| |
| |||||||
Log-Analyse und Auswertung: Opera leitet zu anderen Seiten ....Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
19.10.2014, 10:21
| #1 |
 |  Opera leitet zu anderen Seiten .... Hallo, ich habe mich wohl bei der Einrichtung eines neuen Note books (als ich die fire wall installieren wollte) verklickt und habe jetzt den Salat. IE geht übrigens gar nicht mehr. Der Emsisoft webshield is inaktiv und ich kann ihn auch nicht installieren. Anbei alle files. Bei GMER gabs diverse Fehlermeldungen und abschließend die Meldung (Sinngemäß) dass, das System nicht verändert wurde. Ich hoffe, das passt so alles Danke im Voraus für die Hilfe.  Sabine99 1. Quarantäne: Code:
ATTFilter Emsisoft Anti-Malware v. 9.0.0.4570 (C) 2003-2014 Emsisoft - www.emsisoft.com ID Object 0 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 1 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} erkannt: Application.AdShort (A) 2 C:\Program Files\SearchProtect\Main\bin\SPTool.dll erkannt: Adware.SearchProtect.O (B) 3 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} erkannt: Application.AdShort (A) 4 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 5 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 6 C:\ProgramData\IePluginServices\PluginService.exe erkannt: Adware.Agent.OML (B) 7 Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK erkannt: Application.InstallAd (A) 8 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 9 C:\Users\HP\AppData\Roaming\IO.exe erkannt: Gen:Variant.Adware.Kazy.433849 (B) 10 C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe erkannt: Application.Win32.AdConnect (A) 11 Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT erkannt: Application.InstallAd (A) 12 C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe erkannt: Gen:Variant.Adware.Plush.1 (B) 13 C:\Program Files\SearchProtect\UI\bin\cltmngui.exe erkannt: Adware.SearchProtect.O (B) 14 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 15 C:\ProgramData\IePluginServices erkannt: Application.AdPlug (A) 16 C:\Users\HP\AppData\Roaming\LookThisUp\LookThisUp.exe erkannt: Adware.Agent.OMN (B) 17 C:\Users\HP\AppData\Roaming\SupTab erkannt: Application.AdShort (A) 18 C:\Program Files\Searchprotect erkannt: Application.AppInstall (A) 19 C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe erkannt: Gen:Variant.Adware.Plush.1 (B) 20 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 21 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} erkannt: Application.AdShort (A) 22 C:\Program Files\ver7SpeedChecker\x86\TandemRunner.exe erkannt: Gen:Variant.Adware.Kazy.367484 (B) 23 C:\Users\HP\AppData\Roaming\QMXKNTZD.exe erkannt: Gen:Variant.Adware.Plush.1 (B) 24 C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe erkannt: Application.Toolbar (A) 25 C:\Users\HP\AppData\Local\ConvertAd\ConvertAd.exe erkannt: Application.Generic.833997 (B) 26 C:\Windows\System32\Drivers\ttnfd.sys erkannt: Adware.Vitruvian.B (B) 27 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT erkannt: Application.AdProtect (A) 28 C:\Program Files\SupTab erkannt: Application.AdShort (A) 29 C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll erkannt: Application.Win32.SProtect (A) 30 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 31 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 32 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 33 C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe erkannt: Trojan.Generic.11889143 (B) 34 C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll erkannt: Application.Win32.AdConnect (A) 35 C:\Program Files\ORBTR\Orbt.ext erkannt: Application.Toolbar (A) 36 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32LOADER.DLL erkannt: Application.BrowserExt (A) 37 Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP erkannt: Application.InstallTab (A) 38 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 39 C:\Program Files\AnyProtectEx erkannt: Application.AdProtect (A) 40 Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT erkannt: Application.InstallAd (A) 41 C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe erkannt: Adware.SearchProtect.O (B) 42 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE erkannt: Application.AdTool (A) 43 C:\Users\HP\AppData\Roaming\systweak erkannt: Application.AppInstall (A) 44 C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll erkannt: Adware.SearchProtect.O (B) 45 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 46 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\TUTOTAG erkannt: Adware.Win32.Ozore (A) 47 C:\Users\HP\AppData\Local\Searchprotect erkannt: Application.AppInstall (A) 48 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT erkannt: Application.InstallTab (A) 49 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS erkannt: Application.Win32.InstallAd (A) 50 C:\Program Files\Cinema-Plus-1.8cV12.10\WebSocket4Net.dll erkannt: Adware.SwiftBrowse.BW (B) 51 C:\Users\HP\Downloads\Setup.exe erkannt: Gen:Variant.Application.Bundler.20 (B) 52 C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe erkannt: Gen:Variant.Adware.Kazy.433849 (B) 53 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK erkannt: Application.InstallAd (A) 54 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 55 Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB erkannt: Application.AdShort (A) 56 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} erkannt: Application.Win32.WSearch (A) 57 C:\Users\HP\Downloads\Setup v2 1.exe erkannt: Gen:Variant.Application.Bundler.20 (B) 58 Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} erkannt: Application.AdShort (A) 59 C:\Program Files\Cinema-Plus-1.8cV12.10\utils.exe erkannt: Behavior.AutorunCreation 60 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 61 Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM erkannt: Application.AdSome (A) Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0
Letztes Update: 16.10.2014 18:27:48
Benutzerkonto: xxxxx\HP
Scan Einstellungen:
Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\
PUPs-Erkennung: An
Archiv Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 16.10.2014 18:37:41
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe gefunden: Adware.SearchProtect.O (B)
C:\Users\HP\AppData\Roaming\systweak gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CLTMNGSVC gefunden: Application.AdServ (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE gefunden: Application.AdTool (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM gefunden: Application.AdSome (A)
C:\Users\HP\AppData\Roaming\SupTab gefunden: Application.AdShort (A)
C:\Program Files\SupTab gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB gefunden: Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT gefunden: Application.AdProtect (A)
C:\ProgramData\IePluginServices gefunden: Application.AdPlug (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP gefunden: Application.InstallTab (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT gefunden: Application.InstallTab (A)
C:\Program Files\Searchprotect gefunden: Application.AppInstall (A)
C:\Users\HP\AppData\Local\Searchprotect gefunden: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT gefunden: Application.InstallAd (A)
C:\Program Files\ORBTR\Orbt.ext gefunden: Application.Toolbar (A)
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe gefunden: Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\Main\bin\SPTool.dll gefunden: Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe gefunden: Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll gefunden: Application.Win32.SProtect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll gefunden: Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll gefunden: Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\UI\bin\cltmngui.exe gefunden: Adware.SearchProtect.O (B)
Gescannt 186859
Gefunden 32
Scan Ende: 16.10.2014 19:13:03
Scan Zeit: 0:35:22
C:\Program Files\SearchProtect\UI\bin\cltmngui.exe Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll Quarantäne Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll Quarantäne Application.Win32.SProtect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe Quarantäne Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\Main\bin\SPTool.dll Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\ORBTR\Orbt.ext Quarantäne Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Quarantäne Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS Quarantäne Application.Win32.InstallAd (A)
C:\Users\HP\AppData\Local\Searchprotect Quarantäne Application.AppInstall (A)
C:\Program Files\Searchprotect Quarantäne Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT Quarantäne Application.InstallTab (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP Quarantäne Application.InstallTab (A)
C:\ProgramData\IePluginServices Quarantäne Application.AdPlug (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT Quarantäne Application.AdProtect (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Quarantäne Application.AdShort (A)
C:\Program Files\SupTab Quarantäne Application.AdShort (A)
C:\Users\HP\AppData\Roaming\SupTab Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM Quarantäne Application.AdSome (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Quarantäne Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Quarantäne Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE Quarantäne Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK Quarantäne Application.InstallAd (A)
C:\Users\HP\AppData\Roaming\systweak Quarantäne Application.AppInstall (A)
Quarantäne 30
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:34 on 16/10/2014 (HP)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2014
Ran by HP (administrator) on xxx on 16-10-2014 20:38:28
Running from C:\Users\HP\Downloads
Loaded Profile: HP (Available profiles: HP)
Platform: Microsoft Windows 8.1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Cinema PlusV12.10) C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
() C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x86__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
() C:\Program Files\Opera\25.0.1614.50\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4873248 2014-10-14] (Emsisoft GmbH)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2565251152-1528942193-4253351456-1001\...\Run: [InetStat] => C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe [700430 2014-10-12] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:50415;https=127.0.0.1:50415
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=F5EB1EE6-65C8-4354-9BC2-A6EC74BD2B0E&SearchSource=55&CUI=&UM=6&UP=SP69664532-4D64-4A2F-B262-AAA7B97E7988&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: Cinema-Plus-1.8cV12.10 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-bho.dll (Cinema PlusV12.10)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF HKCU\...\Firefox\Extensions: [{BD671362-7905-03FA-24A6-403C5083D562}] - C:\Program Files\ver7SpeedChecker\180.xpi
FF Extension: SpeedChecker - C:\Program Files\ver7SpeedChecker\180.xpi [2014-10-12]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-10] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-12] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-12] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 Orbiter; C:/Program Files/ORBTR/orbiter.dll [492496 2014-10-12] (Client Connect LTD)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S2 servervo; C:\Users\HP\AppData\Roaming\VOPackage\VOsrv.exe [70144 2014-10-12] () [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-12-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-10] (Broadcom Corp)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-10] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-10] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [50312 2014-10-12] (Corsica)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
U0 msahci; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 20:38 - 2014-10-16 20:38 - 00016930 _____ () C:\Users\HP\Downloads\FRST.txt
2014-10-16 20:38 - 2014-10-16 20:38 - 00000000 ____D () C:\FRST
2014-10-16 20:37 - 2014-10-16 20:37 - 01102848 _____ (Farbar) C:\Users\HP\Downloads\FRST.exe
2014-10-16 20:34 - 2014-10-16 20:34 - 00000466 _____ () C:\Users\HP\Downloads\defogger_disable.log
2014-10-16 20:33 - 2014-10-16 20:33 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe
2014-10-16 20:23 - 2014-10-16 20:23 - 00025600 ___SH () C:\Users\HP\Downloads\Thumbs.db
2014-10-16 20:22 - 2014-10-16 20:22 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-10-16 20:14 - 2014-10-16 20:14 - 00512504 _____ () C:\Windows\Minidump\101614-12000-01.dmp
2014-10-12 15:32 - 2014-10-12 18:49 - 00001120 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2014-10-12 15:22 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-12 15:22 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 15:04 - 2014-10-12 15:04 - 00523208 _____ () C:\Windows\Minidump\101214-22593-01.dmp
2014-10-12 14:32 - 2014-10-12 14:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-12 14:31 - 2014-08-29 13:01 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-10-12 14:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-12 14:07 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-12 14:07 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-12 14:06 - 2014-10-12 14:19 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OnlineArmor
2014-10-12 14:03 - 2014-10-16 20:14 - 00000000 ____D () C:\Windows\Minidump
2014-10-12 14:03 - 2014-10-12 14:03 - 00606936 _____ () C:\Windows\Minidump\101214-26781-01.dmp
2014-10-12 14:03 - 2014-10-12 14:03 - 00003358 _____ () C:\EamClean.log
2014-10-12 13:58 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\EurekaLab s.a.s
2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\Program Files\Online Armor
2014-10-12 13:52 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-10-12 13:48 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-12 13:46 - 2014-10-12 13:48 - 10696960 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\OnlineArmorSetup.exe
2014-10-12 13:33 - 2014-10-12 13:33 - 00001067 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-12 13:33 - 2014-10-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-12 13:32 - 2014-10-16 20:30 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-10-12 13:19 - 2014-10-12 13:19 - 00001128 _____ () C:\Users\HP\Desktop\Continue Live Installation.lnk
2014-10-12 13:16 - 2014-10-12 14:03 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-10-12 13:16 - 2014-10-12 14:03 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-10-12 13:16 - 2014-10-12 13:42 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-10-12 13:16 - 2014-10-12 13:16 - 00000000 ____D () C:\Users\HP\AppData\Roaming\AnyProtectEx
2014-10-12 13:15 - 2014-10-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\ap_movie
2014-10-12 13:14 - 2014-10-12 13:14 - 00612126 _____ (CMI Limited) C:\Users\HP\AppData\Local\nsb44F.tmp
2014-10-12 13:13 - 2014-10-12 16:01 - 00000000 ____D () C:\Users\HP\AppData\Local\ConvertAd
2014-10-12 13:13 - 2014-10-12 13:51 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-12 13:12 - 2014-10-12 14:03 - 00000000 ____D () C:\Users\HP\AppData\Local\mbot_de_145
2014-10-12 13:12 - 2014-10-12 14:03 - 00000000 ____D () C:\Program Files\mbot_de_145
2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\Users\HP\AppData\Roaming\sweet-page
2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-12 13:12 - 2014-08-29 17:02 - 00018248 _____ () C:\Windows\system32\roboot.exe
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Xunlei
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-10-12 13:07 - 2014-10-12 13:10 - 163265680 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\EmsisoftAntiMalwareSetup.exe
2014-10-12 13:04 - 2014-10-16 20:27 - 00002440 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user.job
2014-10-12 13:04 - 2014-10-16 20:27 - 00002440 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00005178 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00004488 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00003464 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00003126 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00002104 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00001684 _____ () C:\Windows\Tasks\QMXKNTZD.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00001454 _____ () C:\Windows\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00001328 _____ () C:\Windows\Tasks\IO.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00000962 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00000644 _____ () C:\Windows\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.job
2014-10-12 13:03 - 2014-10-16 19:21 - 00000000 ____D () C:\Program Files\Cinema-Plus-1.8cV12.10
2014-10-12 13:03 - 2014-10-16 19:08 - 00000966 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-12 13:03 - 2014-10-12 13:03 - 00000000 ____D () C:\Users\HP\AppData\Local\globalUpdate
2014-10-12 13:03 - 2014-10-12 13:03 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-12 13:02 - 2014-10-16 18:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-12 13:02 - 2014-10-16 18:46 - 00000000 ____D () C:\Program Files\Opera
2014-10-12 13:02 - 2014-10-12 13:02 - 00001111 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Opera Software
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Opera Software
2014-10-12 13:01 - 2014-10-16 20:27 - 00000404 _____ () C:\Windows\Tasks\SpeedChecker Update.job
2014-10-12 13:01 - 2014-10-12 14:03 - 00000000 ____D () C:\Program Files\ver7SpeedChecker
2014-10-12 13:01 - 2014-10-12 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-12 13:01 - 2014-10-12 13:00 - 00050312 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2014-10-12 13:00 - 2014-10-16 20:14 - 00000000 ____D () C:\Program Files\ORBTR
2014-10-12 13:00 - 2014-10-12 18:49 - 00000000 ____D () C:\Users\HP\AppData\Roaming\LookThisUp
2014-10-12 13:00 - 2014-10-12 13:01 - 00000000 ____D () C:\Users\HP\AppData\Roaming\VOPackage
2014-10-12 13:00 - 2014-10-12 13:00 - 00873960 _____ (Opera Software) C:\Users\HP\Desktop\opera-23.0.1522.77-multi.exe
2014-10-12 13:00 - 2014-10-12 13:00 - 00001040 _____ () C:\Users\HP\Desktop\FLVM Player.lnk
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\InetStat
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Program Files\FLVM Player
2014-10-12 12:56 - 2014-09-22 08:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 20:38 - 2014-04-10 06:45 - 01418876 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 20:37 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru
2014-10-16 20:34 - 2013-12-14 06:09 - 00810620 _____ () C:\Windows\system32\perfh013.dat
2014-10-16 20:34 - 2013-12-14 06:09 - 00172722 _____ () C:\Windows\system32\perfc013.dat
2014-10-16 20:34 - 2013-12-14 06:03 - 00806368 _____ () C:\Windows\system32\perfh010.dat
2014-10-16 20:34 - 2013-12-14 06:03 - 00166812 _____ () C:\Windows\system32\perfc010.dat
2014-10-16 20:34 - 2013-12-13 22:46 - 00005552 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 20:27 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 20:26 - 2014-09-03 22:59 - 00000000 ____D () C:\Users\HP
2014-10-16 20:26 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-16 18:22 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 18:20 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-12 19:09 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-12 18:42 - 2013-08-22 09:22 - 00333576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\FileManager
