| |
| |||||||
Log-Analyse und Auswertung: Win 8.1 Framed Display Virus eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.11.2014, 13:27
| #1 |
| |  Win 8.1 Framed Display Virus eingefangen Hallo, ich habe einen neuen Rechner und dementsprechend installiere ich z.Z. viele Software. Bei der Installation einer Software ( ich vermute Jdownloader 2) habe ich mir den Virus "Framed Display" eingefangen. F-secure hat ihn gemeldet - konnte ihn aber nicht löschen. Ich habe dann Malewarebytes installiert, der wohl alles gelöscht hat. Zumindest konnte er bei einem zweiten Scan nichts mehr finden. Dennoch bin ich mir nicht sicher, ob mein PC jetzt clean ist. Deswegen würde ich mich freuen, wenn ihr mal drüberschauen könntet: FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Richard (administrator) on RICK on 02-11-2014 12:50:53
Running from C:\Users\Richard\Desktop
Loaded Profile: Richard (Available profiles: Richard)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\WMIHookFnNotifier.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-07-23] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [] => [X]
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-02-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-06-24] (F-Secure Corporation)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1543957082-4200568014-2125959290-1002\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2342400 2011-01-06] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{FB55FA5A-08CB-4A14-A0C5-5BCDB3F1ACC4}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com
SearchScopes: HKLM - DefaultScope {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS
SearchScopes: HKLM - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS
SearchScopes: HKLM-x32 - DefaultScope {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS
SearchScopes: HKLM-x32 - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS
SearchScopes: HKCU - DefaultScope {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL =
SearchScopes: HKCU - {F81B2FE1-58AC-4CAF-AAF7-14753BDFABE0} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: F-Secure Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default
FF Homepage: about:
FF Keyword.URL: https://startpage.com/do/search?language=deutsch&cat=web&query=
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\user.js
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\linguee-de-en.xml
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\abs@avira.com [2014-11-01]
FF Extension: German Dictionary - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-11-01]
FF Extension: HTTPS-Everywhere - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\https-everywhere@eff.org [2014-11-01]
FF Extension: rein - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\rein@notiz.jp [2014-11-01]
FF Extension: No Name - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\temp [2014-11-01]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-11-01]
FF Extension: Linkification - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2014-11-01]
FF Extension: Compact Menu 2 - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4} [2014-11-01]
FF Extension: No Name - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{9w50ge7w-88c1-4wcg-bxg9-90g1a5d31c3z} [2014-11-01]
FF Extension: WOT - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-01]
FF Extension: DownloadHelper - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01]
FF Extension: Dictionary Tooltip - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{C6128004-4838-4708-9A97-BB172D17767D}(2) [2014-11-01]
FF Extension: BetterPrivacy - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2014-11-01]
FF Extension: Whitehart - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9} [2014-11-01]
FF Extension: ImageHost Grabber - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2014-11-01]
FF Extension: checkCompatibility - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\check-compatibility@dactyl.googlecode.com.xpi [2014-11-01]
FF Extension: Classic Theme Restorer - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-01]
FF Extension: CookieKiller - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\cookiekiller@joseph.moran.xpi [2014-11-01]
FF Extension: FireGestures - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\firegestures@xuldev.org.xpi [2014-11-01]
FF Extension: YouTube mp3 - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\info@youtube-mp3.org.xpi [2014-11-01]
FF Extension: Simple White - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\Simple@White.Theme.xpi [2014-11-01]
FF Extension: Image Zoom - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-11-01]
FF Extension: NoScript - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-01]
FF Extension: MeasureIt - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-11-01]
FF Extension: Adblock Plus - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\kix51rke.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{306eaf01-4e65-43d2-8504-1ae0c1859338}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-10-31]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-01]
