Opera leitet zu anderen Seiten ....

Sabine99 · 19.10.2014, 10:21

Hallo,
ich habe mich wohl bei der Einrichtung eines neuen Note books (als ich die fire wall installieren wollte) verklickt und habe jetzt den Salat.
IE geht übrigens gar nicht mehr. Der Emsisoft webshield is inaktiv und ich kann ihn auch nicht installieren.
Anbei alle files. Bei GMER gabs diverse Fehlermeldungen und abschließend die Meldung (Sinngemäß) dass, das System nicht verändert wurde. Ich hoffe, das passt so alles

Danke im Voraus für die Hilfe.

Sabine99

1. Quarantäne:

Code:

ATTFilter

Emsisoft Anti-Malware v. 9.0.0.4570
(C) 2003-2014 Emsisoft - www.emsisoft.com

ID   Object
0    C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
1    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} erkannt: Application.AdShort (A)
2    C:\Program Files\SearchProtect\Main\bin\SPTool.dll erkannt: Adware.SearchProtect.O (B)
3    Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} erkannt: Application.AdShort (A)
4    C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
5    C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
6    C:\ProgramData\IePluginServices\PluginService.exe erkannt: Adware.Agent.OML (B)
7    Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK erkannt: Application.InstallAd (A)
8    C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
9    C:\Users\HP\AppData\Roaming\IO.exe erkannt: Gen:Variant.Adware.Kazy.433849 (B)
10   C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe erkannt: Application.Win32.AdConnect (A)
11   Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT erkannt: Application.InstallAd (A)
12   C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe erkannt: Gen:Variant.Adware.Plush.1 (B)
13   C:\Program Files\SearchProtect\UI\bin\cltmngui.exe erkannt: Adware.SearchProtect.O (B)
14   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
15   C:\ProgramData\IePluginServices erkannt: Application.AdPlug (A)
16   C:\Users\HP\AppData\Roaming\LookThisUp\LookThisUp.exe erkannt: Adware.Agent.OMN (B)
17   C:\Users\HP\AppData\Roaming\SupTab erkannt: Application.AdShort (A)
18   C:\Program Files\Searchprotect erkannt: Application.AppInstall (A)
19   C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe erkannt: Gen:Variant.Adware.Plush.1 (B)
20   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
21   Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} erkannt: Application.AdShort (A)
22   C:\Program Files\ver7SpeedChecker\x86\TandemRunner.exe erkannt: Gen:Variant.Adware.Kazy.367484 (B)
23   C:\Users\HP\AppData\Roaming\QMXKNTZD.exe erkannt: Gen:Variant.Adware.Plush.1 (B)
24   C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe erkannt: Application.Toolbar (A)
25   C:\Users\HP\AppData\Local\ConvertAd\ConvertAd.exe erkannt: Application.Generic.833997 (B)
26   C:\Windows\System32\Drivers\ttnfd.sys erkannt: Adware.Vitruvian.B (B)
27   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT erkannt: Application.AdProtect (A)
28   C:\Program Files\SupTab erkannt: Application.AdShort (A)
29   C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll erkannt: Application.Win32.SProtect (A)
30   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
31   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
32   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
33   C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe erkannt: Trojan.Generic.11889143 (B)
34   C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll erkannt: Application.Win32.AdConnect (A)
35   C:\Program Files\ORBTR\Orbt.ext erkannt: Application.Toolbar (A)
36   C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32LOADER.DLL erkannt: Application.BrowserExt (A)
37   Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP erkannt: Application.InstallTab (A)
38   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
39   C:\Program Files\AnyProtectEx erkannt: Application.AdProtect (A)
40   Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT erkannt: Application.InstallAd (A)
41   C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe erkannt: Adware.SearchProtect.O (B)
42   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE erkannt: Application.AdTool (A)
43   C:\Users\HP\AppData\Roaming\systweak erkannt: Application.AppInstall (A)
44   C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll erkannt: Adware.SearchProtect.O (B)
45   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
46   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\TUTOTAG erkannt: Adware.Win32.Ozore (A)
47   C:\Users\HP\AppData\Local\Searchprotect erkannt: Application.AppInstall (A)
48   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT erkannt: Application.InstallTab (A)
49   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS erkannt: Application.Win32.InstallAd (A)
50   C:\Program Files\Cinema-Plus-1.8cV12.10\WebSocket4Net.dll erkannt: Adware.SwiftBrowse.BW (B)
51   C:\Users\HP\Downloads\Setup.exe erkannt: Gen:Variant.Application.Bundler.20 (B)
52   C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe erkannt: Gen:Variant.Adware.Kazy.433849 (B)
53   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK erkannt: Application.InstallAd (A)
54   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
55   Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB erkannt: Application.AdShort (A)
56   Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} erkannt: Application.Win32.WSearch (A)
57   C:\Users\HP\Downloads\Setup v2 1.exe erkannt: Gen:Variant.Application.Bundler.20 (B)
58   Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} erkannt: Application.AdShort (A)
59   C:\Program Files\Cinema-Plus-1.8cV12.10\utils.exe erkannt: Behavior.AutorunCreation
60   C:\Program Files\SupTab\WindowsSupportDll32.dll erkannt: Adware.Agent.OMM (B)
61   Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM erkannt: Application.AdSome (A)

2. letzter scan

Code:

ATTFilter

Emsisoft Anti-Malware - Version 9.0
Letztes Update: 16.10.2014 18:27:48
Benutzerkonto: xxxxx\HP

Scan Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\

PUPs-Erkennung: An
Archiv Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	16.10.2014 18:37:41
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe 	gefunden: Adware.SearchProtect.O (B)
C:\Users\HP\AppData\Roaming\systweak 	gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CLTMNGSVC 	gefunden: Application.AdServ (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK 	gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE 	gefunden: Application.AdTool (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM 	gefunden: Application.AdSome (A)
C:\Users\HP\AppData\Roaming\SupTab 	gefunden: Application.AdShort (A)
C:\Program Files\SupTab 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB 	gefunden: Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT 	gefunden: Application.AdProtect (A)
C:\ProgramData\IePluginServices 	gefunden: Application.AdPlug (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP 	gefunden: Application.InstallTab (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT 	gefunden: Application.InstallTab (A)
C:\Program Files\Searchprotect 	gefunden: Application.AppInstall (A)
C:\Users\HP\AppData\Local\Searchprotect 	gefunden: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} 	gefunden: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT 	gefunden: Application.InstallAd (A)
C:\Program Files\ORBTR\Orbt.ext 	gefunden: Application.Toolbar (A)
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe 	gefunden: Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\Main\bin\SPTool.dll 	gefunden: Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe 	gefunden: Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll 	gefunden: Application.Win32.SProtect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll 	gefunden: Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll 	gefunden: Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\UI\bin\cltmngui.exe 	gefunden: Adware.SearchProtect.O (B)

Gescannt	186859
Gefunden	32

Scan Ende:	16.10.2014 19:13:03
Scan Zeit:	0:35:22

C:\Program Files\SearchProtect\UI\bin\cltmngui.exe	Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll	Quarantäne Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll	Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll	Quarantäne Application.Win32.SProtect (A)
C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe	Quarantäne Application.Win32.AdConnect (A)
C:\Program Files\SearchProtect\Main\bin\SPTool.dll	Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe	Quarantäne Adware.SearchProtect.O (B)
C:\Program Files\ORBTR\Orbt.ext	Quarantäne Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SEARCHPROTECT	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}	Quarantäne Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS	Quarantäne Application.Win32.InstallAd (A)
C:\Users\HP\AppData\Local\Searchprotect	Quarantäne Application.AppInstall (A)
C:\Program Files\Searchprotect	Quarantäne Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SUPHPUISOFT	Quarantäne Application.InstallTab (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP	Quarantäne Application.InstallTab (A)
C:\ProgramData\IePluginServices	Quarantäne Application.AdPlug (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\ANYPROTECT	Quarantäne Application.AdProtect (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}	Quarantäne Application.AdShort (A)
C:\Program Files\SupTab	Quarantäne Application.AdShort (A)
C:\Users\HP\AppData\Roaming\SupTab	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM	Quarantäne Application.AdSome (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}	Quarantäne Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}	Quarantäne Application.AdShort (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\INSTALLCORE	Quarantäne Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2565251152-1528942193-4253351456-1001\SOFTWARE\SYSTWEAK	Quarantäne Application.InstallAd (A)
C:\Users\HP\AppData\Roaming\systweak	Quarantäne Application.AppInstall (A)

Quarantäne	30

3. defoggger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:34 on 16/10/2014 (HP)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

4. FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2014
Ran by HP (administrator) on xxx on 16-10-2014 20:38:28
Running from C:\Users\HP\Downloads
Loaded Profile: HP (Available profiles: HP)
Platform: Microsoft Windows 8.1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Cinema PlusV12.10) C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
() C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x86__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
() C:\Program Files\Opera\25.0.1614.50\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
(Opera Software) C:\Program Files\Opera\25.0.1614.50\opera.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4873248 2014-10-14] (Emsisoft GmbH)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2565251152-1528942193-4253351456-1001\...\Run: [InetStat] => C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe [700430 2014-10-12] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:50415;https=127.0.0.1:50415
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=F5EB1EE6-65C8-4354-9BC2-A6EC74BD2B0E&SearchSource=55&CUI=&UM=6&UP=SP69664532-4D64-4A2F-B262-AAA7B97E7988&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Cinema-Plus-1.8cV12.10 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-bho.dll (Cinema PlusV12.10)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF HKCU\...\Firefox\Extensions: [{BD671362-7905-03FA-24A6-403C5083D562}] - C:\Program Files\ver7SpeedChecker\180.xpi
FF Extension: SpeedChecker - C:\Program Files\ver7SpeedChecker\180.xpi [2014-10-12]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-10] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-12] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-12] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 Orbiter; C:/Program Files/ORBTR/orbiter.dll [492496 2014-10-12] (Client Connect LTD)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S2 servervo; C:\Users\HP\AppData\Roaming\VOPackage\VOsrv.exe [70144 2014-10-12] () [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-12-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-10] (Broadcom Corp)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-10] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-10] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [50312 2014-10-12] (Corsica)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 20:38 - 2014-10-16 20:38 - 00016930 _____ () C:\Users\HP\Downloads\FRST.txt
2014-10-16 20:38 - 2014-10-16 20:38 - 00000000 ____D () C:\FRST
2014-10-16 20:37 - 2014-10-16 20:37 - 01102848 _____ (Farbar) C:\Users\HP\Downloads\FRST.exe
2014-10-16 20:34 - 2014-10-16 20:34 - 00000466 _____ () C:\Users\HP\Downloads\defogger_disable.log
2014-10-16 20:33 - 2014-10-16 20:33 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe
2014-10-16 20:23 - 2014-10-16 20:23 - 00025600 ___SH () C:\Users\HP\Downloads\Thumbs.db
2014-10-16 20:22 - 2014-10-16 20:22 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-10-16 20:14 - 2014-10-16 20:14 - 00512504 _____ () C:\Windows\Minidump\101614-12000-01.dmp
2014-10-12 15:32 - 2014-10-12 18:49 - 00001120 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2014-10-12 15:22 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-12 15:22 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 15:04 - 2014-10-12 15:04 - 00523208 _____ () C:\Windows\Minidump\101214-22593-01.dmp
2014-10-12 14:32 - 2014-10-12 14:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-12 14:31 - 2014-08-29 13:01 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-10-12 14:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-12 14:07 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-12 14:07 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-12 14:06 - 2014-10-12 14:19 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OnlineArmor
2014-10-12 14:03 - 2014-10-16 20:14 - 00000000 ____D () C:\Windows\Minidump
2014-10-12 14:03 - 2014-10-12 14:03 - 00606936 _____ () C:\Windows\Minidump\101214-26781-01.dmp
2014-10-12 14:03 - 2014-10-12 14:03 - 00003358 _____ () C:\EamClean.log
2014-10-12 13:58 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\EurekaLab s.a.s
2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\Program Files\Online Armor
2014-10-12 13:52 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-10-12 13:48 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-12 13:46 - 2014-10-12 13:48 - 10696960 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\OnlineArmorSetup.exe
2014-10-12 13:33 - 2014-10-12 13:33 - 00001067 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-12 13:33 - 2014-10-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-12 13:32 - 2014-10-16 20:30 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-10-12 13:19 - 2014-10-12 13:19 - 00001128 _____ () C:\Users\HP\Desktop\Continue Live Installation.lnk
2014-10-12 13:16 - 2014-10-12 14:03 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-10-12 13:16 - 2014-10-12 14:03 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-10-12 13:16 - 2014-10-12 13:42 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-10-12 13:16 - 2014-10-12 13:16 - 00000000 ____D () C:\Users\HP\AppData\Roaming\AnyProtectEx
2014-10-12 13:15 - 2014-10-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\ap_movie
2014-10-12 13:14 - 2014-10-12 13:14 - 00612126 _____ (CMI Limited) C:\Users\HP\AppData\Local\nsb44F.tmp
2014-10-12 13:13 - 2014-10-12 16:01 - 00000000 ____D () C:\Users\HP\AppData\Local\ConvertAd
2014-10-12 13:13 - 2014-10-12 13:51 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-12 13:12 - 2014-10-12 14:03 - 00000000 ____D () C:\Users\HP\AppData\Local\mbot_de_145
2014-10-12 13:12 - 2014-10-12 14:03 - 00000000 ____D () C:\Program Files\mbot_de_145
2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\Users\HP\AppData\Roaming\sweet-page
2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-10-12 13:12 - 2014-10-12 13:12 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-12 13:12 - 2014-08-29 17:02 - 00018248 _____ () C:\Windows\system32\roboot.exe
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Xunlei
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-10-12 13:07 - 2014-10-12 13:10 - 163265680 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\EmsisoftAntiMalwareSetup.exe
2014-10-12 13:04 - 2014-10-16 20:27 - 00002440 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user.job
2014-10-12 13:04 - 2014-10-16 20:27 - 00002440 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00005178 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00004488 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00003464 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00003126 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00002104 _____ () C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00001684 _____ () C:\Windows\Tasks\QMXKNTZD.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00001454 _____ () C:\Windows\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00001328 _____ () C:\Windows\Tasks\IO.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00000962 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-12 13:03 - 2014-10-16 20:27 - 00000644 _____ () C:\Windows\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.job
2014-10-12 13:03 - 2014-10-16 19:21 - 00000000 ____D () C:\Program Files\Cinema-Plus-1.8cV12.10
2014-10-12 13:03 - 2014-10-16 19:08 - 00000966 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-12 13:03 - 2014-10-12 13:03 - 00000000 ____D () C:\Users\HP\AppData\Local\globalUpdate
2014-10-12 13:03 - 2014-10-12 13:03 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-12 13:02 - 2014-10-16 18:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-12 13:02 - 2014-10-16 18:46 - 00000000 ____D () C:\Program Files\Opera
2014-10-12 13:02 - 2014-10-12 13:02 - 00001111 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Opera Software
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Opera Software
2014-10-12 13:01 - 2014-10-16 20:27 - 00000404 _____ () C:\Windows\Tasks\SpeedChecker Update.job
2014-10-12 13:01 - 2014-10-12 14:03 - 00000000 ____D () C:\Program Files\ver7SpeedChecker
2014-10-12 13:01 - 2014-10-12 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-12 13:01 - 2014-10-12 13:00 - 00050312 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2014-10-12 13:00 - 2014-10-16 20:14 - 00000000 ____D () C:\Program Files\ORBTR
2014-10-12 13:00 - 2014-10-12 18:49 - 00000000 ____D () C:\Users\HP\AppData\Roaming\LookThisUp
2014-10-12 13:00 - 2014-10-12 13:01 - 00000000 ____D () C:\Users\HP\AppData\Roaming\VOPackage
2014-10-12 13:00 - 2014-10-12 13:00 - 00873960 _____ (Opera Software) C:\Users\HP\Desktop\opera-23.0.1522.77-multi.exe
2014-10-12 13:00 - 2014-10-12 13:00 - 00001040 _____ () C:\Users\HP\Desktop\FLVM Player.lnk
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\InetStat
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Program Files\FLVM Player
2014-10-12 12:56 - 2014-09-22 08:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 20:38 - 2014-04-10 06:45 - 01418876 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 20:37 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru
2014-10-16 20:34 - 2013-12-14 06:09 - 00810620 _____ () C:\Windows\system32\perfh013.dat
2014-10-16 20:34 - 2013-12-14 06:09 - 00172722 _____ () C:\Windows\system32\perfc013.dat
2014-10-16 20:34 - 2013-12-14 06:03 - 00806368 _____ () C:\Windows\system32\perfh010.dat
2014-10-16 20:34 - 2013-12-14 06:03 - 00166812 _____ () C:\Windows\system32\perfc010.dat
2014-10-16 20:34 - 2013-12-13 22:46 - 00005552 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 20:27 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 20:26 - 2014-09-03 22:59 - 00000000 ____D () C:\Users\HP
2014-10-16 20:26 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-16 18:22 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 18:20 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-12 19:09 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-12 18:42 - 2013-08-22 09:22 - 00333576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\FileManager
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Camera
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-12 18:28 - 2013-12-13 22:30 - 00017120 _____ () C:\Windows\PFRO.log
2014-10-12 17:35 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-12 17:32 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-12 13:52 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\restore
2014-10-12 13:12 - 2014-09-03 22:59 - 00001634 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-12 13:01 - 2013-08-22 09:23 - 00013554 _____ () C:\Windows\setupact.log
2014-10-12 12:57 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-12 12:42 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\LogFiles

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\dlLogic.exe
C:\Users\HP\AppData\Local\Temp\hAUK6.exe
C:\Users\HP\AppData\Local\Temp\spstub.exe
C:\Users\HP\AppData\Local\Temp\yYKY0.dll
C:\Users\HP\AppData\Local\Temp\yYKY0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 18:19

==================== End Of Log ============================

5. addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2014
Ran by HP at 2014-10-16 20:39:32
Running from C:\Users\HP\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
Cinema-Plus-1.8cV12.10 (HKLM\...\Cinema-Plus-1.8cV12.10) (Version: 1.35.9.29 - Cinema PlusV12.10) <==== ATTENTION
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
FLV Player (remove only) (HKLM\...\FLVM Player) (Version:  - )
InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
LookThisUp (HKLM\...\LookThisUp) (Version: 1.0.2 - LookThisUp) <==== ATTENTION
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
MyBestOffersToday 014.145 (HKLM\...\mbot_de_145_is1) (Version:  - MYBESTOFFERSTODAY) <==== ATTENTION
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
SpeedChecker (HKLM\...\6AD17EF9-640F-1903-11A0-44AC17BAE75D) (Version:  - SpeedChecker-software)
sweet-page uninstall (HKLM\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
Term Tutor (HKLM\...\TermTutor) (Version: 1.9.0.8 - Term Tutor) <==== ATTENTION
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse  (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS)
WindowsMangerProtect20.0.0.1013 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-10-2014 18:26:12 Online Armor Installation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01F6C3F9-2D4E-4526-A979-99B3FB5866FA} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {0FA9C72D-D3DC-41EA-AD12-0264A29FFF50} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2014-10-16] ()
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2A64602B-1AB0-4966-A010-7EC9473A882C} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {39BA0FD9-2114-4ED8-921F-A9057E98625F} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12] (globalUpdate) <==== ATTENTION
Task: {3FECD40E-4E31-483F-932C-D023C75AE79D} - System32\Tasks\SpeedChecker Update => C:\Program Files\ver7SpeedChecker\R3SpeedCheckerK00.exe
Task: {40D51E4E-BC10-4EEC-9D41-E6C3791B1CE8} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {504A0D58-B71A-4F9A-826E-CABA60988E0C} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {515A8D55-B2DA-4DAC-A197-0B02F6DAE700} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2014-10-16] ()
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {61A1EED5-DBB1-4606-8B71-4229B497EC59} - System32\Tasks\QMXKNTZD => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410} - System32\Tasks\IO => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {7DD4B446-71BA-473E-9D44-5D9CCD6DF0F4} - System32\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef => C:\Program Files\Cinema-Plus-1.8cV12.10\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.exe [2014-10-12] () <==== ATTENTION
Task: {81F9A0F3-DD82-46EB-8283-D37283B19EB5} - System32\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb => C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8F7FB3A6-5ECC-485E-B309-B4E99ABE21DD} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {958671CB-F534-4A06-A0AC-9565F9886742} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-12] (globalUpdate) <==== ATTENTION
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A02FE6A8-4963-4C7D-8D21-DC48FE3E517C} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {A1C0096D-7EF7-4283-9C87-611781AF8F49} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C2961EE8-2DC4-4C84-B990-0D3D66B1293C} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1 => C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-codedownloader.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {C37FC171-6AF7-4A02-9319-1AFF42F85373} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {C4D658BC-D800-4DC5-86D9-71A9BE88EB07} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe <==== ATTENTION
Task: {C75D7376-34AE-446F-B87B-38A67BA4C903} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe <==== ATTENTION
Task: {C9B5E220-D559-42F8-8DD9-485DBCCEEC7D} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4 => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe <==== ATTENTION
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D50C998C-6979-4EAC-8606-D27001B758F6} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {DE636FF2-FD26-4241-9343-322918A02564} - System32\Tasks\Opera scheduled Autoupdate 1413111732 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E4116737-A8D3-478F-A8F6-5E3BE3DEB570} - System32\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe [2014-10-12] (Cinema PlusV12.10) <==== ATTENTION
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E54ECCE2-55E3-4510-98CE-747AE04FEC2A} - System32\Tasks\ASP => C:\Program Files\RCP\systweakasp.exe
Task: {F77DFB67-F295-4A1F-AAED-A3B51A1C301F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.job => C:\Program Files\Cinema-Plus-1.8cV12.10\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1.job => C:\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user.job => C:\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.job => C:\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\IO.job => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: C:\Windows\Tasks\QMXKNTZD.job => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedChecker Update.job => C:\Program Files\ver7SpeedChecker\R3SpeedCheckerK00.exe