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Camera
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-12 18:28 - 2013-12-13 22:30 - 00017120 _____ () C:\Windows\PFRO.log
2014-10-12 17:35 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-12 17:32 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-12 13:52 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\restore
2014-10-12 13:12 - 2014-09-03 22:59 - 00001634 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-12 13:01 - 2013-08-22 09:23 - 00013554 _____ () C:\Windows\setupact.log
2014-10-12 12:57 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-12 12:42 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\LogFiles
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\dlLogic.exe
C:\Users\HP\AppData\Local\Temp\hAUK6.exe
C:\Users\HP\AppData\Local\Temp\spstub.exe
C:\Users\HP\AppData\Local\Temp\yYKY0.dll
C:\Users\HP\AppData\Local\Temp\yYKY0.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 18:19
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2014
Ran by HP at 2014-10-16 20:39:32
Running from C:\Users\HP\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
Cinema-Plus-1.8cV12.10 (HKLM\...\Cinema-Plus-1.8cV12.10) (Version: 1.35.9.29 - Cinema PlusV12.10) <==== ATTENTION
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
FLV Player (remove only) (HKLM\...\FLVM Player) (Version: - )
InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
LookThisUp (HKLM\...\LookThisUp) (Version: 1.0.2 - LookThisUp) <==== ATTENTION
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
MyBestOffersToday 014.145 (HKLM\...\mbot_de_145_is1) (Version: - MYBESTOFFERSTODAY) <==== ATTENTION
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
SpeedChecker (HKLM\...\6AD17EF9-640F-1903-11A0-44AC17BAE75D) (Version: - SpeedChecker-software)
sweet-page uninstall (HKLM\...\sweet-page uninstall) (Version: - sweet-page) <==== ATTENTION
Term Tutor (HKLM\...\TermTutor) (Version: 1.9.0.8 - Term Tutor) <==== ATTENTION
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS)
WindowsMangerProtect20.0.0.1013 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
16-10-2014 18:26:12 Online Armor Installation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01F6C3F9-2D4E-4526-A979-99B3FB5866FA} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {0FA9C72D-D3DC-41EA-AD12-0264A29FFF50} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2014-10-16] ()
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2A64602B-1AB0-4966-A010-7EC9473A882C} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {39BA0FD9-2114-4ED8-921F-A9057E98625F} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12] (globalUpdate) <==== ATTENTION
Task: {3FECD40E-4E31-483F-932C-D023C75AE79D} - System32\Tasks\SpeedChecker Update => C:\Program Files\ver7SpeedChecker\R3SpeedCheckerK00.exe
Task: {40D51E4E-BC10-4EEC-9D41-E6C3791B1CE8} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {504A0D58-B71A-4F9A-826E-CABA60988E0C} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {515A8D55-B2DA-4DAC-A197-0B02F6DAE700} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2014-10-16] ()
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {61A1EED5-DBB1-4606-8B71-4229B497EC59} - System32\Tasks\QMXKNTZD => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410} - System32\Tasks\IO => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {7DD4B446-71BA-473E-9D44-5D9CCD6DF0F4} - System32\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef => C:\Program Files\Cinema-Plus-1.8cV12.10\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.exe [2014-10-12] () <==== ATTENTION
Task: {81F9A0F3-DD82-46EB-8283-D37283B19EB5} - System32\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb => C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8F7FB3A6-5ECC-485E-B309-B4E99ABE21DD} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {958671CB-F534-4A06-A0AC-9565F9886742} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12] (globalUpdate) <==== ATTENTION
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A02FE6A8-4963-4C7D-8D21-DC48FE3E517C} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {A1C0096D-7EF7-4283-9C87-611781AF8F49} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C2961EE8-2DC4-4C84-B990-0D3D66B1293C} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1 => C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-codedownloader.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {C37FC171-6AF7-4A02-9319-1AFF42F85373} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {C4D658BC-D800-4DC5-86D9-71A9BE88EB07} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe <==== ATTENTION
Task: {C75D7376-34AE-446F-B87B-38A67BA4C903} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe <==== ATTENTION
Task: {C9B5E220-D559-42F8-8DD9-485DBCCEEC7D} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe <==== ATTENTION
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D50C998C-6979-4EAC-8606-D27001B758F6} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {DE636FF2-FD26-4241-9343-322918A02564} - System32\Tasks\Opera scheduled Autoupdate 1413111732 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E4116737-A8D3-478F-A8F6-5E3BE3DEB570} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E54ECCE2-55E3-4510-98CE-747AE04FEC2A} - System32\Tasks\ASP => C:\Program Files\RCP\systweakasp.exe
Task: {F77DFB67-F295-4A1F-AAED-A3B51A1C301F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.job => C:\Program Files\Cinema-Plus-1.8cV12.10\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1.job => C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.job => C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\IO.job => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: C:\Windows\Tasks\QMXKNTZD.job => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedChecker Update.job => C:\Program Files\ver7SpeedChecker\R3SpeedCheckerK00.exe
==================== Loaded Modules (whitelisted) =============
2014-10-12 13:32 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2014-10-12 13:00 - 2014-10-12 13:00 - 00700430 _____ () C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe
2014-10-16 18:46 - 2014-10-15 11:33 - 00156792 _____ () C:\Program Files\Opera\25.0.1614.50\message_center_win8.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 00499832 _____ () C:\Program Files\Opera\25.0.1614.50\opera_crashreporter.exe
2014-10-16 18:46 - 2014-10-15 11:33 - 01310328 _____ () C:\Program Files\Opera\25.0.1614.50\libglesv2.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 00219256 _____ () C:\Program Files\Opera\25.0.1614.50\libegl.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 09218680 _____ () C:\Program Files\Opera\25.0.1614.50\pdf.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 00991864 _____ () C:\Program Files\Opera\25.0.1614.50\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2565251152-1528942193-4253351456-500 - Administrator - Disabled)
Gast (S-1-5-21-2565251152-1528942193-4253351456-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2565251152-1528942193-4253351456-1003 - Limited - Enabled)
HP (S-1-5-21-2565251152-1528942193-4253351456-1001 - Administrator - Enabled) => C:\Users\HP
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/16/2014 08:33:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.16384, Zeitstempel: 0x52157231
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.16408, Zeitstempel: 0x523d45f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056436
ID des fehlerhaften Prozesses: 0x1270
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Vollständiger Name des fehlerhaften Pakets: iexplore.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: iexplore.exe5
Error: (10/16/2014 08:27:37 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (10/16/2014 08:26:50 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/16/2014 08:14:23 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x86104030, 0x81e29b44, 0x853c2130)C:\Windows\MEMORY.DMP101614-12000-01
Error: (10/16/2014 08:14:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.10.2014 um 19:48:17 unerwartet heruntergefahren.
Error: (10/16/2014 06:23:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (10/16/2014 06:20:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: microsoft.windowscommunicationsapps
Error: (10/16/2014 06:20:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.BingHealthAndFitness
Error: (10/16/2014 06:20:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.WindowsReadingList
Error: (10/16/2014 06:20:16 PM) (Source: DCOM) (EventID: 10010) (User: xxxxx)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (10/16/2014 06:20:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.BingFoodAndDrink
Error: (10/16/2014 06:20:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.Office.OneNote
Microsoft Office Sessions:
=========================
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/16/2014 08:33:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1638452157231ntdll.dll6.3.9600.16408523d45f1c000000500056436127001cfe96f980441cbC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle8db3f08-5562-11e4-972f-d850e69a5100
Error: (10/16/2014 08:27:37 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
CodeIntegrity Errors:
===================================
Date: 2014-10-16 18:22:30.322
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-16 18:22:29.901
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-16 18:22:28.729
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-16 18:22:28.057
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-16 18:22:27.244
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-16 18:22:26.650
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-16 18:22:25.900
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-16 18:22:25.275
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-16 18:22:24.322
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-16 18:22:22.494
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 73%
Total physical RAM: 1933.15 MB
Available physical RAM: 506.26 MB
Total Pagefile: 3917.15 MB
Available Pagefile: 1624.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1858.75 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:28.22 GB) (Free:10 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 67B602CA)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
19.10.2014, 10:57
| #2 |
| /// TB-Ausbilder   |  Opera leitet zu anderen Seiten .... Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
19.10.2014, 13:06
| #3 |
| | Opera leitet zu anderen Seiten .... Hallo Matthias,
__________________anbei die gewünschten files. Durch den adware cleaner gab es 2 files. Ich hoffe mal, dass ich alles richtig gemacht hab. Danke und Grüße Sabine99 1. adwarecleaner (SO) Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 19/10/2014 um 12:22:26
# DB v2014-10-17.9
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 8.1 (32 bits)
# Benutzername : HP - xxxxx
# Gestartet von : C:\Users\HP\Desktop\AdwCleaner_4.000.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : servervo
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\HP\AppData\Local\ConvertAd
Ordner Gelöscht : C:\Program Files\FLVM Player
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Users\HP\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\LookThisUp
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Program Files\mbot_de_145
Ordner Gelöscht : C:\Users\HP\AppData\Local\mbot_de_145
Ordner Gelöscht : C:\Program Files\Cinema-Plus-1.8cV12.10
Ordner Gelöscht : C:\Program Files\ver7SpeedChecker
Datei Gelöscht : C:\Users\HP\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Windows\system32\roboot.exe
***** [ Tasks ] *****
Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : ASP
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : SpeedChecker Update
Task Gelöscht : 5cd5570c-479e-4bff-8d71-1fe1ae5a96ef
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user
Task Gelöscht : 9723fcf9-7d34-4557-bf9d-5aaee05d2afb
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{BD671362-7905-03FA-24A6-403C5083D562}]
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611321185}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622322285}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655325585}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666326685}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644324485}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611321185}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611321185}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611321185}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\LookThisUp
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Cinema-Plus-1.8cV12.10
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Cinema-Plus-1.8cV12.10
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLVM Player
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LookThisUp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_145_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cinema-Plus-1.8cV12.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6AD17EF9-640F-1903-11A0-44AC17BAE75D
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
*************************
AdwCleaner[R0].txt - [12399 octets] - [19/10/2014 12:15:33]
AdwCleaner[S0].txt - [11856 octets] - [19/10/2014 12:22:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11917 octets] ##########
Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 19/10/2014 um 12:15:33
# Aktualisiert 12/10/2014 von Xplode
# Datenbank : 2014-10-17.9
# Betriebssystem : Windows 8.1 (32 bits)
# Benutzername : HP - xxxxx
# Gestartet von : C:\Users\HP\Desktop\AdwCleaner_4.000.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : globalUpdate
Dienst Gefunden : globalUpdatem
Dienst Gefunden : servervo
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\HP\Desktop\Continue Live Installation.lnk
Datei Gefunden : C:\Windows\system32\roboot.exe
Ordner Gefunden : C:\Program Files\Cinema-Plus-1.8cV12.10
Ordner Gefunden : C:\Program Files\FLVM Player
Ordner Gefunden : C:\Program Files\globalUpdate
Ordner Gefunden : C:\Program Files\mbot_de_145
Ordner Gefunden : C:\Program Files\ver7SpeedChecker
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Ordner Gefunden : C:\ProgramData\WindowsMangerProtect
Ordner Gefunden : C:\Users\HP\AppData\Local\ConvertAd
Ordner Gefunden : C:\Users\HP\AppData\Local\globalUpdate
Ordner Gefunden : C:\Users\HP\AppData\Local\mbot_de_145
Ordner Gefunden : C:\Users\HP\AppData\Roaming\AnyProtectEx
Ordner Gefunden : C:\Users\HP\AppData\Roaming\ap_logs
Ordner Gefunden : C:\Users\HP\AppData\Roaming\InetStat
Ordner Gefunden : C:\Users\HP\AppData\Roaming\LookThisUp
Ordner Gefunden : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Ordner Gefunden : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gefunden : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gefunden : C:\Users\HP\AppData\Roaming\sweet-page
Ordner Gefunden : C:\Users\HP\AppData\Roaming\VOPackage
***** [ Tasks ] *****
Task Gefunden : APSnotifierPP1
Task Gefunden : APSnotifierPP2
Task Gefunden : APSnotifierPP3
Task Gefunden : ASP
Task Gefunden : globalUpdateUpdateTaskMachineCore
Task Gefunden : globalUpdateUpdateTaskMachineUA
Task Gefunden : SpeedChecker Update
Task Gefunden : 5cd5570c-479e-4bff-8d71-1fe1ae5a96ef
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user
Task Gefunden : 9723fcf9-7d34-4557-bf9d-5aaee05d2afb
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Cinema-Plus-1.8cV12.10
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\GlobalUpdate
Schlüssel Gefunden : HKCU\Software\InetStat
Schlüssel Gefunden : HKCU\Software\LookThisUp
Schlüssel Gefunden : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611321185}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611321185}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Schlüssel Gefunden : HKCU\Software\Tutorials
Schlüssel Gefunden : HKLM\SOFTWARE\Cinema-Plus-1.8cV12.10
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611321185}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622322285}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655325585}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666326685}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644324485}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644324485}
Schlüssel Gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611321185}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6AD17EF9-640F-1903-11A0-44AC17BAE75D
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cinema-Plus-1.8cV12.10
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLVM Player
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LookThisUp
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_145_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gefunden : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\Tutorials
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{BD671362-7905-03FA-24A6-403C5083D562}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=F5EB1EE6-65C8-4354-9BC2-A6EC74BD2B0E&SearchSource=55&CUI=&UM=6&UP=SP69664532-4D64-4A2F-B262-AAA7B97E7988&SSPV=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms}
*************************
AdwCleaner[R0].txt - [12257 octets] - [19/10/2014 12:15:33]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12318 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 19.10.2014 Scan Time: 12:47:16 Logfile: mbam.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.19.04 Rootkit Database: v2014.10.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x86 File System: NTFS User: HP Scan Type: Threat Scan Result: Completed Objects Scanned: 273475 Time Elapsed: 7 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 1 PUP.Optional.Conduit.A, C:\Program Files\ORBTR\orbiter.dll, Delete-on-Reboot, [cdc31bfb225aba7c49205a5d4fb29d63], Registry Keys: 5 PUP.Optional.TermTutor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6CB99040-7828-4C37-AC01-F15758F43E4D}, Quarantined, [cec263b307750c2ae4d87d21fe0424dc], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TermTutor, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [4749d145c9b35adcae37008c4aba0000], PUP.Optional.CinemaPlus, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema-Plus-1.8cV12.10, Quarantined, [345c24f2a7d57bbb6a3c1312f112d729], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 6 PUP.Optional.TermTutor.A, C:\Program Files\TermTutor, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\3rd Party Licenses, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\IE, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\Service, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.Orbtr, C:\Program Files\ORBTR, Delete-on-Reboot, [4d432aec017bae88cea8533a72927090], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], Files: 27 PUP.Optional.Conduit.A, C:\Program Files\ORBTR\orbiter.dll, Delete-on-Reboot, [cdc31bfb225aba7c49205a5d4fb29d63], PUP.Optional.Conduit.A, C:\Users\HP\AppData\Local\Temp\dlLogic.exe, Quarantined, [fc944dc9740839fd3fa0f0527090ad53], PUP.Optional.SearchProtect.A, C:\Users\HP\AppData\Local\Temp\spstub.exe, Quarantined, [d7b9f125c8b4b38345fdf79f3ac733cd], PUP.Optional.AdLyrics, C:\Users\HP\AppData\Local\Temp\n8696\3333-8000_SpeedChecker.exe, Quarantined, [5e32be586f0ded4933e88e3fe31efa06], PUP.Optional.AppInstaller, C:\Users\HP\AppData\Local\Temp\n8696\FLVMPlayerSetup-c45490cb.exe, Quarantined, [563a76a049336fc73366f79e6b96f10f], PUP.Optional.CrossRider.A, C:\Users\HP\AppData\Local\Temp\n8696\HQVideo-DEInstaller.exe, Quarantined, [216fcb4bbbc1c2746f5021a9f70a6f91], Trojan.MSIL.Bladabindi, C:\Users\HP\AppData\Local\Temp\n8696\Installer.exe, Quarantined, [5f31eb2b235989ad457e0aba966bfd03], PUP.Optional.SearchProtect.A, C:\Users\HP\AppData\Local\Temp\n8696\searchprotect_2805-feafc00c.exe, Quarantined, [7a160d09d0acfe384ff33660d62b05fb], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\terms-of-service.rtf, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\Uninstall.exe, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\3rd Party Licenses\buildcrx-license.txt, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\3rd Party Licenses\nsJSON-license.txt, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\3rd Party Licenses\UAC-license.txt, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], PUP.Optional.FLVMPlayer, C:\Users\HP\Desktop\FLVM Player.lnk, Quarantined, [236d61b581fb989e74127715a361f30d], PUP.Optional.Orbtr, C:\Program Files\ORBTR\Orbt.ext, Quarantined, [4d432aec017bae88cea8533a72927090], PUP.Optional.Orbtr, C:\Program Files\ORBTR\uninstall.exe, Quarantined, [4d432aec017bae88cea8533a72927090], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\GoogleCrashHandler.exe, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\GoogleUpdate.exe, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\GoogleUpdateBroker.exe, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\GoogleUpdateHelper.msi, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\GoogleUpdateOnDemand.exe, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\goopdate.dll, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\goopdateres_en.dll, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\npGoogleUpdate4.dll, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\psmachine.dll, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\psuser.dll, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8.1 x86
