Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Opera leitet zu anderen Seiten ....

Opera leitet zu anderen Seiten ....


Log-Analyse und Auswertung: Opera leitet zu anderen Seiten ....

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.10.2014, 10:21   #1
Sabine99
 
Opera leitet zu anderen Seiten .... - Icon32

Opera leitet zu anderen Seiten ....


Hallo,
ich habe mich wohl bei der Einrichtung eines neuen Note books (als ich die fire wall installieren wollte) verklickt und habe jetzt den Salat.
IE geht übrigens gar nicht mehr. Der Emsisoft webshield is inaktiv und ich kann ihn auch nicht installieren.
Anbei alle files. Bei GMER gabs diverse Fehlermeldungen und abschließend die Meldung (Sinngemäß) dass, das System nicht verändert wurde. Ich hoffe, das passt so alles

Danke im Voraus für die Hilfe.
Sabine99


1. Quarantäne:
Code:
ATTFilter
Emsisoft Anti-Malware v. 9.0.0.4570
(C) 2003-2014 Emsisoft - www.emsisoft.com

ID   Object
0    C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
1    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} erkannt: Application.AdShort (A)
2    C:\Program Files\SearchProtect\Main\bin\SPTool.dll erkannt: Adware.SearchProtect.O (B)
3    Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} erkannt: Application.AdShort (A)
4    C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
5    C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
6    C:\ProgramData\IePluginServices\PluginService.exe erkannt: Adware.Agent.OML (B)
7    Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK erkannt: Application.InstallAd (A)
8    C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
9    C:\Users\HP\AppData\Roaming\IO.exe erkannt: Gen:Variant.Adware.Kazy.433849 (B)
10   C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe erkannt: Application.Win32.AdConnect (A)
11   Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT erkannt: Application.InstallAd (A)
12   C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe erkannt: Gen:Variant.Adware.Plush.1 (B)
13   C:\Program Files\SearchProtect\UI\bin\cltmngui.exe erkannt: Adware.SearchProtect.O (B)
14   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
15   C:\ProgramData\IePluginServices erkannt: Application.AdPlug (A)
16   C:\Users\HP\AppData\Roaming\LookThisUp\LookThisUp.exe erkannt: Adware.Agent.OMN (B)
17   C:\Users\HP\AppData\Roaming\SupTab erkannt: Application.AdShort (A)
18   C:\Program Files\Searchprotect erkannt: Application.AppInstall (A)
19   C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe erkannt: Gen:Variant.Adware.Plush.1 (B)
20   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
21   Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} erkannt: Application.AdShort (A)
22   C:\Program Files\ver7SpeedChecker\x86\TandemRunner.exe erkannt: Gen:Variant.Adware.Kazy.367484 (B)
23   C:\Users\HP\AppData\Roaming\QMXKNTZD.exe erkannt: Gen:Variant.Adware.Plush.1 (B)
24   C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe erkannt: Application.Toolbar (A)
25   C:\Users\HP\AppData\Local\ConvertAd\ConvertAd.exe erkannt: Application.Generic.833997 (B)
26   C:\Windows\System32\Drivers\ttnfd.sys erkannt: Adware.Vitruvian.B (B)
27   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT erkannt: Application.AdProtect (A)
28   C:\Program Files\SupTab erkannt: Application.AdShort (A)
29   C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll erkannt: Application.Win32.SProtect (A)
30   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
31   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
32   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
33   C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe erkannt: Trojan.Generic.11889143 (B)
34   C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll erkannt: Application.Win32.AdConnect (A)
35   C:\Program Files\ORBTR\Orbt.ext erkannt: Application.Toolbar (A)
36   C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32LOADER.DLL erkannt: Application.BrowserExt (A)
37   Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP erkannt: Application.InstallTab (A)
38   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
39   C:\Program Files\AnyProtectEx erkannt: Application.AdProtect (A)
40   Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT erkannt: Application.InstallAd (A)
41   C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe erkannt: Adware.SearchProtect.O (B)
42   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE erkannt: Application.AdTool (A)
43   C:\Users\HP\AppData\Roaming\systweak erkannt: Application.AppInstall (A)
44   C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll erkannt: Adware.SearchProtect.O (B)
45   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
46   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\TUTOTAG erkannt: Adware.Win32.Ozore (A)
47   C:\Users\HP\AppData\Local\Searchprotect erkannt: Application.AppInstall (A)
48   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT erkannt: Application.InstallTab (A)
49   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS erkannt: Application.Win32.InstallAd (A)
50   C:\Program Files\Cinema-Plus-1.8cV12.10\WebSocket4Net.dll erkannt: Adware.SwiftBrowse.BW (B)
51   C:\Users\HP\Downloads\Setup.exe erkannt: Gen:Variant.Application.Bundler.20 (B)
52   C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe erkannt: Gen:Variant.Adware.Kazy.433849 (B)
53   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK erkannt: Application.InstallAd (A)
54   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
55   Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB erkannt: Application.AdShort (A)
56   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} erkannt: Application.Win32.WSearch (A)
57   C:\Users\HP\Downloads\Setup v2 1.exe erkannt: Gen:Variant.Application.Bundler.20 (B)
58   Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} erkannt: Application.AdShort (A)
59   C:\Program Files\Cinema-Plus-1.8cV12.10\utils.exe erkannt: Behavior.AutorunCreation
60   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
61   Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM erkannt: Application.AdSome (A)
2. letzter scan
Code:
ATTFilter
Emsisoft Anti-Malware - Version 9.0
Letztes Update: 16.10.2014 18:27:48
Benutzerkonto: xxxxx\HP