==================== Loaded Modules (whitelisted) =============

2014-10-12 13:32 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2014-10-12 13:00 - 2014-10-12 13:00 - 00700430 _____ () C:\Users\HP\AppData\Roaming\InetStat\inetstat.exe
2014-10-16 18:46 - 2014-10-15 11:33 - 00156792 _____ () C:\Program Files\Opera\25.0.1614.50\message_center_win8.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 00499832 _____ () C:\Program Files\Opera\25.0.1614.50\opera_crashreporter.exe
2014-10-16 18:46 - 2014-10-15 11:33 - 01310328 _____ () C:\Program Files\Opera\25.0.1614.50\libglesv2.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 00219256 _____ () C:\Program Files\Opera\25.0.1614.50\libegl.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 09218680 _____ () C:\Program Files\Opera\25.0.1614.50\pdf.dll
2014-10-16 18:46 - 2014-10-15 11:33 - 00991864 _____ () C:\Program Files\Opera\25.0.1614.50\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2565251152-1528942193-4253351456-500 - Administrator - Disabled)
Gast (S-1-5-21-2565251152-1528942193-4253351456-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2565251152-1528942193-4253351456-1003 - Limited - Enabled)
HP (S-1-5-21-2565251152-1528942193-4253351456-1001 - Administrator - Enabled) => C:\Users\HP

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/16/2014 08:33:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.16384, Zeitstempel: 0x52157231
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.16408, Zeitstempel: 0x523d45f1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056436
ID des fehlerhaften Prozesses: 0x1270
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Vollständiger Name des fehlerhaften Pakets: iexplore.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: iexplore.exe5

Error: (10/16/2014 08:27:37 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (10/16/2014 08:26:50 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (10/16/2014 08:14:23 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x86104030, 0x81e29b44, 0x853c2130)C:\Windows\MEMORY.DMP101614-12000-01

Error: (10/16/2014 08:14:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎10.‎2014 um 19:48:17 unerwartet heruntergefahren.

Error: (10/16/2014 06:23:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/16/2014 06:20:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: microsoft.windowscommunicationsapps

Error: (10/16/2014 06:20:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.BingHealthAndFitness

Error: (10/16/2014 06:20:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.WindowsReadingList

Error: (10/16/2014 06:20:16 PM) (Source: DCOM) (EventID: 10010) (User: xxxxx)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/16/2014 06:20:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.BingFoodAndDrink

Error: (10/16/2014 06:20:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: Microsoft.Office.OneNote


Microsoft Office Sessions:
=========================
Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/16/2014 08:34:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/16/2014 08:33:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1638452157231ntdll.dll6.3.9600.16408523d45f1c000000500056436127001cfe96f980441cbC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle8db3f08-5562-11e4-972f-d850e69a5100

Error: (10/16/2014 08:27:37 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (10/16/2014 08:19:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000


CodeIntegrity Errors:
===================================
  Date: 2014-10-16 18:22:30.322
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:29.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:28.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:28.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:27.244
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:26.650
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:25.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:25.275
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:24.322
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-16 18:22:22.494
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 73%
Total physical RAM: 1933.15 MB
Available physical RAM: 506.26 MB
Total Pagefile: 3917.15 MB
Available Pagefile: 1624.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1858.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:28.22 GB) (Free:10 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 67B602CA)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B · 19.10.2014, 10:57

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

Sabine99 · 19.10.2014, 13:06

Hallo Matthias,
anbei die gewünschten files. Durch den adware cleaner gab es 2 files. Ich hoffe mal, dass ich alles richtig gemacht hab.

Danke und Grüße
Sabine99

1. adwarecleaner (SO)

Code:

ATTFilter

# AdwCleaner v4.000 - Bericht erstellt am 19/10/2014 um 12:22:26
# DB v2014-10-17.9
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 8.1  (32 bits)
# Benutzername : HP - xxxxx
# Gestartet von : C:\Users\HP\Desktop\AdwCleaner_4.000.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : servervo

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\HP\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\HP\AppData\Local\ConvertAd
Ordner Gelöscht : C:\Program Files\FLVM Player
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Users\HP\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\LookThisUp
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Program Files\mbot_de_145
Ordner Gelöscht : C:\Users\HP\AppData\Local\mbot_de_145
Ordner Gelöscht : C:\Program Files\Cinema-Plus-1.8cV12.10
Ordner Gelöscht : C:\Program Files\ver7SpeedChecker
Datei Gelöscht : C:\Users\HP\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Windows\system32\roboot.exe

***** [ Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : ASP
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : SpeedChecker Update
Task Gelöscht : 5cd5570c-479e-4bff-8d71-1fe1ae5a96ef
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5
Task Gelöscht : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user
Task Gelöscht : 9723fcf9-7d34-4557-bf9d-5aaee05d2afb

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{BD671362-7905-03FA-24A6-403C5083D562}]
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611321185}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622322285}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655325585}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666326685}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644324485}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611321185}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611321185}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611321185}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\LookThisUp
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Cinema-Plus-1.8cV12.10
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Cinema-Plus-1.8cV12.10
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLVM Player
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LookThisUp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_145_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cinema-Plus-1.8cV12.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6AD17EF9-640F-1903-11A0-44AC17BAE75D

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16384

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

*************************

AdwCleaner[R0].txt - [12399 octets] - [19/10/2014 12:15:33]
AdwCleaner[S0].txt - [11856 octets] - [19/10/2014 12:22:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11917 octets] ##########

2. adwcleaner (RO)

Code:

ATTFilter

# AdwCleaner v4.000 - Bericht erstellt am 19/10/2014 um 12:15:33
# Aktualisiert 12/10/2014 von Xplode
# Datenbank : 2014-10-17.9
# Betriebssystem : Windows 8.1  (32 bits)
# Benutzername : HP - xxxxx
# Gestartet von : C:\Users\HP\Desktop\AdwCleaner_4.000.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : globalUpdate
Dienst Gefunden : globalUpdatem
Dienst Gefunden : servervo

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\HP\Desktop\Continue Live Installation.lnk
Datei Gefunden : C:\Windows\system32\roboot.exe
Ordner Gefunden : C:\Program Files\Cinema-Plus-1.8cV12.10
Ordner Gefunden : C:\Program Files\FLVM Player
Ordner Gefunden : C:\Program Files\globalUpdate
Ordner Gefunden : C:\Program Files\mbot_de_145
Ordner Gefunden : C:\Program Files\ver7SpeedChecker
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Ordner Gefunden : C:\ProgramData\WindowsMangerProtect
Ordner Gefunden : C:\Users\HP\AppData\Local\ConvertAd
Ordner Gefunden : C:\Users\HP\AppData\Local\globalUpdate
Ordner Gefunden : C:\Users\HP\AppData\Local\mbot_de_145
Ordner Gefunden : C:\Users\HP\AppData\Roaming\AnyProtectEx
Ordner Gefunden : C:\Users\HP\AppData\Roaming\ap_logs
Ordner Gefunden : C:\Users\HP\AppData\Roaming\InetStat
Ordner Gefunden : C:\Users\HP\AppData\Roaming\LookThisUp
Ordner Gefunden : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Ordner Gefunden : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gefunden : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gefunden : C:\Users\HP\AppData\Roaming\sweet-page
Ordner Gefunden : C:\Users\HP\AppData\Roaming\VOPackage

***** [ Tasks ] *****

Task Gefunden : APSnotifierPP1
Task Gefunden : APSnotifierPP2
Task Gefunden : APSnotifierPP3
Task Gefunden : ASP
Task Gefunden : globalUpdateUpdateTaskMachineCore
Task Gefunden : globalUpdateUpdateTaskMachineUA
Task Gefunden : SpeedChecker Update
Task Gefunden : 5cd5570c-479e-4bff-8d71-1fe1ae5a96ef
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-1
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-11
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-3
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-4
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5
Task Gefunden : 6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5_user
Task Gefunden : 9723fcf9-7d34-4557-bf9d-5aaee05d2afb

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Cinema-Plus-1.8cV12.10
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\GlobalUpdate
Schlüssel Gefunden : HKCU\Software\InetStat
Schlüssel Gefunden : HKCU\Software\LookThisUp
Schlüssel Gefunden : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611321185}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611321185}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Schlüssel Gefunden : HKCU\Software\Tutorials
Schlüssel Gefunden : HKLM\SOFTWARE\Cinema-Plus-1.8cV12.10
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611321185}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622322285}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655325585}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666326685}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644324485}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644324485}
Schlüssel Gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611321185}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6AD17EF9-640F-1903-11A0-44AC17BAE75D
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cinema-Plus-1.8cV12.10
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLVM Player
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LookThisUp
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_145_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gefunden : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\Tutorials
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{BD671362-7905-03FA-24A6-403C5083D562}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16384

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=F5EB1EE6-65C8-4354-9BC2-A6EC74BD2B0E&SearchSource=55&CUI=&UM=6&UP=SP69664532-4D64-4A2F-B262-AAA7B97E7988&SSPV=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.sweet-page.com/?type=hp&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1413112344&from=cor&uid=3219913727_198259_6A968D30&q={searchTerms}

*************************

AdwCleaner[R0].txt - [12257 octets] - [19/10/2014 12:15:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12318 octets] ##########

3. mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 19.10.2014
Scan Time: 12:47:16
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.19.04
Rootkit Database: v2014.10.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x86
File System: NTFS
User: HP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273475
Time Elapsed: 7 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.Conduit.A, C:\Program Files\ORBTR\orbiter.dll, Delete-on-Reboot, [cdc31bfb225aba7c49205a5d4fb29d63], 

Registry Keys: 5
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6CB99040-7828-4C37-AC01-F15758F43E4D}, Quarantined, [cec263b307750c2ae4d87d21fe0424dc], 
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TermTutor, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [4749d145c9b35adcae37008c4aba0000], 
PUP.Optional.CinemaPlus, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema-Plus-1.8cV12.10, Quarantined, [345c24f2a7d57bbb6a3c1312f112d729], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\3rd Party Licenses, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\IE, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\Service, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.Orbtr, C:\Program Files\ORBTR, Delete-on-Reboot, [4d432aec017bae88cea8533a72927090], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 