Ran by HP on 19.10.2014 at 13:10:08,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-1001
Successfully deleted: [File] C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.10.2014 at 13:18:43,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-10-2014 01 Ran by HP (administrator) on xxxxx on 19-10-2014 13:22:04 Running from C:\Users\HP\Desktop Loaded Profile: HP (Available profiles: HP) Platform: Microsoft Windows 8.1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x86__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe (Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.) HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] () HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation) HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor) HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:50415;https=127.0.0.1:50415 ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH) R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.) R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.) R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed] R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-10] (Broadcom Corporation.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation) R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH) S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation) S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation) S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation) S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-12-14] (Microsoft Corporation) S2 Orbiter; C:/Program Files/ORBTR/orbiter.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS) R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation) R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.) R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation) R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-10] (Broadcom Corp) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation) R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation) S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-10] (Broadcom Corporation.) R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-10] (Broadcom Corporation.) R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.) R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation) R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation) R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation) R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation) R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS) R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation) R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation) S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation) S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation) R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation) R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation) R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation) S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation) R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] () S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] () R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft) R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft) R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation) R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation) R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [50312 2014-10-12] (Corsica) R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) U0 msahci; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-19 13:20 - 2014-10-19 13:20 - 00000000 ____D () C:\Users\HP\Desktop\FRST-OlderVersion 2014-10-19 13:18 - 2014-10-19 13:18 - 00000882 _____ () C:\Users\HP\Desktop\JRT.txt 2014-10-19 13:10 - 2014-10-19 13:10 - 00000000 ____D () C:\Windows\ERUNT 2014-10-19 13:08 - 2014-10-19 13:08 - 01705698 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-10-19 12:56 - 2014-10-19 12:56 - 00006209 _____ () C:\Users\HP\Desktop\mbam.txt 2014-10-19 12:43 - 2014-10-19 12:59 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-19 12:43 - 2014-10-19 12:43 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-10-19 12:43 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-19 12:43 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-19 12:43 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-19 12:39 - 2014-10-19 12:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-2.0.3.1025.exe 2014-10-19 12:33 - 2014-10-19 12:33 - 284417501 _____ () C:\Windows\MEMORY.DMP 2014-10-19 12:33 - 2014-10-19 12:33 - 00619216 _____ () C:\Windows\Minidump\101914-17328-01.dmp 2014-10-19 12:22 - 2014-10-19 12:35 - 00011990 _____ () C:\Users\HP\Desktop\AdwCleaner[S0].txt 2014-10-19 12:15 - 2014-10-19 12:36 - 00012391 _____ () C:\Users\HP\Desktop\AdwCleaner[R0].txt 2014-10-19 12:14 - 2014-10-19 12:35 - 00000000 ____D () C:\AdwCleaner 2014-10-19 12:10 - 2014-10-19 12:10 - 01976320 _____ () C:\Users\HP\Desktop\AdwCleaner_4.000.exe 2014-10-19 10:29 - 2014-10-19 11:12 - 00013818 _____ () C:\Users\HP\Desktop\a2scan_141016-183741.txt 2014-10-19 10:29 - 2014-10-19 10:29 - 00012534 _____ () C:\Users\HP\Desktop\quarantäne emsisoft.txt 2014-10-16 20:49 - 2014-10-16 20:49 - 00380416 _____ () C:\Users\HP\Downloads\Gmer-19357.exe 2014-10-16 20:39 - 2014-10-19 11:18 - 00030436 _____ () C:\Users\HP\Desktop\Addition.txt 2014-10-16 20:38 - 2014-10-19 13:22 - 00013952 _____ () C:\Users\HP\Desktop\FRST.txt 2014-10-16 20:38 - 2014-10-19 13:22 - 00000000 ____D () C:\FRST 2014-10-16 20:37 - 2014-10-19 13:20 - 01103360 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe 2014-10-16 20:34 - 2014-10-16 20:34 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log 2014-10-16 20:33 - 2014-10-16 20:33 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe 2014-10-16 20:23 - 2014-10-16 20:23 - 00025600 ___SH () C:\Users\HP\Downloads\Thumbs.db 2014-10-16 20:22 - 2014-10-16 20:22 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-10-16 20:14 - 2014-10-16 20:14 - 00512504 _____ () C:\Windows\Minidump\101614-12000-01.dmp 2014-10-12 15:32 - 2014-10-19 11:55 - 00001120 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk 2014-10-12 15:22 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-10-12 15:22 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-10-12 15:04 - 2014-10-12 15:04 - 00523208 _____ () C:\Windows\Minidump\101214-22593-01.dmp 2014-10-12 14:32 - 2014-10-12 14:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-12 14:31 - 2014-08-29 13:01 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-12 14:29 - 2013-11-09 07:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe 2014-10-12 14:29 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll 2014-10-12 14:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-10-12 14:07 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-10-12 14:07 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-10-12 14:06 - 2014-10-12 14:19 - 00000000 ____D () C:\ProgramData\OnlineArmor 2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OnlineArmor 2014-10-12 14:03 - 2014-10-19 12:33 - 00000000 ____D () C:\Windows\Minidump 2014-10-12 14:03 - 2014-10-12 14:03 - 00606936 _____ () C:\Windows\Minidump\101214-26781-01.dmp 2014-10-12 14:03 - 2014-10-12 14:03 - 00003358 _____ () C:\EamClean.log 2014-10-12 13:58 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\EurekaLab s.a.s 2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor 2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\Program Files\Online Armor 2014-10-12 13:52 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys 2014-10-12 13:48 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-10-12 13:46 - 2014-10-12 13:48 - 10696960 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\OnlineArmorSetup.exe 2014-10-12 13:33 - 2014-10-12 13:33 - 00001067 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-10-12 13:33 - 2014-10-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-10-12 13:32 - 2014-10-19 13:06 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-10-12 13:15 - 2014-10-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\ap_movie 2014-10-12 13:14 - 2014-10-12 13:14 - 00612126 _____ (CMI Limited) C:\Users\HP\AppData\Local\nsb44F.tmp 2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Xunlei 2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Thunder Network 2014-10-12 13:07 - 2014-10-12 13:10 - 163265680 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\EmsisoftAntiMalwareSetup.exe 2014-10-12 13:03 - 2014-10-19 13:03 - 00001684 _____ () C:\Windows\Tasks\QMXKNTZD.job 2014-10-12 13:03 - 2014-10-19 13:03 - 00001328 _____ () C:\Windows\Tasks\IO.job 2014-10-12 13:02 - 2014-10-16 18:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-10-12 13:02 - 2014-10-16 18:46 - 00000000 ____D () C:\Program Files\Opera 2014-10-12 13:02 - 2014-10-12 13:02 - 00001111 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Opera Software 2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Opera Software 2014-10-12 13:01 - 2014-10-12 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf 2014-10-12 13:01 - 2014-10-12 13:00 - 00050312 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys 2014-10-12 13:00 - 2014-10-12 13:00 - 00873960 _____ (Opera Software) C:\Users\HP\Desktop\opera-23.0.1522.77-multi.exe 2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia 2014-10-12 12:56 - 2014-09-22 08:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-19 13:19 - 2014-04-10 06:45 - 01151861 _____ () C:\Windows\WindowsUpdate.log 2014-10-19 13:09 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru 2014-10-19 13:05 - 2013-12-14 06:03 - 00823858 _____ () C:\Windows\system32\perfh010.dat 2014-10-19 13:05 - 2013-12-14 06:03 - 00181632 _____ () C:\Windows\system32\perfc010.dat 2014-10-19 13:05 - 2013-12-13 22:46 - 00005468 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-19 12:58 - 2013-12-13 22:30 - 00025568 _____ () C:\Windows\PFRO.log 2014-10-19 12:58 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-19 12:58 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-19 12:22 - 2014-09-03 22:59 - 00001160 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-19 12:01 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-19 12:00 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-19 11:55 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-19 11:50 - 2013-08-22 15:08 - 00000000 ____D () C:\Program Files\Windows Journal 2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\winrm 2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\slmgr 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nl-NL 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\IME 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\System 2014-10-19 11:49 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\WCN 2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ___SD () C:\Windows\system32\dsc 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\MUI 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\Com 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Help 2014-10-19 11:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fr-FR 2014-10-19 11:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\en-GB 2014-10-16 20:26 - 2014-09-03 22:59 - 00000000 ____D () C:\Users\HP 2014-10-12 19:09 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-12 18:42 - 2013-08-22 09:22 - 00333576 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\it-IT 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\FileManager 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Camera 2014-10-12 18:40 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-10-12 13:52 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\restore 2014-10-12 13:01 - 2013-08-22 09:23 - 00013554 _____ () C:\Windows\setupact.log 2014-10-12 12:57 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-12 12:42 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\LogFiles Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\hAUK6.exe C:\Users\HP\AppData\Local\Temp\Quarantine.exe C:\Users\HP\AppData\Local\Temp\sqlite3.dll C:\Users\HP\AppData\Local\Temp\yYKY0.dll C:\Users\HP\AppData\Local\Temp\yYKY0.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 18:19 ==================== End Of Log ============================ 6. addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-10-2014 01
Ran by HP at 2014-10-19 13:22:51
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
19-10-2014 09:28:12 Sprachpaketdeinstallation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {0FA9C72D-D3DC-41EA-AD12-0264A29FFF50} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2014-10-19] ()
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {471E9656-4A9E-4F2D-B55E-50875C166E14} - \Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500 No Task File <==== ATTENTION
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {515A8D55-B2DA-4DAC-A197-0B02F6DAE700} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2014-10-19] ()
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {61A1EED5-DBB1-4606-8B71-4229B497EC59} - System32\Tasks\QMXKNTZD => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410} - System32\Tasks\IO => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8F7FB3A6-5ECC-485E-B309-B4E99ABE21DD} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A02FE6A8-4963-4C7D-8D21-DC48FE3E517C} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {A1C0096D-7EF7-4283-9C87-611781AF8F49} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C37FC171-6AF7-4A02-9319-1AFF42F85373} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {DE636FF2-FD26-4241-9343-322918A02564} - System32\Tasks\Opera scheduled Autoupdate 1413111732 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {F77DFB67-F295-4A1F-AAED-A3B51A1C301F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\IO.job => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: C:\Windows\Tasks\QMXKNTZD.job => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-10-12 13:32 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2565251152-1528942193-4253351456-500 - Administrator - Disabled)
Gast (S-1-5-21-2565251152-1528942193-4253351456-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2565251152-1528942193-4253351456-1003 - Limited - Enabled)
HP (S-1-5-21-2565251152-1528942193-4253351456-1001 - Administrator - Enabled) => C:\Users\HP
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-19 12:01:34.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:33.470
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:32.673
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:31.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:30.798
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:29.142
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:28.517
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:27.329
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:25.829
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 10:34:51.843
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\HP\AppData\Local\Temp\uxtiiuow.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 48%
Total physical RAM: 1933.15 MB
Available physical RAM: 1004.03 MB
Total Pagefile: 3917.15 MB
Available Pagefile: 2423.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:28.22 GB) (Free:9.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 67B602CA)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
20.10.2014, 16:24
| #4 |
| /// TB-Ausbilder | Opera leitet zu anderen Seiten .... Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
ProxyServer: http=127.0.0.1:50415;https=127.0.0.1:50415
S2 Orbiter; C:\Program Files\ORBTR\orbiter.dll [X]
C:\Program Files\ORBTR
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Task: {61A1EED5-DBB1-4606-8B71-4229B497EC59} - System32\Tasks\QMXKNTZD => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
C:\Users\HP\AppData\Roaming\QMXKNTZD.exe
Task: {7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410} - System32\Tasks\IO => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
C:\Users\HP\AppData\Roaming\IO.exe
Task: C:\Windows\Tasks\IO.job => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: C:\Windows\Tasks\QMXKNTZD.job => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4
Schritt 5 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Bitte poste mit deiner nächsten Antwort
|
|
20.10.2014, 21:24
| #5 |
| | Opera leitet zu anderen Seiten .... Hallo Matthias, ich kämpf immer noch mit den vielen Weiterleitungen  Anbei die files: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-10-2014
Ran by HP at 2014-10-20 18:06:58 Run:1
Running from C:\Users\HP\Desktop
Loaded Profiles: HP & (Available profiles: HP)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
ProxyServer: http=127.0.0.1:50415;https=127.0.0.1:50415
S2 Orbiter; C:\Program Files\ORBTR\orbiter.dll [X]
C:\Program Files\ORBTR
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
TASK: {61A1EED5-DBB1-4606-8B71-4229B497EC59} - System32\Tasks\QMXKNTZD => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
C:\Users\HP\AppData\Roaming\QMXKNTZD.exe
Task: {7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410} - System32\Tasks\IO => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
C:\Users\HP\AppData\Roaming\IO.exe
Task: C:\WINDOWS\Tasks\IO.job => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: C:\Windows\Tasks\QMXKNTZD.job => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
EmptyTemp:
end
*****************
Processes closed successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Orbiter => Service deleted successfully.
