d4e158c1b995bbc3 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richard\AppData\Local\Microsoft\Windows\INetCache\IE\4NPJHBN6\FramedDisplay[1].dll"

Schon mal vielen Dank für deine kompetente Hilfe.

cosinus · 02.11.2014, 16:06

Nur Müll im Browsercache

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Cooder · 02.11.2014, 16:41

Fixlog.txt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Richard at 2014-11-02 16:36:11 Run:1
Running from C:\Users\Richard\Desktop
Loaded Profile: Richard (Available profiles: Richard)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
EmptyTemp:
*****************

EmptyTemp: => Removed 113.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Ich vermute ja, dass der Virus mit der Installationsroutine von Jdownloader2 auf meinen Rechner gekommen ist. Soll ich das Programm deinstallieren oder dürfte beim Starten nichts mehr passieren? Was sagt der Fachmann?

cosinus · 02.11.2014, 19:33

Zitat:

Soll ich das Programm deinstallieren oder dürfte beim Starten nichts mehr passieren? Was sagt der Fachmann?

Du solltest mal lesen was PUPs sind und wie sie auf dem Rechner kommen, hier mal ein Beispielartikel => Ein typischer Tag in der Zentrale von Emsisoft: Der PUP-Hausierer | Emsisoft Blog

Die kommen eigentlich nur dann ins System, wenn man irgendwelche Programmesetups nicht sorgfältig liest bzw nicht die benutzerdefinierte Methode verwendet.

Cooder · 02.11.2014, 21:55

Da stimme ich Dir zu, aber ich kann dir garantieren, dass dies hier nicht der Fall war. Ich installiere immer von vertrauenswürdigen Seiten (Chip, heise, etc.) und immer benutzerdefiniert und sehr sorgfältig.
Ist aber egal. Der Virus ist runter und ich danke Dir nochmals für deine Hilfe.

cosinus · 02.11.2014, 22:21

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Win 8.1 Framed Display Virus eingefangen

Log-Analyse und Auswertung: Win 8.1 Framed Display Virus eingefangen