![]() |
|
Log-Analyse und Auswertung: Opera leitet zu anderen Seiten ....Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Opera leitet zu anderen Seiten .... Hallo, ich habe mich wohl bei der Einrichtung eines neuen Note books (als ich die fire wall installieren wollte) verklickt und habe jetzt den Salat. IE geht übrigens gar nicht mehr. Der Emsisoft webshield is inaktiv und ich kann ihn auch nicht installieren. Anbei alle files. Bei GMER gabs diverse Fehlermeldungen und abschließend die Meldung (Sinngemäß) dass, das System nicht verändert wurde. Ich hoffe, das passt so alles Danke im Voraus für die Hilfe. ![]() Sabine99 1. Quarantäne: Code:
ATTFilter Emsisoft Anti-Malware v. 9.0.0.4570 (C) 2003-2014 Emsisoft - www.emsisoft.com ID Object 0 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 1 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} erkannt: Application.AdShort (A) 2 C:\Program Files\SearchProtect\Main\bin\SPTool.dll erkannt: Adware.SearchProtect.O (B) 3 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} erkannt: Application.AdShort (A) 4 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 5 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 6 C:\ProgramData\IePluginServices\PluginService.exe erkannt: Adware.Agent.OML (B) 7 Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK erkannt: Application.InstallAd (A) 8 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 9 C:\Users\HP\AppData\Roaming\IO.exe erkannt: Gen:Variant.Adware.Kazy.433849 (B) 10 C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe erkannt: Application.Win32.AdConnect (A) 11 Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT erkannt: Application.InstallAd (A) 12 C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe erkannt: Gen:Variant.Adware.Plush.1 (B) 13 C:\Program Files\SearchProtect\UI\bin\cltmngui.exe erkannt: Adware.SearchProtect.O (B) 14 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 15 C:\ProgramData\IePluginServices erkannt: Application.AdPlug (A) 16 C:\Users\HP\AppData\Roaming\LookThisUp\LookThisUp.exe erkannt: Adware.Agent.OMN (B) 17 C:\Users\HP\AppData\Roaming\SupTab erkannt: Application.AdShort (A) 18 C:\Program Files\Searchprotect erkannt: Application.AppInstall (A) 19 C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe erkannt: Gen:Variant.Adware.Plush.1 (B) 20 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 21 Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} erkannt: Application.AdShort (A) 22 C:\Program Files\ver7SpeedChecker\x86\TandemRunner.exe erkannt: Gen:Variant.Adware.Kazy.367484 (B) 23 C:\Users\HP\AppData\Roaming\QMXKNTZD.exe erkannt: Gen:Variant.Adware.Plush.1 (B) 24 C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe erkannt: Application.Toolbar (A) 25 C:\Users\HP\AppData\Local\ConvertAd\ConvertAd.exe erkannt: Application.Generic.833997 (B) 26 C:\Windows\System32\Drivers\ttnfd.sys erkannt: Adware.Vitruvian.B (B) 27 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT erkannt: Application.AdProtect (A) 28 C:\Program Files\SupTab erkannt: Application.AdShort (A) 29 C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll erkannt: Application.Win32.SProtect (A) 30 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 31 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 32 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 33 C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe erkannt: Trojan.Generic.11889143 (B) 34 C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll erkannt: Application.Win32.AdConnect (A) 35 C:\Program Files\ORBTR\Orbt.ext erkannt: Application.Toolbar (A) 36 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32LOADER.DLL erkannt: Application.BrowserExt (A) 37 Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP erkannt: Application.InstallTab (A) 38 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 39 C:\Program Files\AnyProtectEx erkannt: Application.AdProtect (A) 40 Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT erkannt: Application.InstallAd (A) 41 C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe erkannt: Adware.SearchProtect.O (B) 42 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE erkannt: Application.AdTool (A) 43 C:\Users\HP\AppData\Roaming\systweak erkannt: Application.AppInstall (A) 44 C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll erkannt: Adware.SearchProtect.O (B) 45 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 46 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\TUTOTAG erkannt: Adware.Win32.Ozore (A) 47 C:\Users\HP\AppData\Local\Searchprotect erkannt: Application.AppInstall (A) 48 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT erkannt: Application.InstallTab (A) 49 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS erkannt: Application.Win32.InstallAd (A) 50 C:\Program Files\Cinema-Plus-1.8cV12.10\WebSocket4Net.dll erkannt: Adware.SwiftBrowse.BW (B) 51 C:\Users\HP\Downloads\Setup.exe erkannt: Gen:Variant.Application.Bundler.20 (B) 52 C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe erkannt: Gen:Variant.Adware.Kazy.433849 (B) 53 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK erkannt: Application.InstallAd (A) 54 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 55 Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB erkannt: Application.AdShort (A) 56 Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} erkannt: Application.Win32.WSearch (A) 57 C:\Users\HP\Downloads\Setup v2 1.exe erkannt: Gen:Variant.Application.Bundler.20 (B) 58 Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} erkannt: Application.AdShort (A) 59 C:\Program Files\Cinema-Plus-1.8cV12.10\utils.exe erkannt: Behavior.AutorunCreation 60 C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B) 61 Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM erkannt: Application.AdSome (A) Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0 Letztes Update: 16.10.2014 18:27:48 Benutzerkonto: xxxxx\HP Scan Einstellungen: Scan Methode: Smart Scan Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\ PUPs-Erkennung: An Archiv Scan: Aus ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 16.10.2014 18:37:41 C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe gefunden: Adware.SearchProtect.O (B) C:\Users\HP\AppData\Roaming\systweak gefunden: Application.AppInstall (A) Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CLTMNGSVC gefunden: Application.AdServ (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK gefunden: Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK gefunden: Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE gefunden: Application.AdTool (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM gefunden: Application.AdSome (A) C:\Users\HP\AppData\Roaming\SupTab gefunden: Application.AdShort (A) C:\Program Files\SupTab gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB gefunden: Application.AdShort (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT gefunden: Application.AdProtect (A) C:\ProgramData\IePluginServices gefunden: Application.AdPlug (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP gefunden: Application.InstallTab (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT gefunden: Application.InstallTab (A) C:\Program Files\Searchprotect gefunden: Application.AppInstall (A) C:\Users\HP\AppData\Local\Searchprotect gefunden: Application.AppInstall (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS gefunden: Application.Win32.InstallAd (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} gefunden: Application.Win32.WSearch (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT gefunden: Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT gefunden: Application.InstallAd (A) C:\Program Files\ORBTR\Orbt.ext gefunden: Application.Toolbar (A) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe gefunden: Adware.SearchProtect.O (B) C:\Program Files\SearchProtect\Main\bin\SPTool.dll gefunden: Adware.SearchProtect.O (B) C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe gefunden: Application.Win32.AdConnect (A) C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll gefunden: Application.Win32.SProtect (A) C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll gefunden: Adware.SearchProtect.O (B) C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll gefunden: Application.Win32.AdConnect (A) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe gefunden: Adware.SearchProtect.O (B) Gescannt 186859 Gefunden 32 Scan Ende: 16.10.2014 19:13:03 Scan Zeit: 0:35:22 C:\Program Files\SearchProtect\UI\bin\cltmngui.exe Quarantäne Adware.SearchProtect.O (B) C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll Quarantäne Application.Win32.AdConnect (A) C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll Quarantäne Adware.SearchProtect.O (B) C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll Quarantäne Application.Win32.SProtect (A) C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe Quarantäne Application.Win32.AdConnect (A) C:\Program Files\SearchProtect\Main\bin\SPTool.dll Quarantäne Adware.SearchProtect.O (B) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe Quarantäne Adware.SearchProtect.O (B) C:\Program Files\ORBTR\Orbt.ext Quarantäne Application.Toolbar (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT Quarantäne Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT Quarantäne Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Quarantäne Application.Win32.WSearch (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS Quarantäne Application.Win32.InstallAd (A) C:\Users\HP\AppData\Local\Searchprotect Quarantäne Application.AppInstall (A) C:\Program Files\Searchprotect Quarantäne Application.AppInstall (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT Quarantäne Application.InstallTab (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP Quarantäne Application.InstallTab (A) C:\ProgramData\IePluginServices Quarantäne Application.AdPlug (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT Quarantäne Application.AdProtect (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB Quarantäne Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Quarantäne Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Quarantäne Application.AdShort (A) C:\Program Files\SupTab Quarantäne Application.AdShort (A) C:\Users\HP\AppData\Roaming\SupTab Quarantäne Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM Quarantäne Application.AdSome (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Quarantäne Application.AdShort (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Quarantäne Application.AdShort (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE Quarantäne Application.AdTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK Quarantäne Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK Quarantäne Application.InstallAd (A) C:\Users\HP\AppData\Roaming\systweak Quarantäne Application.AppInstall (A) Quarantäne 30 Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:34 on 16/10/2014 (HP) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2014 Ran by HP (administrator) on xxx on 16-10-2014 20:38:28 Running from C:\Users\HP\Downloads Loaded Profile: HP (Available profiles: HP) Platform: Microsoft Windows 8.1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe (ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Cinema PlusV12.10) C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe () C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x86__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe (Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe () C:\Program Files\Opera\25.0.1614.50\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe (Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe (Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe (Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe (Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe (Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.) HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] () HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation) HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor) HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4873248 2014-10-14] (Emsisoft GmbH) HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2565251152-1528942193-4253351456-1001\...\Run: [InetStat] => C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe [700430 2014-10-12] () ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:50415;https=127.0.0.1:50415 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=F5EB1EE6-65C8-4354-9BC2-A6EC74BD2B0E&SearchSource=55&CUI=&UM=6&UP=SP69664532-4D64-4A2F-B262-AAA7B97E7988&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO: Cinema-Plus-1.8cV12.10 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-bho.dll (Cinema PlusV12.10) ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF HKCU\...\Firefox\Extensions: [{BD671362-7905-03FA-24A6-403C5083D562}] - C:\Program Files\ver7SpeedChecker\180.xpi FF Extension: SpeedChecker - C:\Program Files\ver7SpeedChecker\180.xpi [2014-10-12] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH) R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.) R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.) R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed] R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-10] (Broadcom Corporation.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation) S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-12] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-12] (globalUpdate) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation) R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation) R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH) R2 Orbiter; C:/Program Files/ORBTR/orbiter.dll [492496 2014-10-12] (Client Connect LTD) S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation) S2 servervo; C:\Users\HP\AppData\Roaming\VOPackage\VOsrv.exe [70144 2014-10-12] () [File not signed] R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation) S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation) S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-12-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS) R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation) R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.) R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation) R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-10] (Broadcom Corp) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation) R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation) S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-10] (Broadcom Corporation.) R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-10] (Broadcom Corporation.) R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.) R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation) R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation) R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation) R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation) R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS) R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation) R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation) S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation) S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation) R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation) R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation) R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation) S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation) R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] () R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] () R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft) R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft) R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation) R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation) R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [50312 2014-10-12] (Corsica) R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) U0 