"C:\Program Files\ORBTR" => File/Directory not found.
Could not move "C:\ProgramData\SetStretch.exe" => Scheduled to move on reboot.
C:\ProgramData\SetStretch.VBS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61A1EED5-DBB1-4606-8B71-4229B497EC59}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61A1EED5-DBB1-4606-8B71-4229B497EC59}" => Key deleted successfully.
C:\Windows\System32\Tasks\QMXKNTZD => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QMXKNTZD" => Key deleted successfully.
"C:\Users\HP\AppData\Roaming\QMXKNTZD.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410}" => Key deleted successfully.
C:\Windows\System32\Tasks\IO => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IO" => Key deleted successfully.
"C:\Users\HP\AppData\Roaming\IO.exe" => File/Directory not found.
C:\WINDOWS\Tasks\IO.job => Moved successfully.
C:\Windows\Tasks\QMXKNTZD.job => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-20 21:58:48)<=
==> ATTENTION: System is not rebooted.
C:\ProgramData\SetStretch.exe => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dfb65e86cae59a4a8b634c040fcf1d16
# engine=0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-20 06:10:35
# local_time=2014-10-20 08:10:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 116424 36688124 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16642 16777213 100 100 1058 215070923 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=146
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dfb65e86cae59a4a8b634c040fcf1d16
# engine=20691
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-20 07:49:40
# local_time=2014-10-20 09:49:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 122369 36694069 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16642 16777213 100 100 2888 215076868 0 0
# scanned=134863
# found=24
# cleaned=0
# scan_time=1222
sh=4F1A1ECBC53648728576DC417328B2DD70532367 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\1293297481.mxaddon.vir"
sh=94335D1F6DAE4F1079467E3F670065D0ABB5D804 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\333be69e-a6c3-4468-a279-7291e7774334.crx.vir"
sh=4C52435A58EC56FF29C58692695F8DCB6D937CD8 ft=1 fh=a191f6801aac364c vn="Variante von Win32/Toolbar.CrossRider.AS evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.exe.vir"
sh=B5B9B6F501335B3BB56E069AE691490175FDC956 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\6921e08e-904b-4ed4-8793-0e283d3a9d44.crx.vir"
sh=4ABF67CD43147938E2CB782F27BB7FBEBA6D0783 ft=1 fh=e0702aaac40e00fc vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.exe.vir"
sh=A9133A196876498C47DE27353F61EBEA5D3549E6 ft=1 fh=dfb59e34b3cfdbed vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe.vir"
sh=94335D1F6DAE4F1079467E3F670065D0ABB5D804 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84.crx.vir"
sh=38F9693D573505E128D3642E098EB3C06DD03B00 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84.xpi.vir"
sh=BF567125747F2C3F67D38CFD73E850E5FC5BE845 ft=1 fh=e6fe7378200f516b vn="Variante von Win32/Toolbar.CrossRider.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe.vir"
sh=34CFEC4D0FFB7AA47A265FF93D86AD10D6AF7689 ft=1 fh=2825abe6ff412946 vn="Variante von Win32/Toolbar.CrossRider.BA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-bg.exe.vir"
sh=F963BC2DB95E51DA2FCD26FB8D838102364D150E ft=1 fh=3f840e2328850e10 vn="Variante von Win32/Toolbar.CrossRider.BA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-bho.dll.vir"
sh=BF460C9E553C5DD6A75219FB9076B9BC1130DCBA ft=1 fh=ac25ca4d560230f8 vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-codedownloader.exe.vir"
sh=CC71EB165C6771F6000A81DFB9E64C3E999C7CF0 ft=1 fh=5d90b28d7395eb2f vn="Variante von Win32/Toolbar.CrossRider.AW evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\Uninstall.exe.vir"
sh=642716AFDDFCAA41EEDB11070CE3191070ED685B ft=1 fh=2fd62bfc8ca2e705 vn="Variante von MSIL/Solimba.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\FLVM Player\FLVPlayerUninstaller.exe.vir"
sh=058855D29306F761DD65CFAA9CBA72BD16075F6B ft=1 fh=a768ddc79422657f vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\mybestofferstoday_widget.exe.vir"
sh=0B0334DF2140E62BB85A916ED2CE0B908888FF54 ft=1 fh=9d9b65f8a0ee7c22 vn="Variante von Win32/AdWare.AddLyrics.CB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ver7SpeedChecker\Uninstall.exe.vir"
sh=2536A5DA4C84FC6E8DC5DCDCBE4BA556D5225B72 ft=1 fh=d3a50c9ac09748b8 vn="Variante von MSIL/Adware.iBryte.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\LookThisUp\LookThisUpUninstall.exe.vir"
sh=978144BC6609EF348B00A93C714AEDD2E64820CC ft=1 fh=cec9b8ec3f0c65e4 vn="Win32/VOPackage.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=241E819FDBC67F11A72A586809BE1FFFA0C242C4 ft=1 fh=c0767764c9d3b24e vn="Variante von Win32/VOPackage.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=173B714CE3CE8AF13DF5A3DF4F33C623DBF5BBA7 ft=1 fh=63cbddf249556df3 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=F011E00D3C814095CB8B23B6C1914DA9B1C082ED ft=1 fh=0eda2e9940caec9b vn="Win32/AnyProtect.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\HP\AppData\Local\nsb44F.tmp"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\HP\AppData\Roaming\IO"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\HP\AppData\Roaming\QMXKNTZD"
sh=3DD99CE62F9D4ABC4F521A672B346CEC13527230 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb\1.26.46_0\extensionData\plugins\91.js"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Emsisoft Anti-Malware Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Tall Emu Online Armor OAcat.exe Emsisoft Anti-Malware a2service.exe Malwarebytes Anti-Malware mbamscheduler.exe EMSISOFT Anti-Malware a2guard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014 01 Ran by HP (administrator) on xxxxx on 20-10-2014 22:00:25 Running from C:\Users\HP\Desktop Loaded Profile: HP (Available profiles: HP) Platform: Microsoft Windows 8.1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.) HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] () HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation) HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor) HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH) R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.) R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.) R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed] R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-10] (Broadcom Corporation.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation) R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH) S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation) S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation) S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation) S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-12-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS) R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation) R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.) R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation) R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-10] (Broadcom Corp) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation) R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation) S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-10] (Broadcom Corporation.) R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-10] (Broadcom Corporation.) R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.) R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation) R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation) R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation) R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation) R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS) R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation) R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation) S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation) S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation) R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation) R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation) R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation) S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation) R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] () S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] () R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft) R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft) R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation) R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation) R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [50312 2014-10-12] (Corsica) R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) U0 msahci; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 22:00 - 2014-10-20 22:00 - 00013790 _____ () C:\Users\HP\Desktop\FRST.txt 2014-10-20 21:58 - 2014-10-20 21:58 - 00000825 _____ () C:\Users\HP\Desktop\checkup.txt 2014-10-20 21:56 - 2014-10-20 21:56 - 00854417 _____ () C:\Users\HP\Desktop\SecurityCheck.exe 2014-10-20 19:51 - 2014-10-20 19:51 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_deu.exe 2014-10-20 19:34 - 2014-10-20 19:34 - 00000000 ____D () C:\9bcd29b28965a011ca96fd2a 2014-10-20 18:06 - 2014-10-20 21:59 - 00000000 ____D () C:\Users\HP\Desktop\FRST-OlderVersion 2014-10-19 13:25 - 2014-10-20 19:20 - 00000000 ____D () C:\Users\HP\Desktop\Neuer Ordner 2014-10-19 13:10 - 2014-10-19 13:10 - 00000000 ____D () C:\Windows\ERUNT 2014-10-19 13:08 - 2014-10-19 13:08 - 01705698 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-10-19 12:43 - 2014-10-20 21:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-19 12:43 - 2014-10-19 12:43 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-10-19 12:43 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-19 12:43 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-19 12:43 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-19 12:39 - 2014-10-19 12:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-2.0.3.1025.exe 2014-10-19 12:33 - 2014-10-19 12:33 - 284417501 _____ () C:\Windows\MEMORY.DMP 2014-10-19 12:33 - 2014-10-19 12:33 - 00619216 _____ () C:\Windows\Minidump\101914-17328-01.dmp 2014-10-19 12:14 - 2014-10-19 12:35 - 00000000 ____D () C:\AdwCleaner 2014-10-19 12:10 - 2014-10-19 12:10 - 01976320 _____ () C:\Users\HP\Desktop\AdwCleaner_4.000.exe 2014-10-16 20:49 - 2014-10-16 20:49 - 00380416 _____ () C:\Users\HP\Downloads\Gmer-19357.exe 2014-10-16 20:38 - 2014-10-20 22:00 - 00000000 ____D () C:\FRST 2014-10-16 20:37 - 2014-10-20 21:59 - 01102336 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe 2014-10-16 20:33 - 2014-10-16 20:33 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe 2014-10-16 20:23 - 2014-10-16 20:23 - 00025600 ___SH () C:\Users\HP\Downloads\Thumbs.db 2014-10-16 20:22 - 2014-10-16 20:22 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-10-16 20:14 - 2014-10-16 20:14 - 00512504 _____ () C:\Windows\Minidump\101614-12000-01.dmp 2014-10-12 15:32 - 2014-10-19 11:55 - 00001120 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk 2014-10-12 15:22 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-10-12 15:22 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-10-12 15:04 - 2014-10-12 15:04 - 00523208 _____ () C:\Windows\Minidump\101214-22593-01.dmp 2014-10-12 14:32 - 2014-10-20 19:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-12 14:31 - 2014-10-20 19:35 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-12 14:29 - 2013-11-09 07:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe 2014-10-12 14:29 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll 2014-10-12 14:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-10-12 14:07 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-10-12 14:07 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-10-12 14:06 - 2014-10-12 14:19 - 00000000 ____D () C:\ProgramData\OnlineArmor 2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OnlineArmor 2014-10-12 14:03 - 2014-10-19 12:33 - 00000000 ____D () C:\Windows\Minidump 2014-10-12 14:03 - 2014-10-12 14:03 - 00606936 _____ () C:\Windows\Minidump\101214-26781-01.dmp 2014-10-12 14:03 - 2014-10-12 14:03 - 00003358 _____ () C:\EamClean.log 2014-10-12 13:58 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\EurekaLab s.a.s 2014-10-12 13:52 - 2014-10-19 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor 2014-10-12 13:52 - 2014-10-19 13:34 - 00000000 ____D () C:\Program Files\Online Armor 2014-10-12 13:52 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys 2014-10-12 13:48 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-10-12 13:46 - 2014-10-12 13:48 - 10696960 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\OnlineArmorSetup.exe 2014-10-12 13:33 - 2014-10-12 13:33 - 00001067 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-10-12 13:33 - 2014-10-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-10-12 13:32 - 2014-10-20 22:00 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-10-12 13:15 - 2014-10-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\ap_movie 2014-10-12 13:14 - 2014-10-12 13:14 - 00612126 _____ (CMI Limited) C:\Users\HP\AppData\Local\nsb44F.tmp 2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Xunlei 2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Thunder Network 2014-10-12 13:07 - 2014-10-12 13:10 - 163265680 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\EmsisoftAntiMalwareSetup.exe 2014-10-12 13:02 - 2014-10-16 18:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-10-12 13:02 - 2014-10-16 18:46 - 00000000 ____D () C:\Program Files\Opera 2014-10-12 13:02 - 2014-10-12 13:02 - 00001111 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Opera Software 2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Opera Software 2014-10-12 13:01 - 2014-10-12 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf 2014-10-12 13:01 - 2014-10-12 13:00 - 00050312 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys 2014-10-12 13:00 - 2014-10-12 13:00 - 00873960 _____ (Opera Software) C:\Users\HP\Desktop\opera-23.0.1522.77-multi.exe 2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia 2014-10-12 12:56 - 2014-09-22 08:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 22:00 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru 2014-10-20 21:20 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-20 20:54 - 2013-12-14 06:03 - 00847178 _____ () C:\Windows\system32\perfh010.dat 2014-10-20 20:54 - 2013-12-14 06:03 - 00201392 _____ () C:\Windows\system32\perfc010.dat 2014-10-20 20:54 - 2013-12-13 22:46 - 00005468 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-20 20:49 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-20 20:48 - 2013-08-22 09:22 - 00333576 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-20 20:45 - 2013-12-14 06:03 - 00000000 ____D () C:\Windows\it-IT 2014-10-20 20:45 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\de-DE 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sk-SK 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\lv-LV 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ko-KR 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\it-IT 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\hr-HR 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\et-EE 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\en-GB 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\el-GR 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-20 20:44 - 2013-12-14 06:03 - 00000000 ____D () C:\Windows\system32\Drivers\it-IT 2014-10-20 20:44 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-TW 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-CN 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\uk-UA 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\th-TH 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sv-SE 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sl-SI 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ru-RU 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ro-RO 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pt-PT 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pt-BR 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nl-NL 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nb-NO 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\lt-LT 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ja-JP 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\hu-HU 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\he-IL 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fr-FR 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fi-FI 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\bg-BG 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\FileManager 2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Camera 2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform 2014-10-20 20:28 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-20 20:23 - 2014-04-10 06:45 - 01110797 _____ () C:\Windows\WindowsUpdate.log 2014-10-20 20:14 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-20 20:13 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-20 18:17 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-19 13:34 - 2013-12-13 22:30 - 00025926 _____ () C:\Windows\PFRO.log 2014-10-19 12:22 - 2014-09-03 22:59 - 00001160 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-19 11:50 - 2013-08-22 15:08 - 00000000 ____D () C:\Program Files\Windows Journal 2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\winrm 2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\slmgr 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\IME 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\System 2014-10-19 11:49 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\WCN 2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ___SD () C:\Windows\system32\dsc 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\MUI 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\Com 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Help 2014-10-16 20:26 - 2014-09-03 22:59 - 00000000 ____D () C:\Users\HP 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-10-12 18:40 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-10-12 13:52 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\restore 2014-10-12 13:01 - 2013-08-22 09:23 - 00013554 _____ () C:\Windows\setupact.log 2014-10-12 12:57 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-12 12:42 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\LogFiles Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\hAUK6.exe C:\Users\HP\AppData\Local\Temp\Quarantine.exe C:\Users\HP\AppData\Local\Temp\yYKY0.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 18:19 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014 01
Ran by HP at 2014-10-20 22:01:15
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
20-10-2014 17:32:44 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {0FA9C72D-D3DC-41EA-AD12-0264A29FFF50} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2014-10-20] ()
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {1D4E5977-E467-459B-82E3-6C399289990D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-20] (Microsoft Corporation)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {471E9656-4A9E-4F2D-B55E-50875C166E14} - \Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500 No Task File <==== ATTENTION
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {515A8D55-B2DA-4DAC-A197-0B02F6DAE700} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2014-10-20] ()
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8F7FB3A6-5ECC-485E-B309-B4E99ABE21DD} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A02FE6A8-4963-4C7D-8D21-DC48FE3E517C} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {A1C0096D-7EF7-4283-9C87-611781AF8F49} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C37FC171-6AF7-4A02-9319-1AFF42F85373} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {DE636FF2-FD26-4241-9343-322918A02564} - System32\Tasks\Opera scheduled Autoupdate 1413111732 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
2014-10-12 13:32 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2565251152-1528942193-4253351456-500 - Administrator - Disabled)
Gast (S-1-5-21-2565251152-1528942193-4253351456-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2565251152-1528942193-4253351456-1003 - Limited - Enabled)
HP (S-1-5-21-2565251152-1528942193-4253351456-1001 - Administrator - Enabled) => C:\Users\HP
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/20/2014 09:16:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (10/20/2014 09:01:00 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (10/20/2014 08:51:34 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT-AUTORITÄT)
Description: Der Ereignisprotokollierungsdienst hat beim Aktivieren des Herausgebers "{0BF2FB94-7B60-4B4D-9766-E82F658DF540}" für den Kanal "Microsoft-Windows-Kernel-ShimEngine/Operational" einen Fehler (5) erkannt. Dieser Fehler hat keinen Einfluss auf den Betrieb des Kanals, beeinträchtigt jedoch die Fähigkeit des Herausgebers, Ereignisse für den Kanal auszulösen. Dieser Fehler ist oft darauf zurückzuführen, dass der Anbieter die ETW-Anbietersicherheit verwendet und der Ereignisprotokoll-Dienstidentität keine Berechtigungen zum Aktivieren gewährt hat.