CHR Extension: (Google Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-31]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-06-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [364544 2014-07-23] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2014-07-23] () [File not signed]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-07-08] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-06-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2014-06-24] (F-Secure Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-07-23] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-07-24] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-07-24] (Microsoft Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-03-03] (Qualcomm Atheros) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-24] (Microsoft Corporation)
R2 WMI_Hook_Service; C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [134792 2014-03-28] (MICRO-STAR INT'L,.LTD.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [81072 2014-02-20] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202792 2014-10-31] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-10-31] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-10-31] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-10-31] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-07-23] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-07-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3610592 2014-01-28] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_win8_x64.sys [42264 2013-07-03] (Nuvoton Technology Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-02 12:50 - 2014-11-02 12:51 - 00022103 _____ () C:\Users\Richard\Desktop\FRST.txt
2014-11-02 12:50 - 2014-11-02 12:50 - 00000000 ____D () C:\FRST
2014-11-02 12:48 - 2014-11-02 12:48 - 02114048 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2014-11-02 12:29 - 2014-11-02 12:35 - 00051630 _____ () C:\Users\Richard\Downloads\Extras.Txt
2014-11-02 12:29 - 2014-11-02 12:33 - 00130812 _____ () C:\Users\Richard\Downloads\OTL.Txt
2014-11-02 12:20 - 2014-11-02 12:20 - 00602112 _____ (OldTimer Tools) C:\Users\Richard\Downloads\OTL.exe
2014-11-02 12:11 - 2014-11-02 12:11 - 00001197 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\mbam.lnk
2014-11-02 12:04 - 2014-11-02 12:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 12:04 - 2014-11-02 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 12:04 - 2014-11-02 12:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-02 12:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 12:04 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 12:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 11:56 - 2014-11-02 11:56 - 00048792 _____ () C:\Windows\system32\Drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
2014-11-02 11:52 - 2014-11-02 11:53 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Richard\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-02 11:44 - 2014-11-02 11:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-02 11:44 - 2014-10-03 10:02 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-02 11:33 - 2014-11-02 11:33 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieUserList
2014-11-02 11:33 - 2014-11-02 11:33 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieSiteList
2014-11-02 03:46 - 2014-11-02 03:46 - 00002175 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\JDownloader 2.lnk
2014-11-02 03:13 - 2014-11-02 03:13 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-11-02 03:12 - 2014-11-02 03:24 - 00000000 ____D () C:\Users\Richard\AppData\Local\JDownloader v2.0
2014-11-02 02:57 - 2014-11-02 02:57 - 00000000 ____D () C:\Users\Richard\AppData\Local\Intel_Corporation
2014-11-01 21:38 - 2014-11-01 21:38 - 00001254 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Adobe Photoshop.lnk
2014-11-01 21:33 - 2014-11-01 21:33 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-01 21:33 - 1998-11-05 11:08 - 00087392 ____N (Twain Working Group) C:\Windows\twain.dll
2014-11-01 21:30 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2014-11-01 20:56 - 2014-11-01 20:59 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\.minecraft
2014-11-01 20:56 - 2014-11-01 20:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\java
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Sun
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-01 20:56 - 2014-11-01 20:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-01 20:15 - 2014-11-02 03:33 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\XnViewMP
2014-11-01 20:15 - 2014-11-01 20:15 - 00001048 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\XnViewMP.lnk
2014-11-01 20:10 - 2014-11-01 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP
2014-11-01 20:10 - 2014-11-01 20:10 - 00000000 ____D () C:\Program Files\XnViewMP
2014-11-01 19:57 - 2014-11-01 19:57 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\MPC-HC