msahci; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-16 20:38 - 2014-10-16 20:38 - 00016930 _____ () C:\Users\HP\Downloads\FRST.txt 2014-10-16 20:38 - 2014-10-16 20:38 - 00000000 ____D () C:\FRST 2014-10-16 20:37 - 2014-10-16 20:37 - 01102848 _____ (Farbar) C:\Users\HP\Downloads\FRST.exe 2014-10-16 20:34 - 2014-10-16 20:34 - 00000466 _____ () C:\Users\HP\Downloads\defogger_disable.log 2014-10-16 20:33 - 2014-10-16 20:33 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe 2014-10-16 20:23 - 2014-10-16 20:23 - 00025600 ___SH () C:\Users\HP\Downloads\Thumbs.db 2014-10-16 20:22 - 2014-10-16 20:22 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-10-16 20:14 - 2014-10-16 20:14 - 00512504 _____ () C:\Windows\Minidump\101614-12000-01.dmp 2014-10-12 15:32 - 2014-10-12 18:49 - 00001120 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk 2014-10-12 15:22 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-10-12 15:22 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-10-12 15:04 - 2014-10-12 15:04 - 00523208 _____ () C:\Windows\Minidump\101214-22593-01.dmp 2014-10-12 14:32 - 2014-10-12 14:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-12 14:31 - 2014-08-29 13:01 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-12 14:29 - 2013-11-09 07:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe 2014-10-12 14:29 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll 2014-10-12 14:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-10-12 14:07 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-10-12 14:07 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-10-12 14:06 - 2014-10-12 14:19 - 00000000 ____D () C:\ProgramData\OnlineArmor 2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OnlineArmor 2014-10-12 14:03 - 2014-10-16 20:14 - 00000000 ____D () C:\Windows\Minidump 2014-10-12 14:03 - 2014-10-12 14:03 - 00606936 _____ () C:\Windows\Minidump\101214-26781-01.dmp 2014-10-12 14:03 - 2014-10-12 14:03 - 00003358 _____ () C:\EamClean.log 2014-10-12 13:58 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\EurekaLab s.a.s 2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor 2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\Program Files\Online Armor 2014-10-12 13:52 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys 2014-10-12 13:52 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys 2014-10-12 13:48 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-10-12 13:46 - 2014-10-12 13:48 - 10696960 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\OnlineArmorSetup.exe 2014-10-12 13:33 - 2014-10-12 13:33 - 00001067 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-10-12 13:33 - 2014-10-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-10-12 13:32 - 2014-10-16 20:30 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-10-12 13:19 - 2014-10-12 13:19 - 00001128 _____ () C:\Users\HP\Desktop\Continue Live Installation.lnk 2014-10-12 13:16 - 2014-10-12 14:03 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-10-12 13:16 - 2014-10-12 14:03 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-10-12 13:16 - 2014-10-12 13:42 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-10-12 13:16 - 2014-10-12 13:16 - 00000000 ____D () C:\Users\HP\AppData\Roaming\AnyProtectEx 2014-10-12 13:15 - 2014-10-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\ap_movie 2014-10-12 13:14 - 2014-10-12 13:14 - 00612126 _____ (CMI Limited) C:\Users\HP\AppData\Local\nsb44F.tmp 2014-10-12 13:13 - 2014-10-12 16:01 - 00000000 ____D () C:\Users\HP\AppData\Local\ConvertAd 2014-10-12 13:13 - 2014-10-12 13:51 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-10-12 13:12 - 2014-10-12 14:03 - 00000000 ____D () C:\Users\HP\AppData\Local\mbot_de_145 2014-10-12 13:12 - 2014-10-12 14:03 - 00000000 ____D () C:\Program Files\mbot_de_145 2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\Users\HP\AppData\Roaming\sweet-page 2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY 2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\Program Files\TermTutor 2014-10-12 13:12 - 2014-08-29 17:02 - 00018248 _____ () C:\Windows\system32\roboot.exe 2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Xunlei 2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Thunder Network 2014-10-12 13:07 - 2014-10-12 13:10 - 163265680 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\EmsisoftAntiMalwareSetup.exe 2014-10-12 13:04 - 2014-10-16 20:27 - 00002440 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user.job 2014-10-12 13:04 - 2014-10-16 20:27 - 00002440 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.job 2014-10-12 13:03 - 2014-10-16 20:27 - 00005178 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.job 2014-10-12 13:03 - 2014-10-16 20:27 - 00004488 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.job 2014-10-12 13:03 - 2014-10-16 20:27 - 00003464 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.job 2014-10-12 13:03 - 2014-10-16 20:27 - 00003126 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1.job 2014-10-12 13:03 - 2014-10-16 20:27 - 00002104 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.job 2014-10-12 13:03 - 2014-10-16 20:27 - 00001684 _____ () C:\Windows\Tasks\QMXKNTZD.job 2014-10-12 13:03 - 2014-10-16 20:27 - 00001454 _____ () C:\Windows\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.job 2014-10-12 13:03 - 2014-10-16 20:27 - 00001328 _____ () C:\Windows\Tasks\IO.job 