Error: (10/20/2014 08:51:18 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005
Error: (10/20/2014 08:51:18 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005hxxp://+:10243/WMPNSSv4/2318047519/
Error: (10/20/2014 08:51:18 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005
Error: (10/20/2014 08:51:18 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005hxxp://+:10243/WMPNSSv4/2318047519/
Error: (10/20/2014 08:31:28 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT-AUTORITÄT)
Description: Der Ereignisprotokollierungsdienst hat beim Aktivieren des Herausgebers "{0BF2FB94-7B60-4B4D-9766-E82F658DF540}" für den Kanal "Microsoft-Windows-Kernel-ShimEngine/Operational" einen Fehler (5) erkannt. Dieser Fehler hat keinen Einfluss auf den Betrieb des Kanals, beeinträchtigt jedoch die Fähigkeit des Herausgebers, Ereignisse für den Kanal auszulösen. Dieser Fehler ist oft darauf zurückzuführen, dass der Anbieter die ETW-Anbietersicherheit verwendet und der Ereignisprotokoll-Dienstidentität keine Berechtigungen zum Aktivieren gewährt hat.
Error: (10/20/2014 08:31:12 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005
Error: (10/20/2014 08:31:12 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005hxxp://+:10243/WMPNSSv4/2318047519/
Error: (10/20/2014 08:31:12 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005
Error: (10/20/2014 08:31:12 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005hxxp://+:10243/WMPNSSv4/2318047519/
Microsoft Office Sessions:
=========================
Error: (10/20/2014 09:16:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (10/20/2014 09:01:00 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
CodeIntegrity Errors:
===================================
Date: 2014-10-19 12:01:34.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:33.470
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:32.673
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:31.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:30.798
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:29.142
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:28.517
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:27.329
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:25.829
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 10:34:51.843
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\HP\AppData\Local\Temp\uxtiiuow.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 45%
Total physical RAM: 1933.15 MB
Available physical RAM: 1056.65 MB
Total Pagefile: 3917.15 MB
Available Pagefile: 2354.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.34 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:28.22 GB) (Free:9.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 67B602CA)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 22:05 on 20/10/2014 by HP
Administrator - Elevation successful
========== filefind ==========
Searching for "*ORBTR*"
No files found.
Searching for "*TermTutor*"
C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe --a---- 1104088 bytes [07:52 09/09/2014] [07:52 09/09/2014] (Unable to calculate MD5)
========== folderfind ==========
Searching for "*ORBTR*"
No folders found.
Searching for "*TermTutor*"
No folders found.
========== regfind ==========
Searching for "ConvertAd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd]
"DisplayName"="ConvertAd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd]
"UninstallString"=""C:\Users\HP\AppData\Local\ConvertAd\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd]
"DisplayIcon"=""C:\Users\HP\AppData\Local\ConvertAd\ConvertAd.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd]
"Publisher"="ConvertAd"
Searching for "TermTutor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}\1.0\0\win32]
@="C:\Program Files\TermTutor\IE\TermTutorClientIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}\1.0\HELPDIR]
@="C:\Program Files\TermTutor\IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\TermTutor]
-= EOF =-
Danke und gute Nacht Sabine 99 |
|
21.10.2014, 12:06
| #6 |
| /// TB-Ausbilder | Opera leitet zu anderen Seiten .... Servus, bitte berichte mir, ob es nach den folgenden Schritten immer noch Probleme mit Umleitungen, etc. gibt. Wenn ja, in welchem Browser? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Users\HP\AppData\Roaming\IO
C:\Users\HP\AppData\Roaming\QMXKNTZD
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [50312 2014-10-12] (Corsica)
C:\Windows\system32\Drivers\webinstrNew.sys
Task: {471E9656-4A9E-4F2D-B55E-50875C166E14} - \Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500 No Task File <==== ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\TermTutor
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
21.10.2014, 17:52
| #7 |
| | Opera leitet zu anderen Seiten .... Hallo Matthias, super, Opera leitet nicht mehr weiter und der IE funktioniert auch wieder  Das einzige, was mir noch auffällt, ist dass der web shield von online Armor inaktiv ist. Anbei die files. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-10-2014 01
Ran by HP at 2014-10-21 17:53:26 Run:2
Running from C:\Users\HP\Desktop
Loaded Profiles: HP & (Available profiles: HP)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\HP\AppData\Roaming\IO
C:\Users\HP\AppData\Roaming\QMXKNTZD
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb
R2 webinstrNew; C:\Windows\system32\DRIVERS\webinstrNew.sys [50312 2014-10-12] (Corsica)
C:\Windows\system32\DRIVERS\webinstrNew.sys
Task: {471E9656-4A9E-4F2D-B55E-50875C166E14} - \Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500 No Task File <==== ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Uninstall\ConvertAd
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\TermTutor
EmptyTemp:
end
*****************
Processes closed successfully.
C:\Users\HP\AppData\Roaming\IO => Moved successfully.
C:\Users\HP\AppData\Roaming\QMXKNTZD => Moved successfully.
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb => Moved successfully.
webinstrNew => Service stopped successfully.
webinstrNew => Service deleted successfully.
C:\Windows\system32\DRIVERS\webinstrNew.sys => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{471E9656-4A9E-4F2D-B55E-50875C166E14}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{471E9656-4A9E-4F2D-B55E-50875C166E14}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500" => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Uninstall\ConvertAd => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\TermTutor => Key Deleted successfully.
EmptyTemp: => Removed 66.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter HitmanPro 3.7.9.225
www.hitmanpro.com
Computer name . . . . : HEGGENSBERGER
Windows . . . . . . . : 6.3.0.9600.X86/4
User name . . . . . . : HEGGENSBERGER\HP
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2014-10-21 18:27:03
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 56s
Disk access mode . . : Direct disk access (FsdHigh)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 7
Traces . . . . . . . : 14
Objects scanned . . . : 756.122
Files scanned . . . . : 14.630
Remnants scanned . . : 211.773 files / 529.719 keys
Malware _____________________________________________________________________
C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\setup_mbot_de[1].exe -> Deleted
Size . . . . . . . : 3.318.008 bytes
Age . . . . . . . : 9.2 days (2014-10-12 13:12:15)
Entropy . . . . . : 8.0
SHA-256 . . . . . : BC3AFBA10AEA74F8F9384AA8A89708703AF0F4437741B8CD4FBB6668567B15A1
Product . . . . . :
Publisher . . . . :
Description . . . :
Version
LanguageID . . . . : 0
> Bitdefender . . . : Adware.Eorezo.BR
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Eorezo.emv
Fuzzy . . . . . . : 112.0
Forensic Cluster
-45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC35BD21-A696-4214-83E1-D3642F742E1B}
-44.9s C:\Users\HP\AppData\Local\Temp\is45637729\
-44.9s C:\Users\HP\AppData\Local\Temp\is45637729\
-44.9s C:\Users\HP\AppData\Local\Temp\is45637729\
-44.9s C:\Users\HP\AppData\Local\Temp\is45637729\
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-22.2s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\
-22.2s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\Oct6_sweet-page.exe
-21.0s C:\ProgramData\Thunder Network\
-21.0s C:\ProgramData\Thunder Network\DownloadLib\
-21.0s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
-21.0s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
-20.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E594B87C-F25C-4360-9EFF-71CB93044A4F}
-20.0s C:\ProgramData\Xunlei\XLCompact\
-20.0s C:\ProgramData\Xunlei\
-20.0s C:\ProgramData\Xunlei\XLCompact\XLDownEngine.stat
-17.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\
-17.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
-17.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
-17.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
-13.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E0419FCF-02D6-422B-90A6-81388B6A6E43}
-7.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D88F5F16-5EDB-40B8-9903-12657AB10B4B}
-6.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
-6.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
-6.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\rcpsetup_adppi15_adppi15.exe
-3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
-3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
-3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ABCF3865-3912-473D-8BDE-4F34CC17409F}
-0.5s C:\Windows\Prefetch\GENERIC_VO.EXE-258B7E67.pf
0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\setup_mbot_de[1].exe
1.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
1.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
1.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
7.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F693A391-6A6A-4E40-95C3-0672B6839DE8}
7.2s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
7.2s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
9.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\UninstallManager.exe.vir
9.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\uninstallDlg2.xml.vir
9.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\MessageBox.xml.vir
9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg.png.vir
9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg1.png.vir
9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bk_shadow.png.vir
9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button.png.vir
9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button1.png.vir
9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox.png.vir
9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox_select.png.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checked.png.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\close.png.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_bg.png.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_light.png.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\min.png.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\scrollbar.bmp.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\Thumbs.db.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\unchecked.png.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code1.jpg.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code2.jpg.vir
9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code3.jpg.vir
9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code4.jpg.vir
9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code5.jpg.vir
9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code6.jpg.vir
9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\Thumbs.db.vir
9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\294.json.vir
9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
14.2s C:\Users\HP\AppData\Local\Programs\
14.2s C:\Users\HP\AppData\Local\Programs\Common\
14.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6861938-4B8A-4E0A-8D89-730DED6EEA9D}
15.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD5C6EDE-2AF7-4524-BBD0-B71B42510CA2}
15.7s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.dat.vir
15.7s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.exe.vir
16.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AC49A0B0197C349D70479AFCAACF58BB
18.0s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\predm.exe.vir
20.4s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\mybestofferstoday_widget.exe.vir
20.7s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday\MyBestOffersToday.lnk.vir
20.7s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.msg.vir
21.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\mbot_de_145\1.20\cnf.cyl.vir
21.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\upmbot_de_145.cyl.vir
21.3s C:\Windows\Prefetch\NSAD29E.TMP-B509BFC1.pf
21.9s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\NRW6L1C9\BlockAndSurf_2222-5510[1].exe
22.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A5FACA3B-1973-40B2-80CB-9D0CF9DCCD4F}
22.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6B12A7AA-C1F4-40BC-A299-716422CF91AF}
25.4s C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir
26.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5D622A79-7F38-4FE0-B94A-86537F3F20FF}
26.6s C:\Windows\System32\LogFiles\Scm\989a5c20-c98d-417c-b6ee-78e290e34774
29.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21F6DA95-CD45-4B32-B40A-730D00EE186C}
30.2s C:\Windows\System32\LogFiles\Scm\e54ecce2-55e3-4510-98ce-747ae04fec2a
30.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3FC9B0D6-0C60-4347-A9C0-D6ACC06A966D}
31.1s C:\Windows\Prefetch\UPMBOT_DE_145.EXE-CFBD6794.pf
35.5s C:\Windows\Prefetch\REGCLEANPRO.EXE-7C96B5A3.pf
39.6s C:\Windows\Prefetch\SYSTWEAKASP.TMP-F369339B.pf
46.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1376E394-7CA5-49C5-9513-694A0728B8D8}
47.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7AAE57C-7FBC-410F-9680-4CFD934AD7D5}
49.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3D81F0E24483216681D9F91762405B57
57.0s C:\Windows\Prefetch\ASPSETUP.TMP-1B570E8D.pf
57.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{49FDC04E-6F47-4EBF-BEA8-EA4649EA5632}
61.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8T57REOA\ConvertAdSetup[1].exe
63.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ACFAD2426B5EAA098A8DAAC3A2AD70F6
63.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\335555FD86C023C6294557666A778C1D
65.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
65.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
70.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
70.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
70.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
70.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
79.3s C:\Windows\Prefetch\CSCRIPT.EXE-AC3ABA62.pf
79.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{195F1083-3E88-48A7-8BE0-59B78C41C31E}
79.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BBF9C108-F869-4C49-A3E0-BAE1D9721AC7}
80.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{79B61EA9-6B13-4FDA-90D3-9DE1C4AAC2E5}
80.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9FF2F852-22A0-44A9-8FE1-044EB58A6D76}
80.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F7DB99D0-AB4E-497F-875A-FEDD01B92F1E}
84.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EB48FC0-C8F6-4645-B0E9-FE3923819FBB}
88.9s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
88.9s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
89.0s C:\Users\HP\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\AdvancedSystemProtector.exe.log
89.0s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\ConvertAd\Uninstall.exe.vir
90.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9828C594-6399-4E6C-9807-8BDB75F2C81D}
91.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
91.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
91.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
91.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{41D7FC49-E01B-4F3F-BF15-0EEC70AB3B3A}
92.0s C:\Windows\Prefetch\NSIBE9A.TMP-C5B6DF45.pf
C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8T57REOA\ConvertAdSetup[1].exe -> Quarantined
Size . . . . . . . : 1.211.759 bytes
Age . . . . . . . : 9.2 days (2014-10-12 13:13:16)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 6E7F69EFC681DC27BFF3C09F65305FBA01B2168CA5753F9116ADE4AB9A1984A9
Product . . . . . : ConvertAd
Publisher . . . . : ConvertAd.com
Description . . . : ConvertAd
Version . . . . . : 1.0.0.0
LanguageID . . . . : 0
> Bitdefender . . . : Application.Generic.833997
Fuzzy . . . . . . : 109.0
Forensic Cluster
-106.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC35BD21-A696-4214-83E1-D3642F742E1B}
-105.8s C:\Users\HP\AppData\Local\Temp\is45637729\
-105.8s C:\Users\HP\AppData\Local\Temp\is45637729\
-105.8s C:\Users\HP\AppData\Local\Temp\is45637729\
-105.8s C:\Users\HP\AppData\Local\Temp\is45637729\
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-83.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\
-83.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\Oct6_sweet-page.exe
-82.0s C:\ProgramData\Thunder Network\
-82.0s C:\ProgramData\Thunder Network\DownloadLib\
-82.0s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
-82.0s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
-81.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E594B87C-F25C-4360-9EFF-71CB93044A4F}
-81.0s C:\ProgramData\Xunlei\XLCompact\
-81.0s C:\ProgramData\Xunlei\
-81.0s C:\ProgramData\Xunlei\XLCompact\XLDownEngine.stat
-78.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\
-78.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
-78.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
-78.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
-74.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E0419FCF-02D6-422B-90A6-81388B6A6E43}
-68.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D88F5F16-5EDB-40B8-9903-12657AB10B4B}
-67.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
-67.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
-67.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\rcpsetup_adppi15_adppi15.exe
-64.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
-64.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
-64.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
-62.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ABCF3865-3912-473D-8BDE-4F34CC17409F}
-61.5s C:\Windows\Prefetch\GENERIC_VO.EXE-258B7E67.pf
-61.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\setup_mbot_de[1].exe
-60.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
-60.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
-60.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
-57.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
-57.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
-53.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F693A391-6A6A-4E40-95C3-0672B6839DE8}
-53.8s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
-53.8s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
-51.7s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\UninstallManager.exe.vir
-51.7s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\uninstallDlg2.xml.vir
-51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\MessageBox.xml.vir
-51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg.png.vir
-51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg1.png.vir
-51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bk_shadow.png.vir
-51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button.png.vir
-51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button1.png.vir
-51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox.png.vir
-51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox_select.png.vir
-51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checked.png.vir
-51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\close.png.vir
-51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_bg.png.vir
-51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_light.png.vir
-51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\min.png.vir
-51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\scrollbar.bmp.vir
-51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\Thumbs.db.vir
-51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\unchecked.png.vir
-51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code1.jpg.vir
-51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code2.jpg.vir
-51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code3.jpg.vir
-51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code4.jpg.vir
-51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code5.jpg.vir
-51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code6.jpg.vir
-51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\Thumbs.db.vir
-51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\294.json.vir