2014-11-01 19:56 - 2014-11-01 19:56 - 00000000 ____D () C:\Program Files\MPC-HC
2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Users\Richard\Documents\Rainmeter
2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Rainmeter
2014-11-01 16:44 - 2014-11-01 16:44 - 00000000 ____D () C:\Program Files\Rainmeter
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Users\Richard\Documents\Splashtop Whiteboard
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\Users\Richard\Documents\Splashtop Presenter
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-11-01 15:04 - 2014-11-01 15:04 - 00000955 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\geek.lnk
2014-11-01 12:48 - 2014-11-01 12:48 - 00000000 ____D () C:\Users\Richard\AppData\Local\AVerMedia TV Player
2014-11-01 12:47 - 2014-11-01 12:47 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\WebApp
2014-11-01 12:47 - 2014-11-01 12:47 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\Documents\CyberLink
2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\CyberLink
2014-11-01 12:46 - 2014-11-01 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\Cyberlink
2014-11-01 12:46 - 2014-11-01 16:38 - 00000000 ____D () C:\Users\Richard\Documents\MediaCloud
2014-11-01 12:44 - 2014-11-01 12:44 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-11-01 12:44 - 2014-11-01 12:44 - 00000000 ____D () C:\ProgramData\GamingControlCenter
2014-11-01 12:43 - 2014-11-02 12:10 - 00000000 ___HD () C:\Users\Richard\.rainlendar2
2014-11-01 12:43 - 2014-11-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Rainlendar2
2014-11-01 12:41 - 2013-09-07 10:10 - 00675988 _____ () C:\Users\Richard\Downloads\Minecraft.exe
2014-11-01 12:39 - 2014-11-01 12:39 - 00000000 ____D () C:\ProgramData\ROCCAT
2014-11-01 12:38 - 2014-11-01 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
2014-11-01 12:38 - 2014-11-01 12:38 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-11-01 11:37 - 2014-11-01 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Thunderbird
2014-11-01 11:37 - 2014-11-01 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Local\Thunderbird
2014-11-01 11:33 - 2014-11-01 11:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-11-01 11:00 - 2014-11-01 11:00 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-11-01 10:53 - 2014-11-01 12:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-01 10:53 - 2014-11-01 10:54 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla
2014-11-01 10:53 - 2014-11-01 10:54 - 00000000 ____D () C:\Users\Richard\AppData\Local\Mozilla
2014-11-01 10:53 - 2014-11-01 10:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-01 10:53 - 2014-11-01 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-01 10:42 - 2014-11-01 10:42 - 00000000 ___RD () C:\Users\Richard\Documents\xls
2014-11-01 10:42 - 2014-11-01 10:42 - 00000000 ____D () C:\Users\Richard\Documents\txt
2014-11-01 10:42 - 2014-10-12 14:42 - 430346312 _____ () C:\Users\Richard\Documents\backup.dpb
2014-11-01 10:41 - 2014-11-01 10:42 - 00000000 ____D () C:\Users\Richard\Documents\roman
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\pdf
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\Papyrus Backups
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\netbank
2014-11-01 10:41 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\firma
2014-11-01 10:40 - 2014-11-01 13:47 - 00000000 ____D () C:\Users\Richard\Documents\diverses
2014-11-01 10:40 - 2014-11-01 10:41 - 00000000 ____D () C:\Users\Richard\Documents\DVD Profiler
2014-11-01 10:40 - 2014-11-01 10:40 - 00000000 ____D () C:\Users\Richard\Documents\doc
2014-11-01 10:07 - 2014-11-01 10:07 - 00000000 ____D () C:\Users\Richard\AppData\Local\FreeCommanderXE
2014-11-01 10:07 - 2014-11-01 10:07 - 00000000 ____D () C:\Program Files (x86)\FreeCommander XE
2014-11-01 10:05 - 2014-11-01 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-01 10:05 - 2014-11-01 10:05 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-01 10:02 - 2014-11-01 10:02 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps
2014-11-01 01:06 - 2014-11-02 12:19 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\ClassicShell
2014-11-01 01:04 - 2014-11-01 01:05 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-11-01 01:01 - 2014-11-01 01:01 - 00000000 ____D () C:\Program Files\Classic Shell
2014-10-31 22:36 - 2014-10-31 22:45 - 00056016 _____ () C:\Windows\system32\Drivers\fsbts.sys
2014-10-31 22:36 - 2014-10-31 22:36 - 00000657 _____ () C:\Windows\fsav_db_setup.log
2014-10-31 22:35 - 2014-10-31 22:36 - 04143130 _____ () C:\Windows\FSISU.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00895110 _____ () C:\Windows\FSSFM.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00804920 _____ () C:\Windows\FSSETUP.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00136077 _____ () C:\Windows\FSPROD.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00088490 _____ () C:\Windows\RunSetup.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00070869 _____ () C:\Windows\FSAVINST.LOG