Scan Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\

PUPs-Erkennung: An
Archiv Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	16.10.2014 18:37:41
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe 	gefunden: Adware.SearchProtect.O (B)
C:\Users\HP\AppData\Roaming\systweak 	gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CLTMNGSVC 	gefunden: Application.AdServ (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK 	gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE 	gefunden: Application.AdTool (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM 	gefunden: Application.AdSome (A)
C:\Users\HP\AppData\Roaming\SupTab 	gefunden: Application.AdShort (A)
C:\Program Files\SupTab 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB 	gefunden: Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT 	gefunden: Application.AdProtect (A)
C:\ProgramData\IePluginServices 	gefunden: Application.AdPlug (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP 	gefunden: Application.InstallTab (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT 	gefunden: Application.InstallTab (A)
C:\Program Files\Searchprotect 	gefunden: Application.AppInstall (A)
C:\Users\HP\AppData\Local\Searchprotect 	gefunden: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} 	gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT 	gefunden: Application.InstallAd (A)
C:\Program Files\ORBTR\Orbt.ext 	gefunden: Application.Toolbar (A)
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe 	gefunden: Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\Main\bin\SPTool.dll 	gefunden: Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe 	gefunden: Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll 	gefunden: Application.Win32.SProtect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll 	gefunden: Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll 	gefunden: Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\UI\bin\cltmngui.exe 	gefunden: Adware.SearchProtect.O (B)

Gescannt	186859
Gefunden	32

Scan Ende:	16.10.2014 19:13:03
Scan Zeit:	0:35:22

C:\Program Files\SearchProtect\UI\bin\cltmngui.exe	Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll	Quarantäne Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll	Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll	Quarantäne Application.Win32.SProtect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe	Quarantäne Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\Main\bin\SPTool.dll	Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe	Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\ORBTR\Orbt.ext	Quarantäne Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}	Quarantäne Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS	Quarantäne Application.Win32.InstallAd (A)
C:\Users\HP\AppData\Local\Searchprotect	Quarantäne Application.AppInstall (A)
C:\Program Files\Searchprotect	Quarantäne Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT	Quarantäne Application.InstallTab (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP	Quarantäne Application.InstallTab (A)
C:\ProgramData\IePluginServices	Quarantäne Application.AdPlug (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT	Quarantäne Application.AdProtect (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}	Quarantäne Application.AdShort (A)
C:\Program Files\SupTab	Quarantäne Application.AdShort (A)
C:\Users\HP\AppData\Roaming\SupTab	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM	Quarantäne Application.AdSome (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}	Quarantäne Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}	Quarantäne Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE	Quarantäne Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK	Quarantäne Application.InstallAd (A)
C:\Users\HP\AppData\Roaming\systweak	Quarantäne Application.AppInstall (A)