Files: 27
PUP.Optional.Conduit.A, C:\Program Files\ORBTR\orbiter.dll, Delete-on-Reboot, [cdc31bfb225aba7c49205a5d4fb29d63], 
PUP.Optional.Conduit.A, C:\Users\HP\AppData\Local\Temp\dlLogic.exe, Quarantined, [fc944dc9740839fd3fa0f0527090ad53], 
PUP.Optional.SearchProtect.A, C:\Users\HP\AppData\Local\Temp\spstub.exe, Quarantined, [d7b9f125c8b4b38345fdf79f3ac733cd], 
PUP.Optional.AdLyrics, C:\Users\HP\AppData\Local\Temp\n8696\3333-8000_SpeedChecker.exe, Quarantined, [5e32be586f0ded4933e88e3fe31efa06], 
PUP.Optional.AppInstaller, C:\Users\HP\AppData\Local\Temp\n8696\FLVMPlayerSetup-c45490cb.exe, Quarantined, [563a76a049336fc73366f79e6b96f10f], 
PUP.Optional.CrossRider.A, C:\Users\HP\AppData\Local\Temp\n8696\HQVideo-DEInstaller.exe, Quarantined, [216fcb4bbbc1c2746f5021a9f70a6f91], 
Trojan.MSIL.Bladabindi, C:\Users\HP\AppData\Local\Temp\n8696\Installer.exe, Quarantined, [5f31eb2b235989ad457e0aba966bfd03], 
PUP.Optional.SearchProtect.A, C:\Users\HP\AppData\Local\Temp\n8696\searchprotect_2805-feafc00c.exe, Quarantined, [7a160d09d0acfe384ff33660d62b05fb], 
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\terms-of-service.rtf, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\Uninstall.exe, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\3rd Party Licenses\buildcrx-license.txt, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\3rd Party Licenses\nsJSON-license.txt, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\3rd Party Licenses\UAC-license.txt, Quarantined, [a4ec48ce8eee44f25fee8799d52e3bc5], 
PUP.Optional.FLVMPlayer, C:\Users\HP\Desktop\FLVM Player.lnk, Quarantined, [236d61b581fb989e74127715a361f30d], 
PUP.Optional.Orbtr, C:\Program Files\ORBTR\Orbt.ext, Quarantined, [4d432aec017bae88cea8533a72927090], 
PUP.Optional.Orbtr, C:\Program Files\ORBTR\uninstall.exe, Quarantined, [4d432aec017bae88cea8533a72927090], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\GoogleCrashHandler.exe, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\GoogleUpdate.exe, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\GoogleUpdateBroker.exe, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\GoogleUpdateHelper.msi, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\GoogleUpdateOnDemand.exe, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\goopdate.dll, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\goopdateres_en.dll, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\npGoogleUpdate4.dll, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\psmachine.dll, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 
PUP.Optional.GlobalUpdate.A, C:\Users\HP\AppData\Local\Temp\comh.48008\psuser.dll, Quarantined, [0b85a670c4b874c2696cf90dc73c23dd], 

Physical Sectors: 0
(No malicious items detected)


(end)

4. JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8.1 x86
Ran by HP on 19.10.2014 at 13:10:08,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-1001
Successfully deleted: [File] C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.10.2014 at 13:18:43,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-10-2014 01
Ran by HP (administrator) on xxxxx on 19-10-2014 13:22:04
Running from C:\Users\HP\Desktop
Loaded Profile: HP (Available profiles: HP)
Platform: Microsoft Windows 8.1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x86__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:50415;https=127.0.0.1:50415
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-10] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-12-14] (Microsoft Corporation)
S2 Orbiter; C:/Program Files/ORBTR/orbiter.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-10] (Broadcom Corp)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-10] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-10] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [50312 2014-10-12] (Corsica)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 13:20 - 2014-10-19 13:20 - 00000000 ____D () C:\Users\HP\Desktop\FRST-OlderVersion
2014-10-19 13:18 - 2014-10-19 13:18 - 00000882 _____ () C:\Users\HP\Desktop\JRT.txt
2014-10-19 13:10 - 2014-10-19 13:10 - 00000000 ____D () C:\Windows\ERUNT
2014-10-19 13:08 - 2014-10-19 13:08 - 01705698 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe
2014-10-19 12:56 - 2014-10-19 12:56 - 00006209 _____ () C:\Users\HP\Desktop\mbam.txt
2014-10-19 12:43 - 2014-10-19 12:59 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 12:43 - 2014-10-19 12:43 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-10-19 12:43 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 12:43 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 12:43 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-19 12:39 - 2014-10-19 12:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-19 12:33 - 2014-10-19 12:33 - 284417501 _____ () C:\Windows\MEMORY.DMP
2014-10-19 12:33 - 2014-10-19 12:33 - 00619216 _____ () C:\Windows\Minidump\101914-17328-01.dmp
2014-10-19 12:22 - 2014-10-19 12:35 - 00011990 _____ () C:\Users\HP\Desktop\AdwCleaner[S0].txt
2014-10-19 12:15 - 2014-10-19 12:36 - 00012391 _____ () C:\Users\HP\Desktop\AdwCleaner[R0].txt
2014-10-19 12:14 - 2014-10-19 12:35 - 00000000 ____D () C:\AdwCleaner
2014-10-19 12:10 - 2014-10-19 12:10 - 01976320 _____ () C:\Users\HP\Desktop\AdwCleaner_4.000.exe
2014-10-19 10:29 - 2014-10-19 11:12 - 00013818 _____ () C:\Users\HP\Desktop\a2scan_141016-183741.txt
2014-10-19 10:29 - 2014-10-19 10:29 - 00012534 _____ () C:\Users\HP\Desktop\quarantäne emsisoft.txt
2014-10-16 20:49 - 2014-10-16 20:49 - 00380416 _____ () C:\Users\HP\Downloads\Gmer-19357.exe
2014-10-16 20:39 - 2014-10-19 11:18 - 00030436 _____ () C:\Users\HP\Desktop\Addition.txt
2014-10-16 20:38 - 2014-10-19 13:22 - 00013952 _____ () C:\Users\HP\Desktop\FRST.txt
2014-10-16 20:38 - 2014-10-19 13:22 - 00000000 ____D () C:\FRST
2014-10-16 20:37 - 2014-10-19 13:20 - 01103360 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe
2014-10-16 20:34 - 2014-10-16 20:34 - 00000466 _____ () C:\Users\HP\Desktop\defogger_disable.log
2014-10-16 20:33 - 2014-10-16 20:33 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe
2014-10-16 20:23 - 2014-10-16 20:23 - 00025600 ___SH () C:\Users\HP\Downloads\Thumbs.db
2014-10-16 20:22 - 2014-10-16 20:22 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-10-16 20:14 - 2014-10-16 20:14 - 00512504 _____ () C:\Windows\Minidump\101614-12000-01.dmp
2014-10-12 15:32 - 2014-10-19 11:55 - 00001120 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2014-10-12 15:22 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-12 15:22 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 15:04 - 2014-10-12 15:04 - 00523208 _____ () C:\Windows\Minidump\101214-22593-01.dmp
2014-10-12 14:32 - 2014-10-12 14:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-12 14:31 - 2014-08-29 13:01 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-10-12 14:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-12 14:07 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-12 14:07 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-12 14:06 - 2014-10-12 14:19 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OnlineArmor
2014-10-12 14:03 - 2014-10-19 12:33 - 00000000 ____D () C:\Windows\Minidump
2014-10-12 14:03 - 2014-10-12 14:03 - 00606936 _____ () C:\Windows\Minidump\101214-26781-01.dmp
2014-10-12 14:03 - 2014-10-12 14:03 - 00003358 _____ () C:\EamClean.log
2014-10-12 13:58 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\EurekaLab s.a.s
2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-10-12 13:52 - 2014-10-16 20:26 - 00000000 ____D () C:\Program Files\Online Armor
2014-10-12 13:52 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-10-12 13:48 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-12 13:46 - 2014-10-12 13:48 - 10696960 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\OnlineArmorSetup.exe
2014-10-12 13:33 - 2014-10-12 13:33 - 00001067 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-12 13:33 - 2014-10-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-12 13:32 - 2014-10-19 13:06 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-10-12 13:15 - 2014-10-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\ap_movie
2014-10-12 13:14 - 2014-10-12 13:14 - 00612126 _____ (CMI Limited) C:\Users\HP\AppData\Local\nsb44F.tmp
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Xunlei
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-10-12 13:07 - 2014-10-12 13:10 - 163265680 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\EmsisoftAntiMalwareSetup.exe
2014-10-12 13:03 - 2014-10-19 13:03 - 00001684 _____ () C:\Windows\Tasks\QMXKNTZD.job
2014-10-12 13:03 - 2014-10-19 13:03 - 00001328 _____ () C:\Windows\Tasks\IO.job
2014-10-12 13:02 - 2014-10-16 18:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-12 13:02 - 2014-10-16 18:46 - 00000000 ____D () C:\Program Files\Opera
2014-10-12 13:02 - 2014-10-12 13:02 - 00001111 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Opera Software
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Opera Software
2014-10-12 13:01 - 2014-10-12 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-12 13:01 - 2014-10-12 13:00 - 00050312 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2014-10-12 13:00 - 2014-10-12 13:00 - 00873960 _____ (Opera Software) C:\Users\HP\Desktop\opera-23.0.1522.77-multi.exe
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia
2014-10-12 12:56 - 2014-09-22 08:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 13:19 - 2014-04-10 06:45 - 01151861 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 13:09 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru
2014-10-19 13:05 - 2013-12-14 06:03 - 00823858 _____ () C:\Windows\system32\perfh010.dat
2014-10-19 13:05 - 2013-12-14 06:03 - 00181632 _____ () C:\Windows\system32\perfc010.dat
2014-10-19 13:05 - 2013-12-13 22:46 - 00005468 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 12:58 - 2013-12-13 22:30 - 00025568 _____ () C:\Windows\PFRO.log
2014-10-19 12:58 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 12:58 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 12:22 - 2014-09-03 22:59 - 00001160 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-19 12:01 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-19 12:00 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-19 11:55 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-19 11:50 - 2013-08-22 15:08 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\IME
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-19 11:49 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ___SD () C:\Windows\system32\dsc
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\Com
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Help
2014-10-19 11:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-10-19 11:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-16 20:26 - 2014-09-03 22:59 - 00000000 ____D () C:\Users\HP
2014-10-12 19:09 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-12 18:42 - 2013-08-22 09:22 - 00333576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\FileManager
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Camera
2014-10-12 18:40 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-12 13:52 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\restore
2014-10-12 13:01 - 2013-08-22 09:23 - 00013554 _____ () C:\Windows\setupact.log
2014-10-12 12:57 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-12 12:42 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\LogFiles

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\hAUK6.exe
C:\Users\HP\AppData\Local\Temp\Quarantine.exe
C:\Users\HP\AppData\Local\Temp\sqlite3.dll
C:\Users\HP\AppData\Local\Temp\yYKY0.dll
C:\Users\HP\AppData\Local\Temp\yYKY0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 18:19