2014-10-12 13:03 - 2014-10-16 20:27 - 00000962 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-10-12 13:03 - 2014-10-16 20:27 - 00000644 _____ () C:\Windows\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.job 2014-10-12 13:03 - 2014-10-16 19:21 - 00000000 ____D () C:\Program Files\Cinema-Plus-1.8cV12.10 2014-10-12 13:03 - 2014-10-16 19:08 - 00000966 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-10-12 13:03 - 2014-10-12 13:03 - 00000000 ____D () C:\Users\HP\AppData\Local\globalUpdate 2014-10-12 13:03 - 2014-10-12 13:03 - 00000000 ____D () C:\Program Files\globalUpdate 2014-10-12 13:02 - 2014-10-16 18:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-10-12 13:02 - 2014-10-16 18:46 - 00000000 ____D () C:\Program Files\Opera 2014-10-12 13:02 - 2014-10-12 13:02 - 00001111 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Opera Software 2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Opera Software 2014-10-12 13:01 - 2014-10-16 20:27 - 00000404 _____ () C:\Windows\Tasks\SpeedChecker Update.job 2014-10-12 13:01 - 2014-10-12 14:03 - 00000000 ____D () C:\Program Files\ver7SpeedChecker 2014-10-12 13:01 - 2014-10-12 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf 2014-10-12 13:01 - 2014-10-12 13:00 - 00050312 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys 2014-10-12 13:00 - 2014-10-16 20:14 - 00000000 ____D () C:\Program Files\ORBTR 2014-10-12 13:00 - 2014-10-12 18:49 - 00000000 ____D () C:\Users\HP\AppData\Roaming\LookThisUp 2014-10-12 13:00 - 2014-10-12 13:01 - 00000000 ____D () C:\Users\HP\AppData\Roaming\VOPackage 2014-10-12 13:00 - 2014-10-12 13:00 - 00873960 _____ (Opera Software) C:\Users\HP\Desktop\opera-23.0.1522.77-multi.exe 2014-10-12 13:00 - 2014-10-12 13:00 - 00001040 _____ () C:\Users\HP\Desktop\FLVM Player.lnk 2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat 2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player 2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia 2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\InetStat 2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Program Files\FLVM Player 2014-10-12 12:56 - 2014-09-22 08:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-16 20:38 - 2014-04-10 06:45 - 01418876 _____ () C:\Windows\WindowsUpdate.log 2014-10-16 20:37 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru 2014-10-16 20:34 - 2013-12-14 06:09 - 00810620 _____ () C:\Windows\system32\perfh013.dat 2014-10-16 20:34 - 2013-12-14 06:09 - 00172722 _____ () C:\Windows\system32\perfc013.dat 2014-10-16 20:34 - 2013-12-14 06:03 - 00806368 _____ () C:\Windows\system32\perfh010.dat 2014-10-16 20:34 - 2013-12-14 06:03 - 00166812 _____ () C:\Windows\system32\perfc010.dat 2014-10-16 20:34 - 2013-12-13 22:46 - 00005552 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-16 20:27 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-16 20:26 - 2014-09-03 22:59 - 00000000 ____D () C:\Users\HP 2014-10-16 20:26 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-16 18:22 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-16 18:20 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-12 19:09 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-12 18:42 - 2013-08-22 09:22 - 00333576 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nl-NL 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\it-IT 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fr-FR 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\en-GB 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\FileManager 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Camera 2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender 2014-10-12 18:28 - 2013-12-13 22:30 - 00017120 _____ () C:\Windows\PFRO.log 2014-10-12 17:35 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-10-12 17:32 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-12 13:52 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\restore 2014-10-12 13:12 - 2014-09-03 22:59 - 00001634 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-12 13:01 - 2013-08-22 09:23 - 00013554 _____ () C:\Windows\setupact.log 2014-10-12 12:57 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-12 12:42 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\LogFiles Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\dlLogic.exe C:\Users\HP\AppData\Local\Temp\hAUK6.exe C:\Users\HP\AppData\Local\Temp\spstub.exe C:\Users\HP\AppData\Local\Temp\yYKY0.dll C:\Users\HP\AppData\Local\Temp\yYKY0.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 18:19 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2014 Ran by HP at 2014-10-16 20:39:32 Running from C:\Users\HP\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367} FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS) ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS) ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS) ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation) Cinema-Plus-1.8cV12.10 (HKLM\...\Cinema-Plus-1.8cV12.10) (Version: 1.35.9.29 - Cinema PlusV12.10) <==== ATTENTION ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH) FLV Player (remove only) (HKLM\...\FLVM Player) (Version: - ) InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden LookThisUp (HKLM\...\LookThisUp) (Version: 1.0.2 - LookThisUp) <==== ATTENTION Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden MyBestOffersToday 014.145 (HKLM\...