Quarantäne	30
3. defoggger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:34 on 16/10/2014 (HP)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
4. FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2014
Ran by HP (administrator) on xxx on 16-10-2014 20:38:28
Running from C:\Users\HP\Downloads
Loaded Profile: HP (Available profiles: HP)
Platform: Microsoft Windows 8.1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Cinema PlusV12.10) C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
() C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x86__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
() C:\Program Files\Opera\25.0.1614.50\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4873248 2014-10-14] (Emsisoft GmbH)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2565251152-1528942193-4253351456-1001\...\Run: [InetStat] => C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe [700430 2014-10-12] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:50415;https=127.0.0.1:50415
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=F5EB1EE6-65C8-4354-9BC2-A6EC74BD2B0E&SearchSource=55&CUI=&UM=6&UP=SP69664532-4D64-4A2F-B262-AAA7B97E7988&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Cinema-Plus-1.8cV12.10 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-bho.dll (Cinema PlusV12.10)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF HKCU\...\Firefox\Extensions: [{BD671362-7905-03FA-24A6-403C5083D562}] - C:\Program Files\ver7SpeedChecker\180.xpi
FF Extension: SpeedChecker - C:\Program Files\ver7SpeedChecker\180.xpi [2014-10-12]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-10] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-12] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-12] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 Orbiter; C:/Program Files/ORBTR/orbiter.dll [492496 2014-10-12] (Client Connect LTD)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S2 servervo; C:\Users\HP\AppData\Roaming\VOPackage\VOsrv.exe [70144 2014-10-12] () [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-12-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-10] (Broadcom Corp)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-10] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-10] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [50312 2014-10-12] (Corsica)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 20:38 - 2014-10-16 20:38 - 00016930 _____ () C:\Users\HP\Downloads\FRST.txt
2014-10-16 20:38 - 2014-10-16 20:38 - 00000000 ____D () C:\FRST
2014-10-16 20:37 - 2014-10-16 20:37 - 01102848 _____ (Farbar) C:\Users\HP\Downloads\FRST.exe
2014-10-16 20:34 - 2014-10-16 20:34 - 00000466 _____ () C:\Users\HP\Downloads\defogger_disable.log
2014-10-16 20:33 - 2014-10-16 20:33 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe
2014-10-16 20:23 - 2014-10-16 20:23 - 00025600 ___SH () C:\Users\HP\Downloads\Thumbs.db
2014-10-16 20:22 - 2014-10-16 20:22 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-10-16 20:14 - 2014-10-16 20:14 - 00512504 _____ () C:\Windows\Minidump\101614-12000-01.dmp
2014-10-12 15:32 - 2014-10-12 18:49 - 00001120 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2014-10-12 15:22 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-12 15:22 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 15:04 - 2014-10-12 15:04 - 00523208 _____ () C:\Windows\Minidump\101214-22593-01.dmp
2014-10-12 14:32 - 2014-10-12 14:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-12 14:31 - 2014-08-29 13:01 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-10-12 14:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-12 14:07 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-12 14:07 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-12 14:06 - 2014-10-12 14:19 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OnlineArmor
2014-10-12 14:03 - 2014-10-16 20:14 - 00000000 ____D () C:\Windows\Minidump
2014-10-12 14:03 - 2014-10-12 14:03 - 00606936 _____ () C:\Windows\Minidump\101214-26781-01.dmp
2014-10-12 14:03 - 2014-10-12 14:03 - 00003358 _____ () C:\EamClean.log
2014-10-12 13:58 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\EurekaLab s.a.s
2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\Program Files\Online Armor
2014-10-12 13:52 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-10-12 13:48 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-12 13:46 - 2014-10-12 13:48 - 10696960 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\OnlineArmorSetup.exe
2014-10-12 13:33 - 2014-10-12 13:33 - 00001067 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-12 13:33 - 2014-10-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-12 13:32 - 2014-10-16 20:30 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-10-12 13:19 - 2014-10-12 13:19 - 00001128 _____ () C:\Users\HP\Desktop\Continue Live Installation.lnk
2014-10-12 13:16 - 2014-10-12 14:03 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-10-12 13:16 - 2014-10-12 14:03 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-10-12 13:16 - 2014-10-12 13:42 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-10-12 13:16 - 2014-10-12 13:16 - 00000000 ____D () C:\Users\HP\AppData\Roaming\AnyProtectEx
2014-10-12 13:15 - 2014-10-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\ap_movie