==================== End Of Log ============================

--- --- ---

6. addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-10-2014 01
Ran by HP at 2014-10-19 13:22:51
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse  (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-10-2014 09:28:12 Sprachpaketdeinstallation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {0FA9C72D-D3DC-41EA-AD12-0264A29FFF50} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2014-10-19] ()
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {471E9656-4A9E-4F2D-B55E-50875C166E14} - \Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500 No Task File <==== ATTENTION
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {515A8D55-B2DA-4DAC-A197-0B02F6DAE700} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2014-10-19] ()
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {61A1EED5-DBB1-4606-8B71-4229B497EC59} - System32\Tasks\QMXKNTZD => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410} - System32\Tasks\IO => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8F7FB3A6-5ECC-485E-B309-B4E99ABE21DD} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A02FE6A8-4963-4C7D-8D21-DC48FE3E517C} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {A1C0096D-7EF7-4283-9C87-611781AF8F49} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C37FC171-6AF7-4A02-9319-1AFF42F85373} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {DE636FF2-FD26-4241-9343-322918A02564} - System32\Tasks\Opera scheduled Autoupdate 1413111732 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {F77DFB67-F295-4A1F-AAED-A3B51A1C301F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\IO.job => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: C:\Windows\Tasks\QMXKNTZD.job => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-10-12 13:32 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2565251152-1528942193-4253351456-500 - Administrator - Disabled)
Gast (S-1-5-21-2565251152-1528942193-4253351456-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2565251152-1528942193-4253351456-1003 - Limited - Enabled)
HP (S-1-5-21-2565251152-1528942193-4253351456-1001 - Administrator - Enabled) => C:\Users\HP

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-19 12:01:34.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:33.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:32.673
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:31.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:30.798
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:29.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:28.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:27.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:25.829
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 10:34:51.843
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\HP\AppData\Local\Temp\uxtiiuow.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 48%
Total physical RAM: 1933.15 MB
Available physical RAM: 1004.03 MB
Total Pagefile: 3917.15 MB
Available Pagefile: 2423.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:28.22 GB) (Free:9.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 67B602CA)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B · 20.10.2014, 16:24

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
ProxyServer: http=127.0.0.1:50415;https=127.0.0.1:50415
S2 Orbiter; C:\Program Files\ORBTR\orbiter.dll [X]
C:\Program Files\ORBTR
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Task: {61A1EED5-DBB1-4606-8B71-4229B497EC59} - System32\Tasks\QMXKNTZD => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
C:\Users\HP\AppData\Roaming\QMXKNTZD.exe
Task: {7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410} - System32\Tasks\IO => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
C:\Users\HP\AppData\Roaming\IO.exe
Task: C:\Windows\Tasks\IO.job => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: C:\Windows\Tasks\QMXKNTZD.job => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Schritt 5
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*ORBTR*
*TermTutor*

:folderfind
*ORBTR*
*TermTutor*

:regfind
ConvertAd
TermTutor

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck,
die beiden neuen Logdateien von FRST,
die Logdatei von SystemLook.

Sabine99 · 20.10.2014, 21:24

Hallo Matthias,

ich kämpf immer noch mit den vielen Weiterleitungen

Anbei die files:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-10-2014
Ran by HP at 2014-10-20 18:06:58 Run:1
Running from C:\Users\HP\Desktop
Loaded Profiles: HP &  (Available profiles: HP)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
ProxyServer: http=127.0.0.1:50415;https=127.0.0.1:50415
S2 Orbiter; C:\Program Files\ORBTR\orbiter.dll [X]
C:\Program Files\ORBTR
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
TASK: {61A1EED5-DBB1-4606-8B71-4229B497EC59} - System32\Tasks\QMXKNTZD => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
C:\Users\HP\AppData\Roaming\QMXKNTZD.exe
Task: {7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410} - System32\Tasks\IO => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
C:\Users\HP\AppData\Roaming\IO.exe
Task: C:\WINDOWS\Tasks\IO.job => C:\Users\HP\AppData\Roaming\IO.exe <==== ATTENTION
Task: C:\Windows\Tasks\QMXKNTZD.job => C:\Users\HP\AppData\Roaming\QMXKNTZD.exe <==== ATTENTION
EmptyTemp:
end
*****************

Processes closed successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Orbiter => Service deleted successfully.
"C:\Program Files\ORBTR" => File/Directory not found.
Could not move "C:\ProgramData\SetStretch.exe" => Scheduled to move on reboot.
C:\ProgramData\SetStretch.VBS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61A1EED5-DBB1-4606-8B71-4229B497EC59}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61A1EED5-DBB1-4606-8B71-4229B497EC59}" => Key deleted successfully.
C:\Windows\System32\Tasks\QMXKNTZD => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QMXKNTZD" => Key deleted successfully.
"C:\Users\HP\AppData\Roaming\QMXKNTZD.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B2E2DB4-C12C-4259-BBE8-7ECDD18FB410}" => Key deleted successfully.
C:\Windows\System32\Tasks\IO => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IO" => Key deleted successfully.
"C:\Users\HP\AppData\Roaming\IO.exe" => File/Directory not found.
C:\WINDOWS\Tasks\IO.job => Moved successfully.
C:\Windows\Tasks\QMXKNTZD.job => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-20 21:58:48)<=

==> ATTENTION: System is not rebooted.
C:\ProgramData\SetStretch.exe => Moved successfully.

==== End of Fixlog ====

Ich habe danach neu gestartet, da Opera nicht mehr funktioniert hat.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dfb65e86cae59a4a8b634c040fcf1d16
# engine=0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-20 06:10:35
# local_time=2014-10-20 08:10:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 116424 36688124 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16642 16777213 100 100 1058 215070923 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=146
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dfb65e86cae59a4a8b634c040fcf1d16
# engine=20691
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-20 07:49:40
# local_time=2014-10-20 09:49:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 122369 36694069 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16642 16777213 100 100 2888 215076868 0 0
# scanned=134863
# found=24
# cleaned=0
# scan_time=1222
sh=4F1A1ECBC53648728576DC417328B2DD70532367 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\1293297481.mxaddon.vir"
sh=94335D1F6DAE4F1079467E3F670065D0ABB5D804 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\333be69e-a6c3-4468-a279-7291e7774334.crx.vir"
sh=4C52435A58EC56FF29C58692695F8DCB6D937CD8 ft=1 fh=a191f6801aac364c vn="Variante von Win32/Toolbar.CrossRider.AS evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\5cd5570c-479e-4bff-8d71-1fe1ae5a96ef.exe.vir"
sh=B5B9B6F501335B3BB56E069AE691490175FDC956 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\6921e08e-904b-4ed4-8793-0e283d3a9d44.crx.vir"
sh=4ABF67CD43147938E2CB782F27BB7FBEBA6D0783 ft=1 fh=e0702aaac40e00fc vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-2.exe.vir"
sh=A9133A196876498C47DE27353F61EBEA5D3549E6 ft=1 fh=dfb59e34b3cfdbed vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84-5.exe.vir"
sh=94335D1F6DAE4F1079467E3F670065D0ABB5D804 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84.crx.vir"
sh=38F9693D573505E128D3642E098EB3C06DD03B00 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\6ea3f696-9fa1-4796-a43b-fb0f91bb6c84.xpi.vir"
sh=BF567125747F2C3F67D38CFD73E850E5FC5BE845 ft=1 fh=e6fe7378200f516b vn="Variante von Win32/Toolbar.CrossRider.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\9723fcf9-7d34-4557-bf9d-5aaee05d2afb.exe.vir"
sh=34CFEC4D0FFB7AA47A265FF93D86AD10D6AF7689 ft=1 fh=2825abe6ff412946 vn="Variante von Win32/Toolbar.CrossRider.BA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-bg.exe.vir"
sh=F963BC2DB95E51DA2FCD26FB8D838102364D150E ft=1 fh=3f840e2328850e10 vn="Variante von Win32/Toolbar.CrossRider.BA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-bho.dll.vir"
sh=BF460C9E553C5DD6A75219FB9076B9BC1130DCBA ft=1 fh=ac25ca4d560230f8 vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\Cinema-Plus-1.8cV12.10-codedownloader.exe.vir"
sh=CC71EB165C6771F6000A81DFB9E64C3E999C7CF0 ft=1 fh=5d90b28d7395eb2f vn="Variante von Win32/Toolbar.CrossRider.AW evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Cinema-Plus-1.8cV12.10\Uninstall.exe.vir"
sh=642716AFDDFCAA41EEDB11070CE3191070ED685B ft=1 fh=2fd62bfc8ca2e705 vn="Variante von MSIL/Solimba.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\FLVM Player\FLVPlayerUninstaller.exe.vir"
sh=058855D29306F761DD65CFAA9CBA72BD16075F6B ft=1 fh=a768ddc79422657f vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\mybestofferstoday_widget.exe.vir"
sh=0B0334DF2140E62BB85A916ED2CE0B908888FF54 ft=1 fh=9d9b65f8a0ee7c22 vn="Variante von Win32/AdWare.AddLyrics.CB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ver7SpeedChecker\Uninstall.exe.vir"
sh=2536A5DA4C84FC6E8DC5DCDCBE4BA556D5225B72 ft=1 fh=d3a50c9ac09748b8 vn="Variante von MSIL/Adware.iBryte.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\LookThisUp\LookThisUpUninstall.exe.vir"
sh=978144BC6609EF348B00A93C714AEDD2E64820CC ft=1 fh=cec9b8ec3f0c65e4 vn="Win32/VOPackage.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=241E819FDBC67F11A72A586809BE1FFFA0C242C4 ft=1 fh=c0767764c9d3b24e vn="Variante von Win32/VOPackage.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=173B714CE3CE8AF13DF5A3DF4F33C623DBF5BBA7 ft=1 fh=63cbddf249556df3 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=F011E00D3C814095CB8B23B6C1914DA9B1C082ED ft=1 fh=0eda2e9940caec9b vn="Win32/AnyProtect.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\HP\AppData\Local\nsb44F.tmp"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\HP\AppData\Roaming\IO"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\HP\AppData\Roaming\QMXKNTZD"
sh=3DD99CE62F9D4ABC4F521A672B346CEC13527230 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb\1.26.46_0\extensionData\plugins\91.js"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.87  
   x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Emsisoft Anti-Malware   
Windows Defender        
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Tall Emu Online Armor OAcat.exe 
 Emsisoft Anti-Malware a2service.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 EMSISOFT Anti-Malware a2guard.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014 01
Ran by HP (administrator) on xxxxx on 20-10-2014 22:00:25
Running from C:\Users\HP\Desktop
Loaded Profile: HP (Available profiles: HP)
Platform: Microsoft Windows 8.1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-10] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-12-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-10] (Broadcom Corp)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-10] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-10] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [50312 2014-10-12] (Corsica)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 22:00 - 2014-10-20 22:00 - 00013790 _____ () C:\Users\HP\Desktop\FRST.txt
2014-10-20 21:58 - 2014-10-20 21:58 - 00000825 _____ () C:\Users\HP\Desktop\checkup.txt
2014-10-20 21:56 - 2014-10-20 21:56 - 00854417 _____ () C:\Users\HP\Desktop\SecurityCheck.exe
2014-10-20 19:51 - 2014-10-20 19:51 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_deu.exe
2014-10-20 19:34 - 2014-10-20 19:34 - 00000000 ____D () C:\9bcd29b28965a011ca96fd2a
2014-10-20 18:06 - 2014-10-20 21:59 - 00000000 ____D () C:\Users\HP\Desktop\FRST-OlderVersion
2014-10-19 13:25 - 2014-10-20 19:20 - 00000000 ____D () C:\Users\HP\Desktop\Neuer Ordner
2014-10-19 13:10 - 2014-10-19 13:10 - 00000000 ____D () C:\Windows\ERUNT
2014-10-19 13:08 - 2014-10-19 13:08 - 01705698 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe
2014-10-19 12:43 - 2014-10-20 21:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 12:43 - 2014-10-19 12:43 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-10-19 12:43 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 12:43 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 12:43 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-19 12:39 - 2014-10-19 12:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-19 12:33 - 2014-10-19 12:33 - 284417501 _____ () C:\Windows\MEMORY.DMP
2014-10-19 12:33 - 2014-10-19 12:33 - 00619216 _____ () C:\Windows\Minidump\101914-17328-01.dmp
2014-10-19 12:14 - 2014-10-19 12:35 - 00000000 ____D () C:\AdwCleaner
2014-10-19 12:10 - 2014-10-19 12:10 - 01976320 _____ () C:\Users\HP\Desktop\AdwCleaner_4.000.exe
2014-10-16 20:49 - 2014-10-16 20:49 - 00380416 _____ () C:\Users\HP\Downloads\Gmer-19357.exe
2014-10-16 20:38 - 2014-10-20 22:00 - 00000000 ____D () C:\FRST
2014-10-16 20:37 - 2014-10-20 21:59 - 01102336 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe
2014-10-16 20:33 - 2014-10-16 20:33 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe
2014-10-16 20:23 - 2014-10-16 20:23 - 00025600 ___SH () C:\Users\HP\Downloads\Thumbs.db
2014-10-16 20:22 - 2014-10-16 20:22 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-10-16 20:14 - 2014-10-16 20:14 - 00512504 _____ () C:\Windows\Minidump\101614-12000-01.dmp
2014-10-12 15:32 - 2014-10-19 11:55 - 00001120 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2014-10-12 15:22 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-12 15:22 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 15:04 - 2014-10-12 15:04 - 00523208 _____ () C:\Windows\Minidump\101214-22593-01.dmp
2014-10-12 14:32 - 2014-10-20 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-12 14:31 - 2014-10-20 19:35 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-10-12 14:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-12 14:07 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-12 14:07 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-12 14:06 - 2014-10-12 14:19 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OnlineArmor
2014-10-12 14:03 - 2014-10-19 12:33 - 00000000 ____D () C:\Windows\Minidump
2014-10-12 14:03 - 2014-10-12 14:03 - 00606936 _____ () C:\Windows\Minidump\101214-26781-01.dmp
2014-10-12 14:03 - 2014-10-12 14:03 - 00003358 _____ () C:\EamClean.log
2014-10-12 13:58 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\EurekaLab s.a.s
2014-10-12 13:52 - 2014-10-19 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-10-12 13:52 - 2014-10-19 13:34 - 00000000 ____D () C:\Program Files\Online Armor
2014-10-12 13:52 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-10-12 13:48 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-12 13:46 - 2014-10-12 13:48 - 10696960 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\OnlineArmorSetup.exe
2014-10-12 13:33 - 2014-10-12 13:33 - 00001067 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-12 13:33 - 2014-10-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-12 13:32 - 2014-10-20 22:00 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-10-12 13:15 - 2014-10-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\ap_movie
2014-10-12 13:14 - 2014-10-12 13:14 - 00612126 _____ (CMI Limited) C:\Users\HP\AppData\Local\nsb44F.tmp
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Xunlei
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-10-12 13:07 - 2014-10-12 13:10 - 163265680 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\EmsisoftAntiMalwareSetup.exe
2014-10-12 13:02 - 2014-10-16 18:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-12 13:02 - 2014-10-16 18:46 - 00000000 ____D () C:\Program Files\Opera
2014-10-12 13:02 - 2014-10-12 13:02 - 00001111 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Opera Software
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Opera Software
2014-10-12 13:01 - 2014-10-12 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-12 13:01 - 2014-10-12 13:00 - 00050312 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2014-10-12 13:00 - 2014-10-12 13:00 - 00873960 _____ (Opera Software) C:\Users\HP\Desktop\opera-23.0.1522.77-multi.exe
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia
2014-10-12 12:56 - 2014-09-22 08:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 22:00 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru
2014-10-20 21:20 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 20:54 - 2013-12-14 06:03 - 00847178 _____ () C:\Windows\system32\perfh010.dat
2014-10-20 20:54 - 2013-12-14 06:03 - 00201392 _____ () C:\Windows\system32\perfc010.dat
2014-10-20 20:54 - 2013-12-13 22:46 - 00005468 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 20:49 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 20:48 - 2013-08-22 09:22 - 00333576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 20:45 - 2013-12-14 06:03 - 00000000 ____D () C:\Windows\it-IT
2014-10-20 20:45 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\de-DE
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\et-EE
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\el-GR
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-20 20:44 - 2013-12-14 06:03 - 00000000 ____D () C:\Windows\system32\Drivers\it-IT
2014-10-20 20:44 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\th-TH
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\he-IL
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\FileManager
2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Camera
2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-10-20 20:28 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-20 20:23 - 2014-04-10 06:45 - 01110797 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 20:14 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 20:13 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 18:17 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-19 13:34 - 2013-12-13 22:30 - 00025926 _____ () C:\Windows\PFRO.log
2014-10-19 12:22 - 2014-09-03 22:59 - 00001160 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-19 11:50 - 2013-08-22 15:08 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\IME
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-19 11:49 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ___SD () C:\Windows\system32\dsc
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\Com
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Help
2014-10-16 20:26 - 2014-09-03 22:59 - 00000000 ____D () C:\Users\HP
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-10-12 18:40 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-12 13:52 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\restore
2014-10-12 13:01 - 2013-08-22 09:23 - 00013554 _____ () C:\Windows\setupact.log
2014-10-12 12:57 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-12 12:42 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\LogFiles

Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\hAUK6.exe
C:\Users\HP\AppData\Local\Temp\Quarantine.exe
C:\Users\HP\AppData\Local\Temp\yYKY0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 18:19

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014 01
Ran by HP at 2014-10-20 22:01:15
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse  (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-10-2014 17:32:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {0FA9C72D-D3DC-41EA-AD12-0264A29FFF50} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2014-10-20] ()
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {1D4E5977-E467-459B-82E3-6C399289990D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-20] (Microsoft Corporation)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {471E9656-4A9E-4F2D-B55E-50875C166E14} - \Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500 No Task File <==== ATTENTION
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {515A8D55-B2DA-4DAC-A197-0B02F6DAE700} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2014-10-20] ()
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8F7FB3A6-5ECC-485E-B309-B4E99ABE21DD} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A02FE6A8-4963-4C7D-8D21-DC48FE3E517C} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {A1C0096D-7EF7-4283-9C87-611781AF8F49} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C37FC171-6AF7-4A02-9319-1AFF42F85373} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {DE636FF2-FD26-4241-9343-322918A02564} - System32\Tasks\Opera scheduled Autoupdate 1413111732 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-10-12 13:32 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2565251152-1528942193-4253351456-500 - Administrator - Disabled)
Gast (S-1-5-21-2565251152-1528942193-4253351456-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2565251152-1528942193-4253351456-1003 - Limited - Enabled)
HP (S-1-5-21-2565251152-1528942193-4253351456-1001 - Administrator - Enabled) => C:\Users\HP

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2014 09:16:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/20/2014 09:01:00 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (10/20/2014 08:51:34 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT-AUTORITÄT)
Description: Der Ereignisprotokollierungsdienst hat beim Aktivieren des Herausgebers "{0BF2FB94-7B60-4B4D-9766-E82F658DF540}" für den Kanal "Microsoft-Windows-Kernel-ShimEngine/Operational" einen Fehler (5) erkannt. Dieser Fehler hat keinen Einfluss auf den Betrieb des Kanals, beeinträchtigt jedoch die Fähigkeit des Herausgebers, Ereignisse für den Kanal auszulösen. Dieser Fehler ist oft darauf zurückzuführen, dass der Anbieter die ETW-Anbietersicherheit verwendet und der Ereignisprotokoll-Dienstidentität keine Berechtigungen zum Aktivieren gewährt hat.

Error: (10/20/2014 08:51:18 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005

Error: (10/20/2014 08:51:18 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005hxxp://+:10243/WMPNSSv4/2318047519/

Error: (10/20/2014 08:51:18 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005

Error: (10/20/2014 08:51:18 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005hxxp://+:10243/WMPNSSv4/2318047519/

Error: (10/20/2014 08:31:28 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT-AUTORITÄT)
Description: Der Ereignisprotokollierungsdienst hat beim Aktivieren des Herausgebers "{0BF2FB94-7B60-4B4D-9766-E82F658DF540}" für den Kanal "Microsoft-Windows-Kernel-ShimEngine/Operational" einen Fehler (5) erkannt. Dieser Fehler hat keinen Einfluss auf den Betrieb des Kanals, beeinträchtigt jedoch die Fähigkeit des Herausgebers, Ereignisse für den Kanal auszulösen. Dieser Fehler ist oft darauf zurückzuführen, dass der Anbieter die ETW-Anbietersicherheit verwendet und der Ereignisprotokoll-Dienstidentität keine Berechtigungen zum Aktivieren gewährt hat.

Error: (10/20/2014 08:31:12 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005

Error: (10/20/2014 08:31:12 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005hxxp://+:10243/WMPNSSv4/2318047519/

Error: (10/20/2014 08:31:12 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005

Error: (10/20/2014 08:31:12 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005hxxp://+:10243/WMPNSSv4/2318047519/


Microsoft Office Sessions:
=========================
Error: (10/20/2014 09:16:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/20/2014 09:01:00 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/20/2014 08:33:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000


CodeIntegrity Errors:
===================================
  Date: 2014-10-19 12:01:34.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:33.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:32.673
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:31.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:30.798
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:29.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:28.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:27.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:25.829
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 10:34:51.843
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\HP\AppData\Local\Temp\uxtiiuow.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 45%
Total physical RAM: 1933.15 MB
Available physical RAM: 1056.65 MB
Total Pagefile: 3917.15 MB
Available Pagefile: 2354.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:28.22 GB) (Free:9.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 67B602CA)

Partition: GPT Partition Type.

==================== End Of Log ============================

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 22:05 on 20/10/2014 by HP
Administrator - Elevation successful

========== filefind ==========

Searching for "*ORBTR*"
No files found.

Searching for "*TermTutor*"
C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe	--a---- 1104088 bytes	[07:52 09/09/2014]	[07:52 09/09/2014] (Unable to calculate MD5)

========== folderfind ==========

Searching for "*ORBTR*"
No folders found.

Searching for "*TermTutor*"
No folders found.