2014-10-31 22:35 - 2014-10-31 22:36 - 00009874 _____ () C:\Windows\FSAVCSIN.LOG
2014-10-31 22:35 - 2014-10-31 22:36 - 00004347 _____ () C:\Windows\FSGKIAIN.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00004230 _____ () C:\Windows\fstnbins.LOG
2014-10-31 22:35 - 2014-10-31 22:36 - 00003335 _____ () C:\Windows\fsavunin.log
2014-10-31 22:35 - 2014-10-31 22:36 - 00001837 _____ () C:\Windows\FSLDIN.LOG
2014-10-31 22:35 - 2014-10-31 22:35 - 00140799 _____ () C:\Windows\FSDEPH.log
2014-10-31 22:35 - 2014-10-31 22:35 - 00020560 _____ () C:\Windows\prodsett_copy.ini
2014-10-31 22:35 - 2014-10-31 22:35 - 00019322 _____ () C:\Windows\fspplugin.log
2014-10-31 22:31 - 2014-10-31 22:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\F-Secure
2014-10-31 22:31 - 2014-10-31 22:36 - 00000000 ____D () C:\ProgramData\F-Secure
2014-10-31 22:31 - 2014-10-31 22:36 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2014-10-31 22:31 - 2014-10-31 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2014-10-31 22:18 - 2014-10-31 22:18 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Macromedia
2014-10-31 22:17 - 2014-11-02 12:27 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 22:17 - 2014-11-02 12:09 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-31 22:17 - 2014-10-31 22:22 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-31 22:17 - 2014-10-31 22:22 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Micro-Star_International_
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Google
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-31 22:17 - 2014-10-31 22:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-31 22:16 - 2014-10-31 22:21 - 00000564 _____ () C:\SSUUpdater.log
2014-10-31 22:15 - 2014-11-02 03:56 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1543957082-4200568014-2125959290-1002
2014-10-31 22:10 - 2014-10-31 22:10 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Intel Corporation
2014-10-31 22:09 - 2014-11-01 21:35 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Adobe
2014-10-31 22:09 - 2014-11-01 12:43 - 00000000 ____D () C:\Users\Richard
2014-10-31 22:09 - 2014-11-01 12:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\VirtualStore
2014-10-31 22:09 - 2014-10-31 22:09 - 00000020 ___SH () C:\Users\Richard\ntuser.ini
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Vorlagen
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Startmenü
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Netzwerkumgebung
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Lokale Einstellungen
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Eigene Dateien
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Druckumgebung
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Documents\Eigene Musik
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Documents\Eigene Bilder
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Local\Verlauf
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\AppData\Local\Anwendungsdaten
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 _SHDL () C:\Users\Richard\Anwendungsdaten
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Intel
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Local\Packages
2014-10-31 22:09 - 2014-10-31 22:09 - 00000000 ____D () C:\Users\Richard\AppData\Local\AVerMedia
2014-10-31 22:09 - 2014-07-24 02:17 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-31 22:09 - 2014-03-18 11:33 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-31 22:09 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-31 22:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-31 22:06 - 2014-11-02 12:28 - 01452911 _____ () C:\Windows\WindowsUpdate.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-02 12:16 - 2014-04-13 00:06 - 00450712 _____ () C:\Windows\system32\prfh0404.dat
2014-11-02 12:16 - 2014-04-13 00:06 - 00135868 _____ () C:\Windows\system32\prfc0404.dat
2014-11-02 12:16 - 2014-04-12 23:58 - 00436346 _____ () C:\Windows\system32\prfh0804.dat
2014-11-02 12:16 - 2014-04-12 23:58 - 00135868 _____ () C:\Windows\system32\prfc0804.dat
2014-11-02 12:16 - 2014-04-12 23:45 - 00715654 _____ () C:\Windows\system32\perfh01F.dat
2014-11-02 12:16 - 2014-04-12 23:45 - 00150298 _____ () C:\Windows\system32\perfc01F.dat
2014-11-02 12:16 - 2014-04-12 23:33 - 00725516 _____ () C:\Windows\system32\perfh01D.dat
2014-11-02 12:16 - 2014-04-12 23:33 - 00152370 _____ () C:\Windows\system32\perfc01D.dat
2014-11-02 12:16 - 2014-04-12 23:11 - 00781168 _____ () C:\Windows\system32\perfh019.dat
2014-11-02 12:16 - 2014-04-12 23:11 - 00161704 _____ () C:\Windows\system32\perfc019.dat
2014-11-02 12:16 - 2014-04-12 22:59 - 00789596 _____ () C:\Windows\system32\prfh0816.dat
2014-11-02 12:16 - 2014-04-12 22:59 - 00164166 _____ () C:\Windows\system32\prfc0816.dat
2014-11-02 12:16 - 2014-04-12 22:52 - 00775740 _____ () C:\Windows\system32\prfh0416.dat
2014-11-02 12:16 - 2014-04-12 22:52 - 00158832 _____ () C:\Windows\system32\prfc0416.dat