2014-10-12 13:14 - 2014-10-12 13:14 - 00612126 _____ (CMI Limited) C:\Users\HP\AppData\Local\nsb44F.tmp
2014-10-12 13:13 - 2014-10-12 16:01 - 00000000 ____D () C:\Users\HP\AppData\Local\ConvertAd
2014-10-12 13:13 - 2014-10-12 13:51 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-12 13:12 - 2014-10-12 14:03 - 00000000 ____D () C:\Users\HP\AppData\Local\mbot_de_145
2014-10-12 13:12 - 2014-10-12 14:03 - 00000000 ____D () C:\Program Files\mbot_de_145
2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\Users\HP\AppData\Roaming\sweet-page
2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-12 13:12 - 2014-08-29 17:02 - 00018248 _____ () C:\Windows\system32\roboot.exe
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Xunlei
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-10-12 13:07 - 2014-10-12 13:10 - 163265680 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\EmsisoftAntiMalwareSetup.exe
2014-10-12 13:04 - 2014-10-16 20:27 - 00002440 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user.job
2014-10-12 13:04 - 2014-10-16 20:27 - 00002440 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00005178 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00004488 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00003464 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00003126 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00002104 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00001684 _____ () C:\Windows\Tasks\QMXKNTZD.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00001454 _____ () C:\Windows\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00001328 _____ () C:\Windows\Tasks\IO.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00000962 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00000644 _____ () C:\Windows\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.job
2014-10-12 13:03 - 2014-10-16 19:21 - 00000000 ____D () C:\Program Files\Cinema-Plus-1.8cV12.10
2014-10-12 13:03 - 2014-10-16 19:08 - 00000966 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-12 13:03 - 2014-10-12 13:03 - 00000000 ____D () C:\Users\HP\AppData\Local\globalUpdate
2014-10-12 13:03 - 2014-10-12 13:03 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-12 13:02 - 2014-10-16 18:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-12 13:02 - 2014-10-16 18:46 - 00000000 ____D () C:\Program Files\Opera
2014-10-12 13:02 - 2014-10-12 13:02 - 00001111 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Opera Software
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Opera Software
2014-10-12 13:01 - 2014-10-16 20:27 - 00000404 _____ () C:\Windows\Tasks\SpeedChecker Update.job
2014-10-12 13:01 - 2014-10-12 14:03 - 00000000 ____D () C:\Program Files\ver7SpeedChecker
2014-10-12 13:01 - 2014-10-12 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-12 13:01 - 2014-10-12 13:00 - 00050312 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2014-10-12 13:00 - 2014-10-16 20:14 - 00000000 ____D () C:\Program Files\ORBTR
2014-10-12 13:00 - 2014-10-12 18:49 - 00000000 ____D () C:\Users\HP\AppData\Roaming\LookThisUp
2014-10-12 13:00 - 2014-10-12 13:01 - 00000000 ____D () C:\Users\HP\AppData\Roaming\VOPackage
2014-10-12 13:00 - 2014-10-12 13:00 - 00873960 _____ (Opera Software) C:\Users\HP\Desktop\opera-23.0.1522.77-multi.exe
2014-10-12 13:00 - 2014-10-12 13:00 - 00001040 _____ () C:\Users\HP\Desktop\FLVM Player.lnk
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\InetStat
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Program Files\FLVM Player
2014-10-12 12:56 - 2014-09-22 08:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 20:38 - 2014-04-10 06:45 - 01418876 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 20:37 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru
2014-10-16 20:34 - 2013-12-14 06:09 - 00810620 _____ () C:\Windows\system32\perfh013.dat
2014-10-16 20:34 - 2013-12-14 06:09 - 00172722 _____ () C:\Windows\system32\perfc013.dat
2014-10-16 20:34 - 2013-12-14 06:03 - 00806368 _____ () C:\Windows\system32\perfh010.dat
2014-10-16 20:34 - 2013-12-14 06:03 - 00166812 _____ () C:\Windows\system32\perfc010.dat
2014-10-16 20:34 - 2013-12-13 22:46 - 00005552 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 20:27 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 20:26 - 2014-09-03 22:59 - 00000000 ____D () C:\Users\HP
2014-10-16 20:26 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-16 18:22 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 18:20 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-12 19:09 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-12 18:42 - 2013-08-22 09:22 - 00333576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\FileManager
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Camera
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-12 18:28 - 2013-12-13 22:30 - 00017120 _____ () C:\Windows\PFRO.log
2014-10-12 17:35 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-12 17:32 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-12 13:52 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\restore
2014-10-12 13:12 - 2014-09-03 22:59 - 00001634 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-12 13:01 - 2013-08-22 09:23 - 00013554 _____ () C:\Windows\setupact.log
2014-10-12 12:57 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-12 12:42 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\LogFiles