========== regfind ==========

Searching for "ConvertAd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd]
"DisplayName"="ConvertAd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd]
"UninstallString"=""C:\Users\HP\AppData\Local\ConvertAd\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd]
"DisplayIcon"=""C:\Users\HP\AppData\Local\ConvertAd\ConvertAd.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd]
"Publisher"="ConvertAd"

Searching for "TermTutor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}\1.0\0\win32]
@="C:\Program Files\TermTutor\IE\TermTutorClientIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}\1.0\HELPDIR]
@="C:\Program Files\TermTutor\IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\TermTutor]

-= EOF =-

Danke und gute Nacht
Sabine 99

M-K-D-B · 21.10.2014, 12:06

Servus,

bitte berichte mir, ob es nach den folgenden Schritten immer noch Probleme mit Umleitungen, etc. gibt. Wenn ja, in welchem Browser?

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Users\HP\AppData\Roaming\IO
C:\Users\HP\AppData\Roaming\QMXKNTZD
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [50312 2014-10-12] (Corsica)
C:\Windows\system32\Drivers\webinstrNew.sys
Task: {471E9656-4A9E-4F2D-B55E-50875C166E14} - \Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500 No Task File <==== ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\TermTutor
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und Shortcut.txt und drücke auf Scan.
FRST erstellt drei Logdateien (FRST.txt und Addition.txt).
Poste mir alle drei Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von HitmanPro,
die drei neuen Logdateien von FRST.

Sabine99 · 21.10.2014, 17:52

Hallo Matthias,

super, Opera leitet nicht mehr weiter und der IE funktioniert auch wieder

Das einzige, was mir noch auffällt, ist dass der web shield von online Armor inaktiv ist.

Anbei die files.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-10-2014 01
Ran by HP at 2014-10-21 17:53:26 Run:2
Running from C:\Users\HP\Desktop
Loaded Profiles: HP &  (Available profiles: HP)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\HP\AppData\Roaming\IO
C:\Users\HP\AppData\Roaming\QMXKNTZD
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb
R2 webinstrNew; C:\Windows\system32\DRIVERS\webinstrNew.sys [50312 2014-10-12] (Corsica)
C:\Windows\system32\DRIVERS\webinstrNew.sys
Task: {471E9656-4A9E-4F2D-B55E-50875C166E14} - \Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500 No Task File <==== ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Uninstall\ConvertAd
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\TermTutor
EmptyTemp:
end
*****************

Processes closed successfully.
C:\Users\HP\AppData\Roaming\IO => Moved successfully.
C:\Users\HP\AppData\Roaming\QMXKNTZD => Moved successfully.
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb => Moved successfully.
webinstrNew => Service stopped successfully.
webinstrNew => Service deleted successfully.
C:\Windows\system32\DRIVERS\webinstrNew.sys => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{471E9656-4A9E-4F2D-B55E-50875C166E14}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{471E9656-4A9E-4F2D-B55E-50875C166E14}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2565251152-1528942193-4253351456-500" => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Uninstall\ConvertAd => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\TermTutor => Key Deleted successfully.
EmptyTemp: => Removed 66.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Code:

ATTFilter

HitmanPro 3.7.9.225
www.hitmanpro.com

   Computer name . . . . : HEGGENSBERGER
   Windows . . . . . . . : 6.3.0.9600.X86/4
   User name . . . . . . : HEGGENSBERGER\HP
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-10-21 18:27:03
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 56s
   Disk access mode  . . : Direct disk access (FsdHigh)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 7
   Traces  . . . . . . . : 14

   Objects scanned . . . : 756.122
   Files scanned . . . . : 14.630
   Remnants scanned  . . : 211.773 files / 529.719 keys

Malware _____________________________________________________________________

   C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\setup_mbot_de[1].exe -> Deleted
      Size . . . . . . . : 3.318.008 bytes
      Age  . . . . . . . : 9.2 days (2014-10-12 13:12:15)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : BC3AFBA10AEA74F8F9384AA8A89708703AF0F4437741B8CD4FBB6668567B15A1
      Product  . . . . . :                                                             
      Publisher  . . . . :                                                             
      Description  . . . :                                                             
      Version
      LanguageID . . . . : 0
    > Bitdefender  . . . : Adware.Eorezo.BR
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Eorezo.emv
      Fuzzy  . . . . . . : 112.0
      Forensic Cluster
         -45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC35BD21-A696-4214-83E1-D3642F742E1B}
         -44.9s C:\Users\HP\AppData\Local\Temp\is45637729\
         -44.9s C:\Users\HP\AppData\Local\Temp\is45637729\
         -44.9s C:\Users\HP\AppData\Local\Temp\is45637729\
         -44.9s C:\Users\HP\AppData\Local\Temp\is45637729\
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -38.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -22.2s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\
         -22.2s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\Oct6_sweet-page.exe
         -21.0s C:\ProgramData\Thunder Network\
         -21.0s C:\ProgramData\Thunder Network\DownloadLib\
         -21.0s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
         -21.0s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
         -20.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E594B87C-F25C-4360-9EFF-71CB93044A4F}
         -20.0s C:\ProgramData\Xunlei\XLCompact\
         -20.0s C:\ProgramData\Xunlei\
         -20.0s C:\ProgramData\Xunlei\XLCompact\XLDownEngine.stat
         -17.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\
         -17.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
         -17.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
         -17.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
         -13.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E0419FCF-02D6-422B-90A6-81388B6A6E43}
         -7.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D88F5F16-5EDB-40B8-9903-12657AB10B4B}
         -6.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
         -6.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
         -6.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\rcpsetup_adppi15_adppi15.exe
         -3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         -3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         -3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         -1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ABCF3865-3912-473D-8BDE-4F34CC17409F}
         -0.5s C:\Windows\Prefetch\GENERIC_VO.EXE-258B7E67.pf
          0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\setup_mbot_de[1].exe
          1.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
          1.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
          1.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
          3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
          3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
          7.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F693A391-6A6A-4E40-95C3-0672B6839DE8}
          7.2s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
          7.2s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
          9.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\UninstallManager.exe.vir
          9.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\uninstallDlg2.xml.vir
          9.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\MessageBox.xml.vir
          9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg.png.vir
          9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg1.png.vir
          9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bk_shadow.png.vir
          9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button.png.vir
          9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button1.png.vir
          9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox.png.vir
          9.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox_select.png.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checked.png.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\close.png.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_bg.png.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_light.png.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\min.png.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\scrollbar.bmp.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\Thumbs.db.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\unchecked.png.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code1.jpg.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code2.jpg.vir
          9.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code3.jpg.vir
          9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code4.jpg.vir
          9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code5.jpg.vir
          9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code6.jpg.vir
          9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\Thumbs.db.vir
          9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\294.json.vir
          9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
          9.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
         14.2s C:\Users\HP\AppData\Local\Programs\
         14.2s C:\Users\HP\AppData\Local\Programs\Common\
         14.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6861938-4B8A-4E0A-8D89-730DED6EEA9D}
         15.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD5C6EDE-2AF7-4524-BBD0-B71B42510CA2}
         15.7s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.dat.vir
         15.7s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.exe.vir
         16.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AC49A0B0197C349D70479AFCAACF58BB
         18.0s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\predm.exe.vir
         20.4s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\mybestofferstoday_widget.exe.vir
         20.7s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday\MyBestOffersToday.lnk.vir
         20.7s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.msg.vir
         21.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\mbot_de_145\1.20\cnf.cyl.vir
         21.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\upmbot_de_145.cyl.vir
         21.3s C:\Windows\Prefetch\NSAD29E.TMP-B509BFC1.pf
         21.9s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\NRW6L1C9\BlockAndSurf_2222-5510[1].exe
         22.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A5FACA3B-1973-40B2-80CB-9D0CF9DCCD4F}
         22.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6B12A7AA-C1F4-40BC-A299-716422CF91AF}
         25.4s C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir
         26.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5D622A79-7F38-4FE0-B94A-86537F3F20FF}
         26.6s C:\Windows\System32\LogFiles\Scm\989a5c20-c98d-417c-b6ee-78e290e34774
         29.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21F6DA95-CD45-4B32-B40A-730D00EE186C}
         30.2s C:\Windows\System32\LogFiles\Scm\e54ecce2-55e3-4510-98ce-747ae04fec2a
         30.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3FC9B0D6-0C60-4347-A9C0-D6ACC06A966D}
         31.1s C:\Windows\Prefetch\UPMBOT_DE_145.EXE-CFBD6794.pf
         35.5s C:\Windows\Prefetch\REGCLEANPRO.EXE-7C96B5A3.pf
         39.6s C:\Windows\Prefetch\SYSTWEAKASP.TMP-F369339B.pf
         46.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1376E394-7CA5-49C5-9513-694A0728B8D8}
         47.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7AAE57C-7FBC-410F-9680-4CFD934AD7D5}
         49.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3D81F0E24483216681D9F91762405B57
         57.0s C:\Windows\Prefetch\ASPSETUP.TMP-1B570E8D.pf
         57.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{49FDC04E-6F47-4EBF-BEA8-EA4649EA5632}
         61.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8T57REOA\ConvertAdSetup[1].exe
         63.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ACFAD2426B5EAA098A8DAAC3A2AD70F6
         63.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\335555FD86C023C6294557666A778C1D
         65.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
         65.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
         70.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
         70.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
         70.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
         70.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
         79.3s C:\Windows\Prefetch\CSCRIPT.EXE-AC3ABA62.pf
         79.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{195F1083-3E88-48A7-8BE0-59B78C41C31E}
         79.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BBF9C108-F869-4C49-A3E0-BAE1D9721AC7}
         80.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{79B61EA9-6B13-4FDA-90D3-9DE1C4AAC2E5}
         80.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9FF2F852-22A0-44A9-8FE1-044EB58A6D76}
         80.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F7DB99D0-AB4E-497F-875A-FEDD01B92F1E}
         84.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EB48FC0-C8F6-4645-B0E9-FE3923819FBB}
         88.9s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
         88.9s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
         89.0s C:\Users\HP\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\AdvancedSystemProtector.exe.log
         89.0s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\ConvertAd\Uninstall.exe.vir
         90.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9828C594-6399-4E6C-9807-8BDB75F2C81D}
         91.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         91.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         91.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         91.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{41D7FC49-E01B-4F3F-BF15-0EEC70AB3B3A}
         92.0s C:\Windows\Prefetch\NSIBE9A.TMP-C5B6DF45.pf