2014-11-02 12:16 - 2014-04-12 22:45 - 00798800 _____ () C:\Windows\system32\perfh015.dat
2014-11-02 12:16 - 2014-04-12 22:45 - 00163682 _____ () C:\Windows\system32\perfc015.dat
2014-11-02 12:16 - 2014-04-12 22:39 - 00798252 _____ () C:\Windows\system32\perfh013.dat
2014-11-02 12:16 - 2014-04-12 22:39 - 00162330 _____ () C:\Windows\system32\perfc013.dat
2014-11-02 12:16 - 2014-04-12 22:32 - 00441600 _____ () C:\Windows\system32\perfh014.dat
2014-11-02 12:16 - 2014-04-12 22:32 - 00077252 _____ () C:\Windows\system32\perfc014.dat
2014-11-02 12:16 - 2014-04-12 22:17 - 00508106 _____ () C:\Windows\system32\perfh012.dat
2014-11-02 12:16 - 2014-04-12 22:17 - 00135868 _____ () C:\Windows\system32\perfc012.dat
2014-11-02 12:16 - 2014-04-12 22:10 - 00498064 _____ () C:\Windows\system32\perfh011.dat
2014-11-02 12:16 - 2014-04-12 22:10 - 00135868 _____ () C:\Windows\system32\perfc011.dat
2014-11-02 12:16 - 2014-04-12 22:03 - 00794000 _____ () C:\Windows\system32\perfh010.dat
2014-11-02 12:16 - 2014-04-12 22:03 - 00156420 _____ () C:\Windows\system32\perfc010.dat
2014-11-02 12:16 - 2014-04-12 21:56 - 00743402 _____ () C:\Windows\system32\perfh00E.dat
2014-11-02 12:16 - 2014-04-12 21:56 - 00177988 _____ () C:\Windows\system32\perfc00E.dat
2014-11-02 12:16 - 2014-04-12 21:46 - 00408958 _____ () C:\Windows\system32\perfh00D.dat
2014-11-02 12:16 - 2014-04-12 21:46 - 00064964 _____ () C:\Windows\system32\perfc00D.dat
2014-11-02 12:16 - 2014-04-12 21:36 - 00427206 _____ () C:\Windows\system32\perfh00B.dat
2014-11-02 12:16 - 2014-04-12 21:36 - 00081788 _____ () C:\Windows\system32\perfc00B.dat
2014-11-02 12:16 - 2014-04-12 21:26 - 00800660 _____ () C:\Windows\system32\perfh00A.dat
2014-11-02 12:16 - 2014-04-12 21:26 - 00166550 _____ () C:\Windows\system32\perfc00A.dat
2014-11-02 12:16 - 2014-04-12 21:15 - 00542632 _____ () C:\Windows\system32\perfh008.dat
2014-11-02 12:16 - 2014-04-12 21:15 - 00089196 _____ () C:\Windows\system32\perfc008.dat
2014-11-02 12:16 - 2014-04-12 21:09 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2014-11-02 12:16 - 2014-04-12 21:09 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2014-11-02 12:16 - 2014-04-12 21:03 - 00456508 _____ () C:\Windows\system32\perfh006.dat
2014-11-02 12:16 - 2014-04-12 21:03 - 00079760 _____ () C:\Windows\system32\perfc006.dat
2014-11-02 12:16 - 2014-04-12 20:58 - 00731574 _____ () C:\Windows\system32\perfh005.dat
2014-11-02 12:16 - 2014-04-12 20:58 - 00151818 _____ () C:\Windows\system32\perfc005.dat
2014-11-02 12:16 - 2014-04-12 20:49 - 00802234 _____ () C:\Windows\system32\perfh00C.dat
2014-11-02 12:16 - 2014-04-12 20:49 - 00422260 _____ () C:\Windows\system32\perfh001.dat
2014-11-02 12:16 - 2014-04-12 20:49 - 00159184 _____ () C:\Windows\system32\perfc00C.dat
2014-11-02 12:16 - 2014-04-12 20:49 - 00064964 _____ () C:\Windows\system32\perfc001.dat
2014-11-02 12:16 - 2014-03-18 11:03 - 18547198 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 12:09 - 2014-07-24 02:36 - 00000000 ____D () C:\Windows\Driver Cache
2014-11-02 12:09 - 2014-03-18 10:54 - 00727292 _____ () C:\Windows\PFRO.log
2014-11-02 12:09 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 12:09 - 2013-08-22 14:25 - 00000194 _____ () C:\Windows\win.ini
2014-11-02 11:56 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-02 11:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-02 11:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-01 16:39 - 2014-07-24 02:48 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-01 16:39 - 2014-07-24 02:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-01 16:37 - 2014-07-24 02:45 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-11-01 16:37 - 2014-07-24 02:41 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2014-11-01 16:37 - 2014-07-24 02:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-11-01 16:37 - 2014-07-24 02:38 - 00000000 ____D () C:\Program Files (x86)\MSI
2014-11-01 13:46 - 2013-08-22 15:46 - 00021872 _____ () C:\Windows\setupact.log
2014-10-31 23:00 - 2014-04-25 15:05 - 00000000 ____D () C:\Windows\RE_DRIVE
2014-10-31 22:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-31 22:34 - 2014-07-24 02:43 - 00000000 ____D () C:\ProgramData\Norton
2014-10-31 22:34 - 2013-08-22 15:44 - 00344824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-31 22:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-31 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore
2014-10-31 22:08 - 2014-04-12 20:15 - 00000000 ____D () C:\Windows\Panther
Some content of TEMP:
====================
C:\Users\Richard\AppData\Local\Temp\13059367852645321960.exe
C:\Users\Richard\AppData\Local\Temp\JDSetup130593678509519648.exe
C:\Users\Richard\AppData\Local\Temp\proxy_vole8461006690750503778.dll
C:\Users\Richard\AppData\Local\Temp\SetupUtil.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-04-12 19:16
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014
Ran by Richard at 2014-11-02 12:51:12