-51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
-51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
-46.8s C:\Users\HP\AppData\Local\Programs\
-46.8s C:\Users\HP\AppData\Local\Programs\Common\
-46.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6861938-4B8A-4E0A-8D89-730DED6EEA9D}
-45.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD5C6EDE-2AF7-4524-BBD0-B71B42510CA2}
-45.3s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.dat.vir
-45.2s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.exe.vir
-44.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AC49A0B0197C349D70479AFCAACF58BB
-42.9s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\predm.exe.vir
-40.6s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\mybestofferstoday_widget.exe.vir
-40.3s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday\MyBestOffersToday.lnk.vir
-40.2s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.msg.vir
-39.9s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\mbot_de_145\1.20\cnf.cyl.vir
-39.7s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\upmbot_de_145.cyl.vir
-39.6s C:\Windows\Prefetch\NSAD29E.TMP-B509BFC1.pf
-39.1s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\NRW6L1C9\BlockAndSurf_2222-5510[1].exe
-38.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A5FACA3B-1973-40B2-80CB-9D0CF9DCCD4F}
-38.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6B12A7AA-C1F4-40BC-A299-716422CF91AF}
-35.5s C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir
-35.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5D622A79-7F38-4FE0-B94A-86537F3F20FF}
-34.4s C:\Windows\System32\LogFiles\Scm\989a5c20-c98d-417c-b6ee-78e290e34774
-31.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21F6DA95-CD45-4B32-B40A-730D00EE186C}
-30.8s C:\Windows\System32\LogFiles\Scm\e54ecce2-55e3-4510-98ce-747ae04fec2a
-30.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3FC9B0D6-0C60-4347-A9C0-D6ACC06A966D}
-29.8s C:\Windows\Prefetch\UPMBOT_DE_145.EXE-CFBD6794.pf
-25.5s C:\Windows\Prefetch\REGCLEANPRO.EXE-7C96B5A3.pf
-21.3s C:\Windows\Prefetch\SYSTWEAKASP.TMP-F369339B.pf
-14.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1376E394-7CA5-49C5-9513-694A0728B8D8}
-13.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7AAE57C-7FBC-410F-9680-4CFD934AD7D5}
-11.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3D81F0E24483216681D9F91762405B57
-4.0s C:\Windows\Prefetch\ASPSETUP.TMP-1B570E8D.pf
-3.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{49FDC04E-6F47-4EBF-BEA8-EA4649EA5632}
0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8T57REOA\ConvertAdSetup[1].exe
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ACFAD2426B5EAA098A8DAAC3A2AD70F6
2.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\335555FD86C023C6294557666A778C1D
4.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
4.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
9.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
9.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
9.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
9.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
18.3s C:\Windows\Prefetch\CSCRIPT.EXE-AC3ABA62.pf
18.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{195F1083-3E88-48A7-8BE0-59B78C41C31E}
18.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BBF9C108-F869-4C49-A3E0-BAE1D9721AC7}
19.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{79B61EA9-6B13-4FDA-90D3-9DE1C4AAC2E5}
19.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9FF2F852-22A0-44A9-8FE1-044EB58A6D76}
19.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F7DB99D0-AB4E-497F-875A-FEDD01B92F1E}
23.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EB48FC0-C8F6-4645-B0E9-FE3923819FBB}
28.0s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
28.0s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
28.0s C:\Users\HP\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\AdvancedSystemProtector.exe.log
28.0s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\ConvertAd\Uninstall.exe.vir
29.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9828C594-6399-4E6C-9807-8BDB75F2C81D}
30.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
30.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
30.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
30.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{41D7FC49-E01B-4F3F-BF15-0EEC70AB3B3A}
31.0s C:\Windows\Prefetch\NSIBE9A.TMP-C5B6DF45.pf
C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\NRW6L1C9\BlockAndSurf_2222-5510[1].exe -> Quarantined
Size . . . . . . . : 6.510.142 bytes
Age . . . . . . . : 9.2 days (2014-10-12 13:12:37)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 6E44ACA076F445B14F9EC8268EAFF0D20AEAD154ED38355D3B602F12F87FEB76
> Bitdefender . . . : Adware.AddLyrics.BG
Fuzzy . . . . . . : 110.0
Forensic Cluster
-67.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC35BD21-A696-4214-83E1-D3642F742E1B}
-66.8s C:\Users\HP\AppData\Local\Temp\is45637729\
-66.8s C:\Users\HP\AppData\Local\Temp\is45637729\
-66.8s C:\Users\HP\AppData\Local\Temp\is45637729\
-66.8s C:\Users\HP\AppData\Local\Temp\is45637729\
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-44.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\
-44.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\Oct6_sweet-page.exe
-42.9s C:\ProgramData\Thunder Network\
-42.9s C:\ProgramData\Thunder Network\DownloadLib\
-42.9s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
-42.9s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
-42.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E594B87C-F25C-4360-9EFF-71CB93044A4F}
-41.9s C:\ProgramData\Xunlei\XLCompact\
-41.9s C:\ProgramData\Xunlei\
-41.9s C:\ProgramData\Xunlei\XLCompact\XLDownEngine.stat
-39.6s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\
-39.6s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
-39.6s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
-39.6s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
-35.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E0419FCF-02D6-422B-90A6-81388B6A6E43}
-29.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D88F5F16-5EDB-40B8-9903-12657AB10B4B}
-28.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
-28.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
-28.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\rcpsetup_adppi15_adppi15.exe
-25.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
-25.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
-25.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
-23.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ABCF3865-3912-473D-8BDE-4F34CC17409F}
-22.4s C:\Windows\Prefetch\GENERIC_VO.EXE-258B7E67.pf
-21.9s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\setup_mbot_de[1].exe
-20.9s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
-20.9s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
-20.9s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
-18.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
-18.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
-14.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F693A391-6A6A-4E40-95C3-0672B6839DE8}
-14.7s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
-14.7s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
-12.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\UninstallManager.exe.vir
-12.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\uninstallDlg2.xml.vir
-12.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\MessageBox.xml.vir
-12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg.png.vir
-12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg1.png.vir
-12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bk_shadow.png.vir
-12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button.png.vir
-12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button1.png.vir
-12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox.png.vir
-12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox_select.png.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checked.png.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\close.png.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_bg.png.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_light.png.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\min.png.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\scrollbar.bmp.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\Thumbs.db.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\unchecked.png.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code1.jpg.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code2.jpg.vir
-12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code3.jpg.vir
-12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code4.jpg.vir
-12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code5.jpg.vir
-12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code6.jpg.vir
-12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\Thumbs.db.vir
-12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\294.json.vir
-12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
-12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
-7.7s C:\Users\HP\AppData\Local\Programs\
-7.7s C:\Users\HP\AppData\Local\Programs\Common\
-7.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6861938-4B8A-4E0A-8D89-730DED6EEA9D}
-6.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD5C6EDE-2AF7-4524-BBD0-B71B42510CA2}
-6.2s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.dat.vir
-6.2s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.exe.vir
-5.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AC49A0B0197C349D70479AFCAACF58BB
-3.9s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\predm.exe.vir
-1.5s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\mybestofferstoday_widget.exe.vir
-1.2s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday\MyBestOffersToday.lnk.vir
-1.2s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.msg.vir
-0.8s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\mbot_de_145\1.20\cnf.cyl.vir
-0.7s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\upmbot_de_145.cyl.vir
-0.6s C:\Windows\Prefetch\NSAD29E.TMP-B509BFC1.pf
0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\NRW6L1C9\BlockAndSurf_2222-5510[1].exe
0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A5FACA3B-1973-40B2-80CB-9D0CF9DCCD4F}
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6B12A7AA-C1F4-40BC-A299-716422CF91AF}
3.5s C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir
4.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5D622A79-7F38-4FE0-B94A-86537F3F20FF}
4.7s C:\Windows\System32\LogFiles\Scm\989a5c20-c98d-417c-b6ee-78e290e34774
7.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21F6DA95-CD45-4B32-B40A-730D00EE186C}
8.3s C:\Windows\System32\LogFiles\Scm\e54ecce2-55e3-4510-98ce-747ae04fec2a
8.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3FC9B0D6-0C60-4347-A9C0-D6ACC06A966D}
9.2s C:\Windows\Prefetch\UPMBOT_DE_145.EXE-CFBD6794.pf
13.6s C:\Windows\Prefetch\REGCLEANPRO.EXE-7C96B5A3.pf
17.7s C:\Windows\Prefetch\SYSTWEAKASP.TMP-F369339B.pf
24.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1376E394-7CA5-49C5-9513-694A0728B8D8}
25.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7AAE57C-7FBC-410F-9680-4CFD934AD7D5}
27.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3D81F0E24483216681D9F91762405B57
35.1s C:\Windows\Prefetch\ASPSETUP.TMP-1B570E8D.pf
35.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{49FDC04E-6F47-4EBF-BEA8-EA4649EA5632}
39.1s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8T57REOA\ConvertAdSetup[1].exe
41.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ACFAD2426B5EAA098A8DAAC3A2AD70F6
41.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\335555FD86C023C6294557666A778C1D
43.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
43.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
48.5s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
48.5s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
48.8s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
48.8s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
57.4s C:\Windows\Prefetch\CSCRIPT.EXE-AC3ABA62.pf
57.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{195F1083-3E88-48A7-8BE0-59B78C41C31E}
58.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BBF9C108-F869-4C49-A3E0-BAE1D9721AC7}
58.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{79B61EA9-6B13-4FDA-90D3-9DE1C4AAC2E5}
58.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9FF2F852-22A0-44A9-8FE1-044EB58A6D76}
58.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F7DB99D0-AB4E-497F-875A-FEDD01B92F1E}
62.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EB48FC0-C8F6-4645-B0E9-FE3923819FBB}
67.0s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
67.0s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
67.1s C:\Users\HP\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\AdvancedSystemProtector.exe.log
67.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\ConvertAd\Uninstall.exe.vir
68.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9828C594-6399-4E6C-9807-8BDB75F2C81D}
69.2s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
69.2s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
69.2s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
69.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{41D7FC49-E01B-4F3F-BF15-0EEC70AB3B3A}
70.1s C:\Windows\Prefetch\NSIBE9A.TMP-C5B6DF45.pf
C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\VDM8A4PL\SPSetup[1].exe -> Deleted
Size . . . . . . . : 7.353.072 bytes
Age . . . . . . . : 9.2 days (2014-10-12 13:02:26)
Entropy . . . . . : 8.0
SHA-256 . . . . . : C721916999E274F7C155A6FB16F04C60750590F8DCB0C43CE353BB0C3787357A
Product . . . . . : Search Protect
Publisher . . . . : Client Connect LTD
Description . . . : Search Protect
Version . . . . . : 2.17.26.7
LanguageID . . . . : 0
> Bitdefender . . . : Application.SearchProtect.R
> Kaspersky . . . . : not-a-virus:WebToolbar.NSIS.Agent.n
Fuzzy . . . . . . : 104.0
C:\Users\HP\AppData\Local\Temp\hAUK6.exe -> Quarantined
Size . . . . . . . : 402.944 bytes
Age . . . . . . . : 9.2 days (2014-10-12 13:00:56)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 8E04BB51BB855A70A38987442D1056BB738F4298AC4CFA17489E356B7B4E48CA
Product . . . . . :
Description
Copyright . . . . : Copyright (C) 2014
LanguageID . . . . : 1033
> Bitdefender . . . : Gen:Variant.Adware.Zusy.91730
Fuzzy . . . . . . : 105.0
C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe -> Quarantined
Size . . . . . . . : 1.104.088 bytes
Age . . . . . . . : 9.2 days (2014-10-12 13:11:57)
Entropy . . . . . : 7.8
SHA-256 . . . . . : C90802B073D4E2DB8529B1A777C32B7A9F35A6281918A37A3F1789DD3D111904
Needs elevation . : Yes
Product . . . . . : Term Tutor
Publisher . . . . : Term Tutor
Description . . . : Term Tutor Setup
Version . . . . . : 1.9.0.8
LanguageID . . . . : 0
> Bitdefender . . . : Adware.Vitruvian.A
Fuzzy . . . . . . : 109.0
Forensic Cluster
-27.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC35BD21-A696-4214-83E1-D3642F742E1B}
-27.1s C:\Users\HP\AppData\Local\Temp\is45637729\
-27.1s C:\Users\HP\AppData\Local\Temp\is45637729\
-27.1s C:\Users\HP\AppData\Local\Temp\is45637729\
-27.1s C:\Users\HP\AppData\Local\Temp\is45637729\
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
-4.4s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\
-4.4s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\Oct6_sweet-page.exe
-3.3s C:\ProgramData\Thunder Network\
-3.3s C:\ProgramData\Thunder Network\DownloadLib\
-3.3s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
-3.3s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
-2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E594B87C-F25C-4360-9EFF-71CB93044A4F}
-2.3s C:\ProgramData\Xunlei\XLCompact\
-2.3s C:\ProgramData\Xunlei\
-2.3s C:\ProgramData\Xunlei\XLCompact\XLDownEngine.stat
-0.0s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\
0.0s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
0.0s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
0.0s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
4.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E0419FCF-02D6-422B-90A6-81388B6A6E43}
9.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D88F5F16-5EDB-40B8-9903-12657AB10B4B}
10.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
10.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
10.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\rcpsetup_adppi15_adppi15.exe
14.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
14.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
14.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
16.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ABCF3865-3912-473D-8BDE-4F34CC17409F}
17.3s C:\Windows\Prefetch\GENERIC_VO.EXE-258B7E67.pf
17.7s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\setup_mbot_de[1].exe
18.8s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
18.8s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
18.8s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
21.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
21.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
24.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F693A391-6A6A-4E40-95C3-0672B6839DE8}
25.0s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
25.0s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
27.0s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\UninstallManager.exe.vir
27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\uninstallDlg2.xml.vir
27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\MessageBox.xml.vir
27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg.png.vir
27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg1.png.vir
27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bk_shadow.png.vir
27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button.png.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button1.png.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox.png.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox_select.png.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checked.png.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\close.png.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_bg.png.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_light.png.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\min.png.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\scrollbar.bmp.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\Thumbs.db.vir
27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\unchecked.png.vir
27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code1.jpg.vir
27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code2.jpg.vir
27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code3.jpg.vir
27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code4.jpg.vir
27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code5.jpg.vir
27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code6.jpg.vir
27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\Thumbs.db.vir
27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\294.json.vir
27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
31.9s C:\Users\HP\AppData\Local\Programs\
31.9s C:\Users\HP\AppData\Local\Programs\Common\
32.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6861938-4B8A-4E0A-8D89-730DED6EEA9D}
33.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD5C6EDE-2AF7-4524-BBD0-B71B42510CA2}
33.5s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.dat.vir
33.5s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.exe.vir
34.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AC49A0B0197C349D70479AFCAACF58BB
35.8s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\predm.exe.vir
38.1s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\mybestofferstoday_widget.exe.vir
38.4s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday\MyBestOffersToday.lnk.vir
38.5s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.msg.vir
38.9s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\mbot_de_145\1.20\cnf.cyl.vir
39.0s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\upmbot_de_145.cyl.vir
39.1s C:\Windows\Prefetch\NSAD29E.TMP-B509BFC1.pf
39.6s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\NRW6L1C9\BlockAndSurf_2222-5510[1].exe
39.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A5FACA3B-1973-40B2-80CB-9D0CF9DCCD4F}
39.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6B12A7AA-C1F4-40BC-A299-716422CF91AF}
43.2s C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir
43.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5D622A79-7F38-4FE0-B94A-86537F3F20FF}
44.4s C:\Windows\System32\LogFiles\Scm\989a5c20-c98d-417c-b6ee-78e290e34774
47.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21F6DA95-CD45-4B32-B40A-730D00EE186C}