\mbot_de_145_is1) (Version: - MYBESTOFFERSTODAY) <==== ATTENTION Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH) Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA) Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.) Remote Desktop Access (VuuPC) (HKLM\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION SpeedChecker (HKLM\...\6AD17EF9-640F-1903-11A0-44AC17BAE75D) (Version: - SpeedChecker-software) sweet-page uninstall (HKLM\...\sweet-page uninstall) (Version: - sweet-page) <==== ATTENTION Term Tutor (HKLM\...\TermTutor) (Version: 1.9.0.8 - Term Tutor) <==== ATTENTION WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation) Windows Driver Package - ASUS (AsusHID) Mouse (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS) WindowsMangerProtect20.0.0.1013 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 16-10-2014 18:26:12 Online Armor Installation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {01F6C3F9-2D4E-4526-A979-99B3FB5866FA} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {0FA9C72D-D3DC-41EA-AD12-0264A29FFF50} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2014-10-16] () Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {2A64602B-1AB0-4966-A010-7EC9473A882C} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {39BA0FD9-2114-4ED8-921F-A9057E98625F} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12] (globalUpdate) <==== ATTENTION Task: {3FECD40E-4E31-483F-932C-D023C75AE79D} - System32\Tasks\SpeedChecker Update => C:\Program Files\ver7SpeedChecker\R3SpeedCheckerK00.exe Task: {40D51E4E-BC10-4EEC-9D41-E6C3791B1CE8} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {504A0D58-B71A-4F9A-826E-CABA60988E0C} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {515A8D55-B2DA-4DAC-A197-0B02F6DAE700} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2014-10-16] () Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {61A1EED5-DBB1-4606-8B71-4229B497EC59} - System32\Tasks\QMXKNTZD => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410} - System32\Tasks\IO => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {7DD4B446-71BA-473E-9D44-5D9CCD6DF0F4} - System32\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef => C:\Program Files\Cinema-Plus-1.8cV12.10\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.exe [2014-10-12] () <==== ATTENTION Task: {81F9A0F3-DD82-46EB-8283-D37283B19EB5} - System32\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb => C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {8F7FB3A6-5ECC-485E-B309-B4E99ABE21DD} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] () Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {958671CB-F534-4A06-A0AC-9565F9886742} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12] (globalUpdate) <==== ATTENTION Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {A02FE6A8-4963-4C7D-8D21-DC48FE3E517C} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.) Task: {A1C0096D-7EF7-4283-9C87-611781AF8F49} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.) Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {C2961EE8-2DC4-4C84-B990-0D3D66B1293C} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1 => C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-codedownloader.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION Task: {C37FC171-6AF7-4A02-9319-1AFF42F85373} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek) Task: {C4D658BC-D800-4DC5-86D9-71A9BE88EB07} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe <==== ATTENTION Task: {C75D7376-34AE-446F-B87B-38A67BA4C903} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe <==== ATTENTION Task: {C9B5E220-D559-42F8-8DD9-485DBCCEEC7D} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe <==== ATTENTION Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {D50C998C-6979-4EAC-8606-D27001B758F6} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {DE636FF2-FD26-4241-9343-322918A02564} - System32\Tasks\Opera scheduled Autoupdate 1413111732 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software) Task: {E4116737-A8D3-478F-A8F6-5E3BE3DEB570} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {E54ECCE2-55E3-4510-98CE-747AE04FEC2A} - System32\Tasks\ASP => C:\Program Files\RCP\systweakasp.exe Task: {F77DFB67-F295-4A1F-AAED-A3B51A1C301F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation) Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.job => C:\Program Files\Cinema-Plus-1.8cV12.10\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.exe <==== ATTENTION Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1.job => C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe <==== ATTENTION Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.exe <==== ATTENTION Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe <==== ATTENTION Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe <==== ATTENTION Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe <==== ATTENTION Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe <==== ATTENTION Task: C:\Windows\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.job => C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\IO.job => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION Task: C:\Windows\Tasks\QMXKNTZD.job => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION Task: C:\Windows\Tasks\SpeedChecker Update.job => C:\Program Files\ver7SpeedChecker\R3SpeedCheckerK00.