Running from C:\Users\Richard\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Antivirus (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivirus (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AVerMedia H335 MiniCard DVB-T 2.3.64.28 (HKLM-x32\...\AVerMedia H335 MiniCard DVB-T) (Version: 2.3.64.28 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia TV Player (HKLM-x32\...\InstallShield_{DFD1F64D-2AF0-4CE2-9752-D701E80F8D1C}) (Version: 1.8.0 - AVerMedia Technologies, Inc.)
AVerMedia TV Player (x32 Version: 1.8.0 - AVerMedia Technologies, Inc.) Hidden
Boot Configure (HKLM-x32\...\{A055E402-0EA0-4969-B751-B9373081B405}) (Version: 21.014.05141 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1309.301 - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Computer Security 14.115.100.0 (release) (x32 Version: 14.115.100.0 - F-Secure Corporation) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.15.358.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.15.358.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.141 (x32 Version: 1.02.141 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (x32 Version: 1.03.159.0 - F-Secure Corporation) Hidden
Gaming Control Center (HKLM-x32\...\Installshield_{25BFC31F-27BF-4870-B043-CBC8400C97F8}) (Version: 0.0.1.4 - MICRO-STAR INT'L,.LTD.)
Gaming Control Center (Version: 0.0.1.4 - MSI) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
Nuvoton NCT6681 CIR Device Driver (HKLM-x32\...\{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}) (Version: 1.4.1003 - Nuvoton Technology Corp.)
NVIDIA Graphics Driver 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Online Safety 2.115.2783.1598 (x32 Version: 2.115.2783.1598 - F-Secure Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.41.1042 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.41.1042 - Qualcomm Atheros)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version: - Roccat GmbH)
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.06 - Creative Technology Limited)
XnViewMP 0.69 (HKLM\...\XnViewMP_is1) (Version: 0.69 - Gougelet Pierre-e)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
31-10-2014 21:18:10 Removed Splashtop Streamer
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23E35DFE-72D9-420E-A2D6-E9A53D7CCC3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EA8CB6B-127F-4DFF-80E1-6F7B5884D7FB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {477E572F-58B6-4FA9-BD66-17C0720A3FC8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-03] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7861768D-65BF-4E01-9D37-EF0950E0F5CD} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BF9A406-B81D-47D8-869E-91375F0038CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-24 02:33 - 2014-01-08 01:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-24 02:45 - 2014-07-23 08:38 - 00403456 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2014-07-24 02:45 - 2014-07-23 08:38 - 00163840 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
2014-07-24 02:37 - 2014-02-21 19:21 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-07-24 02:37 - 2014-02-21 19:19 - 00366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2011-01-06 14:27 - 2011-01-06 14:27 - 02342400 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2014-03-03 20:53 - 2014-03-03 20:53 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1543957082-4200568014-2125959290-500 - Administrator - Disabled)
Gast (S-1-5-21-1543957082-4200568014-2125959290-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1543957082-4200568014-2125959290-1004 - Limited - Enabled)
Richard (S-1-5-21-1543957082-4200568014-2125959290-1002 - Administrator - Enabled) => C:\Users\Richard
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/02/2014 00:51:13 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 5 2014-11-02 12:51:13+02:00 RICK SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
Error: (11/02/2014 00:51:10 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 4 2014-11-02 12:51:10+02:00 RICK Rick\Richard F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Adware.SwiftBrowse.CH
Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
Error: (11/02/2014 00:23:28 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3 2014-11-02 12:23:28+02:00 RICK Rick\Richard F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Adware.SwiftBrowse.CH
Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
Error: (11/02/2014 00:23:13 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2 2014-11-02 12:23:13+02:00 RICK Rick\Richard F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Adware.SwiftBrowse.CH
Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
Error: (11/02/2014 00:13:51 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2014-11-02 12:13:51+02:00 RICK Rick\Richard F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Adware.SwiftBrowse.CH
Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
Error: (11/02/2014 00:09:25 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 29 2014-11-02 12:09:25+02:00 RICK Rick\Richard F-Secure Anti-Virus
Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe.