47.9s C:\Windows\System32\LogFiles\Scm\e54ecce2-55e3-4510-98ce-747ae04fec2a
48.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3FC9B0D6-0C60-4347-A9C0-D6ACC06A966D}
48.9s C:\Windows\Prefetch\UPMBOT_DE_145.EXE-CFBD6794.pf
53.2s C:\Windows\Prefetch\REGCLEANPRO.EXE-7C96B5A3.pf
57.4s C:\Windows\Prefetch\SYSTWEAKASP.TMP-F369339B.pf
64.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1376E394-7CA5-49C5-9513-694A0728B8D8}
65.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7AAE57C-7FBC-410F-9680-4CFD934AD7D5}
66.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3D81F0E24483216681D9F91762405B57
74.7s C:\Windows\Prefetch\ASPSETUP.TMP-1B570E8D.pf
75.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{49FDC04E-6F47-4EBF-BEA8-EA4649EA5632}
78.7s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8T57REOA\ConvertAdSetup[1].exe
80.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ACFAD2426B5EAA098A8DAAC3A2AD70F6
81.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\335555FD86C023C6294557666A778C1D
83.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
83.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
88.1s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
88.1s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
88.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
88.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
97.0s C:\Windows\Prefetch\CSCRIPT.EXE-AC3ABA62.pf
97.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{195F1083-3E88-48A7-8BE0-59B78C41C31E}
97.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BBF9C108-F869-4C49-A3E0-BAE1D9721AC7}
97.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{79B61EA9-6B13-4FDA-90D3-9DE1C4AAC2E5}
97.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9FF2F852-22A0-44A9-8FE1-044EB58A6D76}
97.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F7DB99D0-AB4E-497F-875A-FEDD01B92F1E}
101.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EB48FC0-C8F6-4645-B0E9-FE3923819FBB}
106.7s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
106.7s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
106.7s C:\Users\HP\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\AdvancedSystemProtector.exe.log
106.7s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\ConvertAd\Uninstall.exe.vir
107.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9828C594-6399-4E6C-9807-8BDB75F2C81D}
108.8s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
108.8s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
108.8s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
109.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{41D7FC49-E01B-4F3F-BF15-0EEC70AB3B3A}
109.7s C:\Windows\Prefetch\NSIBE9A.TMP-C5B6DF45.pf
C:\Users\HP\AppData\Local\Temp\n8696\VOPackage.exe -> Quarantined
Size . . . . . . . : 284.637 bytes
Age . . . . . . . : 9.2 days (2014-10-12 13:00:36)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 45871B60700DADC2194CBFEE6E5ED3AA5C27CC894FF03D5810CD05F46BB8635D
Product
Publisher . . . . :
Description . . . : install
Version . . . . . : 1.0.0.0
LanguageID . . . . : 0
> Kaspersky . . . . : Trojan-Downloader.NSIS.Agent.ox
Fuzzy . . . . . . : 112.0
Suspicious files ____________________________________________________________
C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\FRST[1].exe
Size . . . . . . . : 1.102.848 bytes
Age . . . . . . . : 1.0 days (2014-10-20 18:06:40)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 1734B22637E54C04204E2BC545933B447C45E95CA2BB58DE198E981BA66FAC9A
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-3.2s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_de-de_3be922cae7f7c5ea\appobj.dll.mui
-3.0s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_de-de_3be922cae7f7c5ea\uihelper.dll.mui
-3.0s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_de-de_3be922cae7f7c5ea\iisres.dll.mui
-0.8s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_it-it_7184c1eda100bf34\appobj.dll.mui
-0.6s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_it-it_7184c1eda100bf34\uihelper.dll.mui
-0.5s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_it-it_7184c1eda100bf34\iisres.dll.mui
0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\FRST[1].exe
1.8s C:\Windows\WinSxS\x86_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.3.9600.16384_de-de_7b1c9f56525fc7c2\iis.msc
2.3s C:\Windows\WinSxS\x86_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.3.9600.16384_it-it_b0b83e790b68c10c\iis.msc
2.3s C:\Windows\WinSxS\x86_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.3.9600.16384_it-it_b0b83e790b68c10c\iis.msc
2.3s C:\Windows\WinSxS\x86_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.3.9600.16384_it-it_b0b83e790b68c10c\iis.msc
2.8s C:\Windows\WinSxS\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.0.9600.16384_none_36e06c997c6fb32e\inetcpl.cpl
C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\OIQOA9AK\FRST[1].exe
Size . . . . . . . : 1.102.336 bytes
Age . . . . . . . : 0.9 days (2014-10-20 21:59:48)
Entropy . . . . . : 8.0
SHA-256 . . . . . : EB2816E82B7BA8B46B36637F9A94B809EFF8B9BA7B003015C29B0FA86A36D2BB
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\OIQOA9AK\FRST[1].exe
0.0s C:\Users\HP\Desktop\FRST.exe
C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\VDM8A4PL\FRST[1].exe
Size . . . . . . . : 1.103.360 bytes
Age . . . . . . . : 2.2 days (2014-10-19 13:20:51)
Entropy . . . . . : 8.0
SHA-256 . . . . . : CA139C24BFF3F6F049AD8389DD893C943BEA87388387A2D1A518C05D45767EF2
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
C:\Users\HP\Desktop\FRST-OlderVersion\FRST.exe
Size . . . . . . . : 1.102.848 bytes
Age . . . . . . . : 4.9 days (2014-10-16 20:37:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 1734B22637E54C04204E2BC545933B447C45E95CA2BB58DE198E981BA66FAC9A
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-140.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001270
-140.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001270
-135.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001271
-135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
-135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
-135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
-135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
-125.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001273
-110.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001274
-94.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001277
-90.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_984068_02.sqm
-90.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238784_03.sqm
-90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457982_03.sqm
-90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142597_04.sqm
-90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458005_09.sqm
-90.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_13238528_08.sqm
-90.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457933_06.sqm
-90.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457985_06.sqm
-89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_6_02.sqm
-89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_791812_02.sqm
-89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_791812_02.sqm
-89.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001278
-88.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\WSqmCons_02.sqm
-80.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001279
-80.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127a
-80.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127a
-79.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127b
-78.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127c
-75.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127d
-74.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127e
-71.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127f
-70.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001280
-69.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001281
-58.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001283
-50.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001285
-28.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001288
-28.4s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001289
-27.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128a
-26.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128b
-26.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128c
-25.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0381C14D7D4614738FA6FFB3FBC512C5_A0E72179A9A6B71762F18EEA691E54D2
-25.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0381C14D7D4614738FA6FFB3FBC512C5_A0E72179A9A6B71762F18EEA691E54D2
-24.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128e
-23.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128f
-23.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001290
-23.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001291
-22.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001292
-22.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001293
-21.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001294
-19.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001295
-19.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001296
-19.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001297
-15.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001298
-11.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129a
-9.3s C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.mybet.com_0.localstorage
-9.3s C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.mybet.com_0.localstorage-journal
-5.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129b
-5.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129c
0.0s C:\Users\HP\Desktop\FRST-OlderVersion\FRST.exe
0.0s C:\Users\HP\Desktop\Neuer Ordner\FRST-OlderVersion\FRST.exe
1.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129d
12.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129e
16.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129f
17.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a0
31.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a1
34.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a2
34.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a2
45.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a3
45.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a3
48.9s C:\Windows\Prefetch\FRST.EXE-476CF0A1.pf
56.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a4
60.3s C:\FRST\Logs\
60.3s C:\FRST\
60.3s C:\FRST\Hives\
60.3s C:\FRST\Quarantine\
64.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a5
71.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a6
71.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a7
72.5s C:\FRST\Hives\ERDNT.INF
72.5s C:\FRST\Hives\ERDNT.INF
72.5s C:\FRST\Hives\ERDNT.CON
72.5s C:\FRST\Hives\SYSTEM
73.2s C:\FRST\Hives\BCD
73.2s C:\FRST\Hives\SOFTWARE
74.9s C:\FRST\Hives\DEFAULT
74.9s C:\FRST\Hives\SECURITY
74.9s C:\FRST\Hives\SAM
74.9s C:\FRST\Hives\Users\
74.9s C:\FRST\Hives\Users\00000001\
74.9s C:\FRST\Hives\Users\00000001\NTUSER.DAT
75.0s C:\FRST\Hives\Users\00000002\
75.0s C:\FRST\Hives\Users\00000002\UsrClass.dat
75.3s C:\FRST\Hives\ERDNT.EXE
75.3s C:\FRST\Hives\ERDNT.EXE
75.6s C:\FRST\Hives\ERDNTWIN.LOC
75.6s C:\FRST\Hives\ERDNTDOS.LOC
75.7s C:\Windows\Prefetch\CMD.EXE-CD245F9E.pf
76.2s C:\Users\HP\Desktop\Neuer Ordner\FRST.txt
77.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a8
82.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a9
110.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012aa
110.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ab
113.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ac
114.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ad
120.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ae
134.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012af
136.4s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b0
139.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b1
140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
159.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b2
170.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b3
184.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b4
184.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b5
187.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b6
187.7s C:\FRST\Logs\Addition_16-10-2014_20-40-19.txt
189.7s C:\FRST\Logs\FRST_16-10-2014_20-40-21.txt
C:\Users\HP\Desktop\FRST.exe
Size . . . . . . . : 1.102.336 bytes
Age . . . . . . . : 0.9 days (2014-10-20 21:59:48)
Entropy . . . . . : 8.0
SHA-256 . . . . . : EB2816E82B7BA8B46B36637F9A94B809EFF8B9BA7B003015C29B0FA86A36D2BB
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\OIQOA9AK\FRST[1].exe
0.0s C:\Users\HP\Desktop\FRST.exe
C:\Users\HP\Desktop\Neuer Ordner\FRST-OlderVersion\FRST.exe
Size . . . . . . . : 1.102.848 bytes
Age . . . . . . . : 4.9 days (2014-10-16 20:37:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : D3409357C55C3C634B638942C12B3860DA2A429ED344CDACB86C67950416A305
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-140.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001270
-140.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001270
-135.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001271
-135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
-135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
-135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
-135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
-125.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001273
-110.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001274
-94.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001277
-90.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_984068_02.sqm
-90.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238784_03.sqm
-90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457982_03.sqm
-90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142597_04.sqm
-90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458005_09.sqm
-90.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_13238528_08.sqm
-90.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457933_06.sqm
-90.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457985_06.sqm
-89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_6_02.sqm
-89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_791812_02.sqm
-89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_791812_02.sqm
-89.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001278
-88.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\WSqmCons_02.sqm
-80.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001279
-80.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127a
-80.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127a
-79.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127b
-78.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127c
-75.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127d
-74.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127e
-71.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127f
-70.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001280
-69.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001281
-58.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001283
-50.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001285
-28.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001288
-28.4s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001289
-27.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128a
-26.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128b
-26.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128c
-25.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0381C14D7D4614738FA6FFB3FBC512C5_A0E72179A9A6B71762F18EEA691E54D2
-25.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0381C14D7D4614738FA6FFB3FBC512C5_A0E72179A9A6B71762F18EEA691E54D2
-24.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128e
-23.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128f
-23.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001290
-23.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001291
-22.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001292
-22.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001293
-21.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001294
-19.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001295
-19.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001296
-19.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001297
-15.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001298
-11.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129a
-9.3s C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.mybet.com_0.localstorage
-9.3s C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.mybet.com_0.localstorage-journal
-5.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129b
-5.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129c
0.0s C:\Users\HP\Desktop\FRST-OlderVersion\FRST.exe
0.0s C:\Users\HP\Desktop\Neuer Ordner\FRST-OlderVersion\FRST.exe
1.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129d
12.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129e
16.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129f
17.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a0
31.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a1
34.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a2
34.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a2
45.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a3
45.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a3
48.9s C:\Windows\Prefetch\FRST.EXE-476CF0A1.pf
56.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a4
60.3s C:\FRST\Logs\
60.3s C:\FRST\
60.3s C:\FRST\Hives\
60.3s C:\FRST\Quarantine\
64.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a5
71.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a6
71.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a7
72.5s C:\FRST\Hives\ERDNT.INF
72.5s C:\FRST\Hives\ERDNT.INF
72.5s C:\FRST\Hives\ERDNT.CON
72.5s C:\FRST\Hives\SYSTEM
73.2s C:\FRST\Hives\BCD
73.2s C:\FRST\Hives\SOFTWARE
74.9s C:\FRST\Hives\DEFAULT
74.9s C:\FRST\Hives\SECURITY
74.9s C:\FRST\Hives\SAM
74.9s C:\FRST\Hives\Users\
74.9s C:\FRST\Hives\Users\00000001\
74.9s C:\FRST\Hives\Users\00000001\NTUSER.DAT
75.0s C:\FRST\Hives\Users\00000002\
75.0s C:\FRST\Hives\Users\00000002\UsrClass.dat
75.3s C:\FRST\Hives\ERDNT.EXE
75.3s C:\FRST\Hives\ERDNT.EXE
75.6s C:\FRST\Hives\ERDNTWIN.LOC
75.6s C:\FRST\Hives\ERDNTDOS.LOC
75.7s C:\Windows\Prefetch\CMD.EXE-CD245F9E.pf
76.2s C:\Users\HP\Desktop\Neuer Ordner\FRST.txt
77.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a8
82.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a9
110.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012aa
110.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ab
113.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ac
114.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ad
120.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ae
134.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012af
136.4s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b0
139.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b1
140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
159.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b2
170.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b3
184.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b4
184.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b5
187.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b6
187.7s C:\FRST\Logs\Addition_16-10-2014_20-40-19.txt
189.7s C:\FRST\Logs\FRST_16-10-2014_20-40-21.txt
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\ (RegClean Pro) -> Deleted
|
|
21.10.2014, 17:54
| #8 |