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-12 13:32 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll 2014-10-12 13:00 - 2014-10-12 13:00 - 00700430 _____ () C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe 2014-10-16 18:46 - 2014-10-15 11:33 - 00156792 _____ () C:\Program Files\Opera\25.0.1614.50\message_center_win8.dll 2014-10-16 18:46 - 2014-10-15 11:33 - 00499832 _____ () C:\Program Files\Opera\25.0.1614.50\opera_crashreporter.exe 2014-10-16 18:46 - 2014-10-15 11:33 - 01310328 _____ () C:\Program Files\Opera\25.0.1614.50\libglesv2.dll 2014-10-16 18:46 - 2014-10-15 11:33 - 00219256 _____ () C:\Program Files\Opera\25.0.1614.50\libegl.dll 2014-10-16 18:46 - 2014-10-15 11:33 - 09218680 _____ () C:\Program Files\Opera\25.0.1614.50\pdf.dll 2014-10-16 18:46 - 2014-10-15 11:33 - 00991864 _____ () C:\Program Files\Opera\25.0.1614.50\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2565251152-1528942193-4253351456-500 - Administrator - Disabled) Gast (S-1-5-21-2565251152-1528942193-4253351456-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2565251152-1528942193-4253351456-1003 - Limited - Enabled) HP (S-1-5-21-2565251152-1528942193-4253351456-1001 - Administrator - Enabled) => C:\Users\HP ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (10/16/2014 08:33:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.16384, Zeitstempel: 0x52157231 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.16408, Zeitstempel: 0x523d45f1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00056436 ID des fehlerhaften Prozesses: 0x1270 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Vollständiger Name des fehlerhaften Pakets: iexplore.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: iexplore.exe5 Error: (10/16/2014 08:27:37 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running. Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. System errors: ============= Error: (10/16/2014 08:26:50 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (10/16/2014 08:14:23 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000009f (0x00000003, 0x86104030, 0x81e29b44, 0x853c2130)C:\Windows\MEMORY.DMP101614-12000-01 Error: (10/16/2014 08:14:22 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 16.10.2014 um 19:48:17 unerwartet heruntergefahren. Error: (10/16/2014 06:23:40 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (10/16/2014 06:20:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: microsoft.windowscommunicationsapps Error: (10/16/2014 06:20:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.BingHealthAndFitness Error: (10/16/2014 06:20:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.WindowsReadingList Error: (10/16/2014 06:20:16 PM) (Source: DCOM) (EventID: 10010) (User: xxxxx) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (10/16/2014 06:20:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.BingFoodAndDrink Error: (10/16/2014 06:20:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.Office.OneNote Microsoft Office Sessions: ========================= Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F2030000E5050000 Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance163707000000000000000000008F020000 Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance163707000000000000000000008F020000 Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance163707000000000000000000008F020000 Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance163707000000000000000000008F020000 Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance163707000000000000000000008F020000 Error: (10/16/2014 08:33:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.1638452157231ntdll.dll6.3.9600.16408523d45f1c000000500056436127001cfe96f980441cbC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle8db3f08-5562-11e4-972f-d850e69a5100 Error: (10/16/2014 08:27:37 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: ) Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running. Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F2030000E5050000 Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance163707000000000000000000008F020000 CodeIntegrity Errors: =================================== Date: 2014-10-16 18:22:30.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-16 18:22:29.901 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-16 18:22:28.729 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-16 18:22:28.057 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-16 18:22:27.244 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-16 18:22:26.650 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-16 18:22:25.900 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-16 18:22:25.275 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-16 18:22:24.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. Date: 2014-10-16 18:22:22.494 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz Percentage of memory in use: 73% Total physical RAM: 1933.15 MB Available physical RAM: 506.26 MB Total Pagefile: 3917.15 MB Available Pagefile: 1624.59 MB Total Virtual: 2047.88 MB Available Virtual: 1858.75 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:28.22 GB) (Free:10 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 29.1 GB) (Disk ID: 67B602CA) Partition: GPT Partition Type. ==================== End Of Log ============================ |