Infection: Gen:Variant.Adware.Graftor.159320
Error: (11/02/2014 00:09:00 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 28 2014-11-02 12:09:00+02:00 RICK Rick\Richard F-Secure Anti-Virus
Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe.
Infection: Gen:Variant.Adware.Graftor.159320
Error: (11/02/2014 00:08:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 27 2014-11-02 12:08:54+02:00 RICK Rick\Richard F-Secure Anti-Virus
Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe.
Infection: Gen:Variant.Adware.Graftor.159320
Error: (11/02/2014 00:08:24 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 26 2014-11-02 12:08:24+02:00 RICK Rick\Richard F-Secure Anti-Virus
Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe.
Infection: Gen:Variant.Adware.Graftor.159320
Error: (11/02/2014 00:07:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 25 2014-11-02 12:07:54+02:00 RICK Rick\Richard F-Secure Anti-Virus
Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe.
Infection: Gen:Variant.Adware.Graftor.159320
System errors:
=============
Error: (11/02/2014 00:12:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/02/2014 00:12:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/02/2014 11:53:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/02/2014 11:53:17 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/02/2014 11:50:55 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (11/02/2014 11:50:22 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (11/02/2014 11:48:09 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (11/02/2014 11:47:36 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (11/01/2014 04:45:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.
Error: (11/01/2014 04:34:42 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden.
Microsoft Office Sessions:
=========================
Error: (11/02/2014 00:51:13 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 5 2014-11-02 12:51:13+02:00 RICK SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\windows\mod_frst.exe
File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
Error: (11/02/2014 00:51:10 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 4 2014-11-02 12:51:10+02:00 RICK Rick\Richard F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Adware.SwiftBrowse.CH
Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
Error: (11/02/2014 00:23:28 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3 2014-11-02 12:23:28+02:00 RICK Rick\Richard F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Adware.SwiftBrowse.CH
Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
Error: (11/02/2014 00:23:13 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2 2014-11-02 12:23:13+02:00 RICK Rick\Richard F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Adware.SwiftBrowse.CH
Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
Error: (11/02/2014 00:13:51 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2014-11-02 12:13:51+02:00 RICK Rick\Richard F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: Adware.SwiftBrowse.CH
Object: C:\Windows\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}Gw64.sys.tmp
Error: (11/02/2014 00:09:25 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 29 2014-11-02 12:09:25+02:00 RICK Rick\Richard F-Secure Anti-Virus
Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe.
Infection: Gen:Variant.Adware.Graftor.159320
Error: (11/02/2014 00:09:00 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 28 2014-11-02 12:09:00+02:00 RICK Rick\Richard F-Secure Anti-Virus
Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe.
Infection: Gen:Variant.Adware.Graftor.159320
Error: (11/02/2014 00:08:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 27 2014-11-02 12:08:54+02:00 RICK Rick\Richard F-Secure Anti-Virus
Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe.
Infection: Gen:Variant.Adware.Graftor.159320
Error: (11/02/2014 00:08:24 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 26 2014-11-02 12:08:24+02:00 RICK Rick\Richard F-Secure Anti-Virus
Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe.