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\dlLogic.exe
C:\Users\HP\AppData\Local\Temp\hAUK6.exe
C:\Users\HP\AppData\Local\Temp\spstub.exe
C:\Users\HP\AppData\Local\Temp\yYKY0.dll
C:\Users\HP\AppData\Local\Temp\yYKY0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 18:19

==================== End Of Log ============================
5. addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2014
Ran by HP at 2014-10-16 20:39:32
Running from C:\Users\HP\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
Cinema-Plus-1.8cV12.10 (HKLM\...\Cinema-Plus-1.8cV12.10) (Version: 1.35.9.29 - Cinema PlusV12.10) <==== ATTENTION
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
FLV Player (remove only) (HKLM\...\FLVM Player) (Version:  - )
InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
LookThisUp (HKLM\...\LookThisUp) (Version: 1.0.2 - LookThisUp) <==== ATTENTION
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
MyBestOffersToday 014.145 (HKLM\...\mbot_de_145_is1) (Version:  - MYBESTOFFERSTODAY) <==== ATTENTION
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
SpeedChecker (HKLM\...\6AD17EF9-640F-1903-11A0-44AC17BAE75D) (Version:  - SpeedChecker-software)
sweet-page uninstall (HKLM\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
Term Tutor (HKLM\...\TermTutor) (Version: 1.9.0.8 - Term Tutor) <==== ATTENTION
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse  (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS)
WindowsMangerProtect20.0.0.1013 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-10-2014 18:26:12 Online Armor Installation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01F6C3F9-2D4E-4526-A979-99B3FB5866FA} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {0FA9C72D-D3DC-41EA-AD12-0264A29FFF50} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2014-10-16] ()
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2A64602B-1AB0-4966-A010-7EC9473A882C} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {39BA0FD9-2114-4ED8-921F-A9057E98625F} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12] (globalUpdate) <==== ATTENTION
Task: {3FECD40E-4E31-483F-932C-D023C75AE79D} - System32\Tasks\SpeedChecker Update => C:\Program Files\ver7SpeedChecker\R3SpeedCheckerK00.exe
Task: {40D51E4E-BC10-4EEC-9D41-E6C3791B1CE8} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {504A0D58-B71A-4F9A-826E-CABA60988E0C} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {515A8D55-B2DA-4DAC-A197-0B02F6DAE700} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2014-10-16] ()
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {61A1EED5-DBB1-4606-8B71-4229B497EC59} - System32\Tasks\QMXKNTZD => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410} - System32\Tasks\IO => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {7DD4B446-71BA-473E-9D44-5D9CCD6DF0F4} - System32\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef => C:\Program Files\Cinema-Plus-1.8cV12.10\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.exe [2014-10-12] () <==== ATTENTION
Task: {81F9A0F3-DD82-46EB-8283-D37283B19EB5} - System32\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb => C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8F7FB3A6-5ECC-485E-B309-B4E99ABE21DD} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {958671CB-F534-4A06-A0AC-9565F9886742} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12] (globalUpdate) <==== ATTENTION
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A02FE6A8-4963-4C7D-8D21-DC48FE3E517C} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {A1C0096D-7EF7-4283-9C87-611781AF8F49} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C2961EE8-2DC4-4C84-B990-0D3D66B1293C} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1 => C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-codedownloader.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {C37FC171-6AF7-4A02-9319-1AFF42F85373} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {C4D658BC-D800-4DC5-86D9-71A9BE88EB07} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe <==== ATTENTION
Task: {C75D7376-34AE-446F-B87B-38A67BA4C903} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe <==== ATTENTION
Task: {C9B5E220-D559-42F8-8DD9-485DBCCEEC7D} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe <==== ATTENTION
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D50C998C-6979-4EAC-8606-D27001B758F6} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {DE636FF2-FD26-4241-9343-322918A02564} - System32\Tasks\Opera scheduled Autoupdate 1413111732 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E4116737-A8D3-478F-A8F6-5E3BE3DEB570} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E54ECCE2-55E3-4510-98CE-747AE04FEC2A} - System32\Tasks\ASP => C:\Program Files\RCP\systweakasp.exe
Task: {F77DFB67-F295-4A1F-AAED-A3B51A1C301F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.job => C:\Program Files\Cinema-Plus-1.8cV12.10\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1.job => C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.job => C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\IO.job => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: C:\Windows\Tasks\QMXKNTZD.job => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedChecker Update.job => C:\Program Files\ver7SpeedChecker\R3SpeedCheckerK00.exe