| | Opera leitet zu anderen Seiten .... Nun FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014 01 Ran by HP (administrator) on xxxxx on 21-10-2014 18:32:20 Running from C:\Users\HP\Desktop Loaded Profile: HP (Available profiles: HP) Platform: Microsoft Windows 8.1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe (Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe () C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.) HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] () HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation) HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor) HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation) BootExecute: autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH) R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.) R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.) R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed] R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-10] (Broadcom Corporation.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation) R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH) S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation) R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation) S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation) S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-12-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS) R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation) R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.) R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation) R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-10] (Broadcom Corp) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation) R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation) S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-10] (Broadcom Corporation.) R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-10] (Broadcom Corporation.) R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.) R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation) R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation) R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation) R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation) R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS) R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation) R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation) S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation) S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation) R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation) R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation) R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation) S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation) R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] () R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] () R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft) R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft) R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation) R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation) R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) U0 msahci; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 18:32 - 2014-10-21 18:32 - 00013964 _____ () C:\Users\HP\Desktop\FRST.txt 2014-10-21 18:31 - 2014-10-21 18:31 - 00188456 _____ () C:\Users\HP\Desktop\HitmanPro_20141021_1831.log 2014-10-21 18:30 - 2014-10-21 18:30 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2014-10-21 18:30 - 2014-10-21 18:30 - 00001190 _____ () C:\Windows\system32\bootdelete.lst 2014-10-21 18:25 - 2014-10-21 18:31 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-10-21 18:23 - 2014-10-21 18:25 - 10280824 _____ (SurfRight B.V.) C:\Users\HP\Desktop\HitmanPro.exe 2014-10-20 22:04 - 2014-10-20 22:04 - 00139264 _____ () C:\Users\HP\Desktop\SystemLook.exe 2014-10-20 21:56 - 2014-10-20 21:56 - 00854417 _____ () C:\Users\HP\Desktop\SecurityCheck.exe 2014-10-20 19:51 - 2014-10-20 19:51 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_deu.exe 2014-10-20 19:34 - 2014-10-20 19:34 - 00000000 ____D () C:\9bcd29b28965a011ca96fd2a 2014-10-20 18:06 - 2014-10-20 21:59 - 00000000 ____D () C:\Users\HP\Desktop\FRST-OlderVersion 2014-10-19 13:25 - 2014-10-21 17:46 - 00000000 ____D () C:\Users\HP\Desktop\Neuer Ordner 2014-10-19 13:10 - 2014-10-19 13:10 - 00000000 ____D () C:\Windows\ERUNT 2014-10-19 13:08 - 2014-10-19 13:08 - 01705698 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe 2014-10-19 12:43 - 2014-10-21 18:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-19 12:43 - 2014-10-19 12:43 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-10-19 12:43 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-19 12:43 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-19 12:43 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-19 12:39 - 2014-10-19 12:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-2.0.3.1025.exe 2014-10-19 12:33 - 2014-10-19 12:33 - 284417501 _____ () C:\Windows\MEMORY.DMP 2014-10-19 12:33 - 2014-10-19 12:33 - 00619216 _____ () C:\Windows\Minidump\101914-17328-01.dmp 2014-10-19 12:14 - 2014-10-19 12:35 - 00000000 ____D () C:\AdwCleaner 2014-10-19 12:10 - 2014-10-19 12:10 - 01976320 _____ () C:\Users\HP\Desktop\AdwCleaner_4.000.exe 2014-10-16 20:49 - 2014-10-16 20:49 - 00380416 _____ () C:\Users\HP\Downloads\Gmer-19357.exe 2014-10-16 20:38 - 2014-10-21 18:32 - 00000000 ____D () C:\FRST 2014-10-16 20:37 - 2014-10-20 21:59 - 01102336 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe 2014-10-16 20:33 - 2014-10-16 20:33 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe 2014-10-16 20:23 - 2014-10-16 20:23 - 00025600 ___SH () C:\Users\HP\Downloads\Thumbs.db 2014-10-16 20:22 - 2014-10-16 20:22 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-10-16 20:14 - 2014-10-16 20:14 - 00512504 _____ () C:\Windows\Minidump\101614-12000-01.dmp 2014-10-12 15:32 - 2014-10-19 11:55 - 00001120 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk 2014-10-12 15:22 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-10-12 15:22 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-10-12 15:04 - 2014-10-12 15:04 - 00523208 _____ () C:\Windows\Minidump\101214-22593-01.dmp 2014-10-12 14:32 - 2014-10-20 19:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-12 14:31 - 2014-10-20 19:35 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-12 14:29 - 2013-11-09 07:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe 2014-10-12 14:29 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll 2014-10-12 14:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-10-12 14:07 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-10-12 14:07 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-10-12 14:06 - 2014-10-12 14:19 - 00000000 ____D () C:\ProgramData\OnlineArmor 2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OnlineArmor 2014-10-12 14:03 - 2014-10-19 12:33 - 00000000 ____D () C:\Windows\Minidump 2014-10-12 14:03 - 2014-10-12 14:03 - 00606936 _____ () C:\Windows\Minidump\101214-26781-01.dmp 2014-10-12 14:03 - 2014-10-12 14:03 - 00003358 _____ () C:\EamClean.log 2014-10-12 13:58 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\EurekaLab s.a.s 2014-10-12 13:52 - 2014-10-19 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor 2014-10-12 13:52 - 2014-10-19 13:34 - 00000000 ____D () C:\Program Files\Online Armor 2014-10-12 13:52 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys 2014-10-12 13:48 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-10-12 13:46 - 2014-10-12 13:48 - 10696960 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\OnlineArmorSetup.exe 2014-10-12 13:33 - 2014-10-12 13:33 - 00001067 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-10-12 13:33 - 2014-10-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-10-12 13:32 - 2014-10-21 18:23 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-10-12 13:15 - 2014-10-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\ap_movie 2014-10-12 13:14 - 2014-10-12 13:14 - 00612126 _____ (CMI Limited) C:\Users\HP\AppData\Local\nsb44F.tmp 2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Xunlei 2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Thunder Network 2014-10-12 13:07 - 2014-10-12 13:10 - 163265680 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\EmsisoftAntiMalwareSetup.exe 2014-10-12 13:02 - 2014-10-16 18:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-10-12 13:02 - 2014-10-16 18:46 - 00000000 ____D () C:\Program Files\Opera 2014-10-12 13:02 - 2014-10-12 13:02 - 00001111 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Opera Software 2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Opera Software 2014-10-12 13:01 - 2014-10-12 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf 2014-10-12 13:00 - 2014-10-12 13:00 - 00873960 _____ (Opera Software) C:\Users\HP\Desktop\opera-23.0.1522.77-multi.exe 2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia 2014-10-12 12:56 - 2014-09-22 08:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 18:28 - 2013-12-14 06:03 - 00853008 _____ () C:\Windows\system32\perfh010.dat 2014-10-21 18:28 - 2013-12-14 06:03 - 00206332 _____ () C:\Windows\system32\perfc010.dat 2014-10-21 18:28 - 2013-12-13 22:46 - 00005468 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-21 18:25 - 2014-04-10 06:45 - 01159712 _____ () C:\Windows\WindowsUpdate.log 2014-10-21 18:22 - 2013-12-13 22:30 - 00028176 _____ () C:\Windows\PFRO.log 2014-10-21 18:22 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-21 18:22 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-21 18:02 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru 2014-10-20 21:20 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-20 20:48 - 2013-08-22 09:22 - 00333576 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-20 20:45 - 2013-12-14 06:03 - 00000000 ____D () C:\Windows\it-IT 2014-10-20 20:45 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\de-DE 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sk-SK 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\lv-LV 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ko-KR 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\it-IT 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\hr-HR 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\et-EE 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\en-GB 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\el-GR 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE 2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-20 20:44 - 2013-12-14 06:03 - 00000000 ____D () C:\Windows\system32\Drivers\it-IT 2014-10-20 20:44 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-TW 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-CN 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\uk-UA 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\th-TH 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sv-SE 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sl-SI 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ru-RU 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ro-RO 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pt-PT 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pt-BR 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nl-NL 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nb-NO 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\lt-LT 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ja-JP 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\hu-HU 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\he-IL 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fr-FR 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fi-FI 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\bg-BG 2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\FileManager 2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Camera 2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform 2014-10-20 20:14 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-20 20:13 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-20 18:17 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-19 12:22 - 2014-09-03 22:59 - 00001160 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-19 11:50 - 2013-08-22 15:08 - 00000000 ____D () C:\Program Files\Windows Journal 2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\winrm 2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\slmgr 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\IME 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender 2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\System 2014-10-19 11:49 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\system32\XPSViewer 2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\WCN 2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ___SD () C:\Windows\system32\dsc 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\MUI 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\Com 2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Help 2014-10-16 20:26 - 2014-09-03 22:59 - 00000000 ____D () C:\Users\HP 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-10-12 18:40 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-10-12 13:52 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\restore 2014-10-12 13:01 - 2013-08-22 09:23 - 00013554 _____ () C:\Windows\setupact.log 2014-10-12 12:57 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-12 12:42 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\LogFiles Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\Quarantine.exe C:\Users\HP\AppData\Local\Temp\yYKY0.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 18:19 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014 01
Ran by HP at 2014-10-21 18:33:15
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
20-10-2014 17:32:44 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {0FA9C72D-D3DC-41EA-AD12-0264A29FFF50} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2014-10-20] ()
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {1D4E5977-E467-459B-82E3-6C399289990D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-20] (Microsoft Corporation)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {515A8D55-B2DA-4DAC-A197-0B02F6DAE700} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2014-10-20] ()
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8F7FB3A6-5ECC-485E-B309-B4E99ABE21DD} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A02FE6A8-4963-4C7D-8D21-DC48FE3E517C} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {A1C0096D-7EF7-4283-9C87-611781AF8F49} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C37FC171-6AF7-4A02-9319-1AFF42F85373} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {DE636FF2-FD26-4241-9343-322918A02564} - System32\Tasks\Opera scheduled Autoupdate 1413111732 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
2014-10-12 13:32 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2013-11-27 22:20 - 2013-11-27 22:20 - 00011776 _____ () C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2565251152-1528942193-4253351456-500 - Administrator - Disabled)
Gast (S-1-5-21-2565251152-1528942193-4253351456-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2565251152-1528942193-4253351456-1003 - Limited - Enabled)
HP (S-1-5-21-2565251152-1528942193-4253351456-1001 - Administrator - Enabled) => C:\Users\HP
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/21/2014 06:22:47 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (10/21/2014 06:13:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 25.0.1614.50 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 10b8
Startzeit: 01cfed499db30e69
Endzeit: 60000
Anwendungspfad: C:\Program Files\Opera\25.0.1614.50\opera.exe
Berichts-ID: fdb77ce9-593c-11e4-9736-d850e69a5100
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/21/2014 05:58:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (10/20/2014 09:16:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (10/20/2014 09:01:00 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
System errors:
=============
Error: (10/21/2014 06:21:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv.dll
Error: (10/21/2014 06:21:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv.dll
Error: (10/21/2014 06:21:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst BrokerInfrastructure erreicht.
Error: (10/21/2014 06:21:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv.dll
Error: (10/21/2014 05:55:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (10/21/2014 05:55:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/21/2014 05:55:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/21/2014 05:55:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/21/2014 05:55:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ASUS HID Access Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/21/2014 05:55:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (10/21/2014 06:22:47 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (10/21/2014 06:13:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe25.0.1614.5010b801cfed499db30e6960000C:\Program Files\Opera\25.0.1614.50\opera.exefdb77ce9-593c-11e4-9736-d850e69a5100
Error: (10/21/2014 05:58:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (10/20/2014 09:16:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (10/20/2014 09:01:00 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000
CodeIntegrity Errors:
===================================
Date: 2014-10-19 12:01:34.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:33.470
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:32.673
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:31.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:30.798
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:29.142
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:28.517
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:27.329
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 12:01:25.829
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2014-10-19 10:34:51.843
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\HP\AppData\Local\Temp\uxtiiuow.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 42%
Total physical RAM: 1933.15 MB
Available physical RAM: 1106.09 MB
Total Pagefile: 3917.15 MB
Available Pagefile: 2529.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.96 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:28.22 GB) (Free:9.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 67B602CA)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter Users shortcut scan result (x86) Version: 20-10-2014 01 Ran by HP at 2014-10-21 18:33:51 Running from C:\Users\HP\Desktop Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk -> C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor\Online Armor deinstallieren.lnk -> C:\Program Files\Online Armor\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor\Online Armor.lnk -> C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files\ Malwarebytes Anti-Malware \unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Deinstallieren.lnk -> C:\Program Files\Emsisoft Anti-Malware\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Anti-Malware.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Emsisoft GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Homepage.lnk -> C:\Program Files\Emsisoft Anti-Malware\Emsisoft.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Hilfe.lnk -> C:\Program Files\Emsisoft Anti-Malware\de-de.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Live Update.Lnk -> C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS On-Screen Display.lnk -> C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSDMgr.exe (ASUSTek Computer Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WinFlash.Lnk -> C:\Program Files\ASUS\WinFlash\WinFlash.exe (ASUSTek Computer Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WebStorage\WebStorage.lnk -> C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe (ASUS Cloud Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources.lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\HP\Links\Desktop.lnk -> C:\Users\HP\Desktop () Shortcut: C:\Users\HP\Links\Downloads.lnk -> C:\Users\HP\Downloads () Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Emsisoft Anti-Malware.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Emsisoft GmbH) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Emsisoft GmbH) Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office15\FIRSTRUN.EXE (Microsoft Corporation) -> /OEM ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D} ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} InternetURL: C:\Users\HP\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142 InternetURL: C:\Users\HP\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/ InternetURL: C:\Users\HP\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/ InternetURL: C:\Users\HP\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://support.asus.com/download InternetURL: C:\Users\HP\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://support.asus.com/ ==================== End of log ============================= |
|
22.10.2014, 13:06
| #9 |
| /// TB-Ausbilder | Opera leitet zu anderen Seiten .... OnlineArmor ggf. nochmal deinstallieren und neu installieren.  Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
22.10.2014, 17:45
| #10 |
| | Opera leitet zu anderen Seiten .... Hallo Matthias, danke ist jetzt alles OK ;-) Hab nur noch eine Frage. Ich habe da noch einiges in Quarantäne. Kann ich das bedenkenlos löschen. Das file hab ich im ersten Post mit angehängt. Grüße, Ihr wart wieder mal meine letzte Rettung. Sabine99 |
|
22.10.2014, 19:37
| #11 |
| /// TB-Ausbilder | Opera leitet zu anderen Seiten .... Servus, ja die Dinge in der Qurantäne kannst du löschen. Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
und 
und speichere die Logdatei auf Deinem Desktop.
Hybrid-Darstellung