Infection: Gen:Variant.Adware.Graftor.159320
Error: (11/02/2014 00:07:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 25 2014-11-02 12:07:54+02:00 RICK Rick\Richard F-Secure Anti-Virus
Malicious code found in file C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe.
Infection: Gen:Variant.Adware.Graftor.159320
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 19%
Total physical RAM: 16306 MB
Available physical RAM: 13122.47 MB
Total Pagefile: 19250 MB
Available Pagefile: 16370.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:237.67 GB) (Free:178.54 GB) NTFS
Drive d: (Data) (Fixed) (Total:912.18 GB) (Free:479.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: F1EDCD87)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F1EDCDA0)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 02.11.2014 Scan Time: 12:04:30 Logfile: mwb_scan_log1.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.02.03 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Richard Scan Type: Threat Scan Result: Completed Objects Scanned: 350412 Time Elapsed: 4 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe, 2296, Delete-on-Reboot, [44b7e84e19639e98e235c2073fc2629e] PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe, 2572, Delete-on-Reboot, [817af541bfbd1b1b4ec9e2e7748db848] PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter64.exe, 4852, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83] Modules: 0 (No malicious items detected) Registry Keys: 23 PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Framed Display, Quarantined, [44b7e84e19639e98e235c2073fc2629e], PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Framed Display, Quarantined, [817af541bfbd1b1b4ec9e2e7748db848], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [7e7d8fa782fa6ccac39f697c649ec33d], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [7e7d8fa782fa6ccac39f697c649ec33d], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{05b5ef3f-4c6a-426e-b77e-48ebb3e721f1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A6CEB2DE-65F7-46FE-89DA-446DD487F293}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5B81129C-6563-411B-A509-6BBB01EC25FF}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5B81129C-6563-411B-A509-6BBB01EC25FF}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A6CEB2DE-65F7-46FE-89DA-446DD487F293}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{05B5EF3F-4C6A-426E-B77E-48EBB3E721F1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{05B5EF3F-4C6A-426E-B77E-48EBB3E721F1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{05B5EF3F-4C6A-426E-B77E-48EBB3E721F1}, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Framed Display, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [24d7fd39cdafdd59c7f6c59c23e0b848], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [e51669cd275538fe47b589eec53f10f0], Registry Values: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1543957082-4200568014-2125959290-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, Quarantined, [e51669cd275538fe47b589eec53f10f0] Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins, Quarantined, [e813e5514834d660ad73f3aa83817d83], Files: 30 PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe, Delete-on-Reboot, [44b7e84e19639e98e235c2073fc2629e], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe, Delete-on-Reboot, [817af541bfbd1b1b4ec9e2e7748db848], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplaybho.dll, Quarantined, [6794fd39acd09b9bb9d3b6f389796a96], PUP.Optional.BPlug, C:\Users\Richard\AppData\Local\Temp\is1901864539\1DE257BB_stp.EXE, Quarantined, [72890c2a56269e980381b60bbb46817f], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplay.ico, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\0, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\7za.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplayUninstall.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.InstallState, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\6db7eb66a30b41a3809c.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\6db7eb66a30b41a3809c64.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\7za.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\bau, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\BrowserAdapter.7z, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter64.exe, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.PurBrowse64.exe, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.PurBrowseG.zip, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.InstallState, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\{6db7eb66-a30b-41a3-809c-addb2341dafb}.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\{6db7eb66-a30b-41a3-809c-addb2341dafb}64.dll, Delete-on-Reboot, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.Bromon.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.BroStats.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.BrowserAdapter.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.CompatibilityChecker.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.FFUpdate.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.GCUpdate.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.IEUpdate.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.Msvcmon.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.PurBrowseG.dll, Quarantined, [e813e5514834d660ad73f3aa83817d83], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 02.11.2014 Scan Time: 12:11:29 Logfile: mwb_scan_log.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.02.03 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Richard Scan Type: Threat Scan Result: Completed Objects Scanned: 349669 Time Elapsed: 4 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Schon mal vielen Dank im Voraus. |
| Themen zu Win 8.1 Framed Display Virus eingefangen |
| adware, avira, browser, device driver, fehlercode 70, firefox, helper, install.exe, installation, mozilla, object, performance, pup.optional.bplug, pup.optional.browsefox.a, pup.optional.frameddisplay.a, pup.optional.installcore.a, realtek, registry, scan, spyware, system, usb, warnung, win32/browsefox.o, windows |
Baum-Darstellung