==================== Loaded Modules (whitelisted) =============

2014-10-12 13:32 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2014-10-12 13:00 - 2014-10-12 13:00 - 00700430 _____ () C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe
2014-10-16 18:46 - 2014-10-15 11:33 - 00156792 _____ () C:\Program Files\Opera\25.0.1614.50\message_center_win8.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 00499832 _____ () C:\Program Files\Opera\25.0.1614.50\opera_crashreporter.exe
2014-10-16 18:46 - 2014-10-15 11:33 - 01310328 _____ () C:\Program Files\Opera\25.0.1614.50\libglesv2.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 00219256 _____ () C:\Program Files\Opera\25.0.1614.50\libegl.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 09218680 _____ () C:\Program Files\Opera\25.0.1614.50\pdf.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 00991864 _____ () C:\Program Files\Opera\25.0.1614.50\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2565251152-1528942193-4253351456-500 - Administrator - Disabled)
Gast (S-1-5-21-2565251152-1528942193-4253351456-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2565251152-1528942193-4253351456-1003 - Limited - Enabled)
HP (S-1-5-21-2565251152-1528942193-4253351456-1001 - Administrator - Enabled) => C:\Users\HP

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/16/2014 08:33:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.16384, Zeitstempel: 0x52157231
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.16408, Zeitstempel: 0x523d45f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056436
ID des fehlerhaften Prozesses: 0x1270
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Vollständiger Name des fehlerhaften Pakets: iexplore.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: iexplore.exe5

Error: (10/16/2014 08:27:37 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (10/16/2014 08:26:50 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (10/16/2014 08:14:23 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x86104030, 0x81e29b44, 0x853c2130)C:\Windows\MEMORY.DMP101614-12000-01

Error: (10/16/2014 08:14:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎10.‎2014 um 19:48:17 unerwartet heruntergefahren.

Error: (10/16/2014 06:23:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/16/2014 06:20:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: microsoft.windowscommunicationsapps

Error: (10/16/2014 06:20:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.BingHealthAndFitness

Error: (10/16/2014 06:20:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.WindowsReadingList

Error: (10/16/2014 06:20:16 PM) (Source: DCOM) (EventID: 10010) (User: xxxxx)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/16/2014 06:20:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.BingFoodAndDrink

Error: (10/16/2014 06:20:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.Office.OneNote


Microsoft Office Sessions:
=========================
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/16/2014 08:33:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1638452157231ntdll.dll6.3.9600.16408523d45f1c000000500056436127001cfe96f980441cbC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle8db3f08-5562-11e4-972f-d850e69a5100

Error: (10/16/2014 08:27:37 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000


CodeIntegrity Errors:
===================================
  Date: 2014-10-16 18:22:30.322
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:29.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:28.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:28.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:27.244
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:26.650
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:25.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:25.275
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:24.322
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:22.494
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 73%
Total physical RAM: 1933.15 MB
Available physical RAM: 506.26 MB
Total Pagefile: 3917.15 MB
Available Pagefile: 1624.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1858.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:28.22 GB) (Free:10 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 67B602CA)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Themen zu Opera leitet zu anderen Seiten ....
adware.agent.oml, adware.agent.omm, adware.agent.omn, adware.vitruvian.b, application.adserv, application.adshort, application.adsome, application.adtool, application.appinstall, application.toolbar, bluescreen 0x0000009f, bluescreen 0x80070005, cinema-plus, convertad entfernen, fehlercode 0xc0000005, lookthisup, lookthisup entfernen, memory.dmp, mybestofferstoday entfernen, protectwindowsmanager.exe, pup.optional.appinstaller, pup.optional.cinemaplus, pup.optional.crossrider.a, pup.optional.flvmplayer, pup.optional.orbtr, pup.optional.searchprotect.a, pup.optional.termtutor.a, remote desktop access entfernen, sweet-page uninstall entfernen, term tutor entfernen, trojan.generic.11889143, trojan.msil.bladabindi, windowsapps


« Windows 7: Adware eingefangen | AdwCleaner »


Ähnliche Themen: Opera leitet zu anderen Seiten ....


  1. Spam Mails in meinem Namen von anderen Seiten
    Plagegeister aller Art und deren Bekämpfung - 20.02.2015 (1)
  2. Firefox (auch Opera oder Chrome) leitet permanent auf unerwünschte Seiten und stellt den Proxy um - WIN 8
    Log-Analyse und Auswertung - 22.05.2014 (12)
  3. XP Google redirect zu anderen Seiten
    Log-Analyse und Auswertung - 15.08.2013 (5)
  4. Suchmaschinen Umleitung/redirect Infektion zu ivehtane und anderen Seiten
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (11)
  5. google leitet auf andere seiten und werbefenster im ie firefox und opera
    Log-Analyse und Auswertung - 08.03.2013 (5)
  6. Google Ergebnisse werden umgeleitet zu anderen Seiten
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (27)
  7. Ihavenet - Googlelinks enden auf anderen Seiten
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (4)
  8. Virus, verbidnet mich immer mit abnow und diversen anderen Seiten.
    Log-Analyse und Auswertung - 15.02.2012 (11)
  9. Opera/Firefox leitet falsch weiter
    Log-Analyse und Auswertung - 17.07.2011 (6)
  10. Google Suche verlinkt zu anderen Seiten die 2
    Log-Analyse und Auswertung - 07.07.2011 (8)
  11. Google Suche verlinkt zu anderen Seiten
    Log-Analyse und Auswertung - 07.07.2011 (17)
  12. Youtube Seiten-Ladefehler alle anderen Seiten funktionieren
    Log-Analyse und Auswertung - 09.06.2011 (12)
  13. Google leitet zu anderen Websites weiter / Firefox blockt Inhalte
    Log-Analyse und Auswertung - 15.12.2010 (8)
  14. Google leitet auf andere Seiten um, Seiten wollen sich ungefragt öffnen. Gelöst(?) Sicher?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (8)
  15. Ich werde bei Google zu anderen Seiten geleitet
    Log-Analyse und Auswertung - 27.02.2009 (7)
  16. Google leitet(e) mich zu anderen Seiten!
    Log-Analyse und Auswertung - 11.02.2009 (8)
  17. Google leitet seiten um!
    Log-Analyse und Auswertung - 22.02.2007 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Opera leitet zu anderen Seiten .... - Hallo, ich habe mich wohl bei der Einrichtung eines neuen Note books (als ich die fire wall installieren wollte) verklickt und habe jetzt den Salat. IE geht übrigens gar nicht - Opera leitet zu anderen Seiten .......
Archiv
Du betrachtest: Opera leitet zu anderen Seiten .... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131