   C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8T57REOA\ConvertAdSetup[1].exe -> Quarantined
      Size . . . . . . . : 1.211.759 bytes
      Age  . . . . . . . : 9.2 days (2014-10-12 13:13:16)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 6E7F69EFC681DC27BFF3C09F65305FBA01B2168CA5753F9116ADE4AB9A1984A9
      Product  . . . . . : ConvertAd
      Publisher  . . . . : ConvertAd.com
      Description  . . . : ConvertAd
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Bitdefender  . . . : Application.Generic.833997
      Fuzzy  . . . . . . : 109.0
      Forensic Cluster
         -106.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC35BD21-A696-4214-83E1-D3642F742E1B}
         -105.8s C:\Users\HP\AppData\Local\Temp\is45637729\
         -105.8s C:\Users\HP\AppData\Local\Temp\is45637729\
         -105.8s C:\Users\HP\AppData\Local\Temp\is45637729\
         -105.8s C:\Users\HP\AppData\Local\Temp\is45637729\
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -99.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -83.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\
         -83.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\Oct6_sweet-page.exe
         -82.0s C:\ProgramData\Thunder Network\
         -82.0s C:\ProgramData\Thunder Network\DownloadLib\
         -82.0s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
         -82.0s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
         -81.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E594B87C-F25C-4360-9EFF-71CB93044A4F}
         -81.0s C:\ProgramData\Xunlei\XLCompact\
         -81.0s C:\ProgramData\Xunlei\
         -81.0s C:\ProgramData\Xunlei\XLCompact\XLDownEngine.stat
         -78.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\
         -78.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
         -78.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
         -78.7s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
         -74.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E0419FCF-02D6-422B-90A6-81388B6A6E43}
         -68.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D88F5F16-5EDB-40B8-9903-12657AB10B4B}
         -67.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
         -67.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
         -67.9s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\rcpsetup_adppi15_adppi15.exe
         -64.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         -64.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         -64.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         -62.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ABCF3865-3912-473D-8BDE-4F34CC17409F}
         -61.5s C:\Windows\Prefetch\GENERIC_VO.EXE-258B7E67.pf
         -61.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\setup_mbot_de[1].exe
         -60.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
         -60.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
         -60.0s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
         -57.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
         -57.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
         -53.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F693A391-6A6A-4E40-95C3-0672B6839DE8}
         -53.8s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
         -53.8s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
         -51.7s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\UninstallManager.exe.vir
         -51.7s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\uninstallDlg2.xml.vir
         -51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\MessageBox.xml.vir
         -51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg.png.vir
         -51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg1.png.vir
         -51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bk_shadow.png.vir
         -51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button.png.vir
         -51.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button1.png.vir
         -51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox.png.vir
         -51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox_select.png.vir
         -51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checked.png.vir
         -51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\close.png.vir
         -51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_bg.png.vir
         -51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_light.png.vir
         -51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\min.png.vir
         -51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\scrollbar.bmp.vir
         -51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\Thumbs.db.vir
         -51.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\unchecked.png.vir
         -51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code1.jpg.vir
         -51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code2.jpg.vir
         -51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code3.jpg.vir
         -51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code4.jpg.vir
         -51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code5.jpg.vir
         -51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code6.jpg.vir
         -51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\Thumbs.db.vir
         -51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\294.json.vir
         -51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
         -51.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
         -46.8s C:\Users\HP\AppData\Local\Programs\
         -46.8s C:\Users\HP\AppData\Local\Programs\Common\
         -46.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6861938-4B8A-4E0A-8D89-730DED6EEA9D}
         -45.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD5C6EDE-2AF7-4524-BBD0-B71B42510CA2}
         -45.3s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.dat.vir
         -45.2s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.exe.vir
         -44.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AC49A0B0197C349D70479AFCAACF58BB
         -42.9s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\predm.exe.vir
         -40.6s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\mybestofferstoday_widget.exe.vir
         -40.3s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday\MyBestOffersToday.lnk.vir
         -40.2s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.msg.vir
         -39.9s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\mbot_de_145\1.20\cnf.cyl.vir
         -39.7s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\upmbot_de_145.cyl.vir
         -39.6s C:\Windows\Prefetch\NSAD29E.TMP-B509BFC1.pf
         -39.1s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\NRW6L1C9\BlockAndSurf_2222-5510[1].exe
         -38.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A5FACA3B-1973-40B2-80CB-9D0CF9DCCD4F}
         -38.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6B12A7AA-C1F4-40BC-A299-716422CF91AF}
         -35.5s C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir
         -35.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5D622A79-7F38-4FE0-B94A-86537F3F20FF}
         -34.4s C:\Windows\System32\LogFiles\Scm\989a5c20-c98d-417c-b6ee-78e290e34774
         -31.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21F6DA95-CD45-4B32-B40A-730D00EE186C}
         -30.8s C:\Windows\System32\LogFiles\Scm\e54ecce2-55e3-4510-98ce-747ae04fec2a
         -30.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3FC9B0D6-0C60-4347-A9C0-D6ACC06A966D}
         -29.8s C:\Windows\Prefetch\UPMBOT_DE_145.EXE-CFBD6794.pf
         -25.5s C:\Windows\Prefetch\REGCLEANPRO.EXE-7C96B5A3.pf
         -21.3s C:\Windows\Prefetch\SYSTWEAKASP.TMP-F369339B.pf
         -14.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1376E394-7CA5-49C5-9513-694A0728B8D8}
         -13.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7AAE57C-7FBC-410F-9680-4CFD934AD7D5}
         -11.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3D81F0E24483216681D9F91762405B57
         -4.0s C:\Windows\Prefetch\ASPSETUP.TMP-1B570E8D.pf
         -3.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{49FDC04E-6F47-4EBF-BEA8-EA4649EA5632}
          0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8T57REOA\ConvertAdSetup[1].exe
          2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ACFAD2426B5EAA098A8DAAC3A2AD70F6
          2.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\335555FD86C023C6294557666A778C1D
          4.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
          4.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
          9.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
          9.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
          9.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
          9.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
         18.3s C:\Windows\Prefetch\CSCRIPT.EXE-AC3ABA62.pf
         18.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{195F1083-3E88-48A7-8BE0-59B78C41C31E}
         18.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BBF9C108-F869-4C49-A3E0-BAE1D9721AC7}
         19.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{79B61EA9-6B13-4FDA-90D3-9DE1C4AAC2E5}
         19.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9FF2F852-22A0-44A9-8FE1-044EB58A6D76}
         19.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F7DB99D0-AB4E-497F-875A-FEDD01B92F1E}
         23.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EB48FC0-C8F6-4645-B0E9-FE3923819FBB}
         28.0s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
         28.0s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
         28.0s C:\Users\HP\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\AdvancedSystemProtector.exe.log
         28.0s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\ConvertAd\Uninstall.exe.vir
         29.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9828C594-6399-4E6C-9807-8BDB75F2C81D}
         30.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         30.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         30.1s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         30.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{41D7FC49-E01B-4F3F-BF15-0EEC70AB3B3A}
         31.0s C:\Windows\Prefetch\NSIBE9A.TMP-C5B6DF45.pf

   C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\NRW6L1C9\BlockAndSurf_2222-5510[1].exe -> Quarantined
      Size . . . . . . . : 6.510.142 bytes
      Age  . . . . . . . : 9.2 days (2014-10-12 13:12:37)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 6E44ACA076F445B14F9EC8268EAFF0D20AEAD154ED38355D3B602F12F87FEB76
    > Bitdefender  . . . : Adware.AddLyrics.BG
      Fuzzy  . . . . . . : 110.0
      Forensic Cluster
         -67.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC35BD21-A696-4214-83E1-D3642F742E1B}
         -66.8s C:\Users\HP\AppData\Local\Temp\is45637729\
         -66.8s C:\Users\HP\AppData\Local\Temp\is45637729\
         -66.8s C:\Users\HP\AppData\Local\Temp\is45637729\
         -66.8s C:\Users\HP\AppData\Local\Temp\is45637729\
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -60.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -44.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\
         -44.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\Oct6_sweet-page.exe
         -42.9s C:\ProgramData\Thunder Network\
         -42.9s C:\ProgramData\Thunder Network\DownloadLib\
         -42.9s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
         -42.9s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
         -42.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E594B87C-F25C-4360-9EFF-71CB93044A4F}
         -41.9s C:\ProgramData\Xunlei\XLCompact\
         -41.9s C:\ProgramData\Xunlei\
         -41.9s C:\ProgramData\Xunlei\XLCompact\XLDownEngine.stat
         -39.6s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\
         -39.6s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
         -39.6s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
         -39.6s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
         -35.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E0419FCF-02D6-422B-90A6-81388B6A6E43}
         -29.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D88F5F16-5EDB-40B8-9903-12657AB10B4B}
         -28.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
         -28.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
         -28.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\rcpsetup_adppi15_adppi15.exe
         -25.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         -25.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         -25.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         -23.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ABCF3865-3912-473D-8BDE-4F34CC17409F}
         -22.4s C:\Windows\Prefetch\GENERIC_VO.EXE-258B7E67.pf
         -21.9s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\setup_mbot_de[1].exe
         -20.9s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
         -20.9s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
         -20.9s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
         -18.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
         -18.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
         -14.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F693A391-6A6A-4E40-95C3-0672B6839DE8}
         -14.7s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
         -14.7s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
         -12.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\UninstallManager.exe.vir
         -12.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\uninstallDlg2.xml.vir
         -12.6s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\MessageBox.xml.vir
         -12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg.png.vir
         -12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg1.png.vir
         -12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bk_shadow.png.vir
         -12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button.png.vir
         -12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button1.png.vir
         -12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox.png.vir
         -12.5s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox_select.png.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checked.png.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\close.png.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_bg.png.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_light.png.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\min.png.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\scrollbar.bmp.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\Thumbs.db.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\unchecked.png.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code1.jpg.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code2.jpg.vir
         -12.4s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code3.jpg.vir
         -12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code4.jpg.vir
         -12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code5.jpg.vir
         -12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code6.jpg.vir
         -12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\Thumbs.db.vir
         -12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\294.json.vir
         -12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
         -12.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
         -7.7s C:\Users\HP\AppData\Local\Programs\
         -7.7s C:\Users\HP\AppData\Local\Programs\Common\
         -7.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6861938-4B8A-4E0A-8D89-730DED6EEA9D}
         -6.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD5C6EDE-2AF7-4524-BBD0-B71B42510CA2}
         -6.2s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.dat.vir
         -6.2s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.exe.vir
         -5.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AC49A0B0197C349D70479AFCAACF58BB
         -3.9s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\predm.exe.vir
         -1.5s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\mybestofferstoday_widget.exe.vir
         -1.2s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday\MyBestOffersToday.lnk.vir
         -1.2s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.msg.vir
         -0.8s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\mbot_de_145\1.20\cnf.cyl.vir
         -0.7s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\upmbot_de_145.cyl.vir
         -0.6s C:\Windows\Prefetch\NSAD29E.TMP-B509BFC1.pf
          0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\NRW6L1C9\BlockAndSurf_2222-5510[1].exe
          0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A5FACA3B-1973-40B2-80CB-9D0CF9DCCD4F}
          0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6B12A7AA-C1F4-40BC-A299-716422CF91AF}
          3.5s C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir
          4.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5D622A79-7F38-4FE0-B94A-86537F3F20FF}
          4.7s C:\Windows\System32\LogFiles\Scm\989a5c20-c98d-417c-b6ee-78e290e34774
          7.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21F6DA95-CD45-4B32-B40A-730D00EE186C}
          8.3s C:\Windows\System32\LogFiles\Scm\e54ecce2-55e3-4510-98ce-747ae04fec2a
          8.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3FC9B0D6-0C60-4347-A9C0-D6ACC06A966D}
          9.2s C:\Windows\Prefetch\UPMBOT_DE_145.EXE-CFBD6794.pf
         13.6s C:\Windows\Prefetch\REGCLEANPRO.EXE-7C96B5A3.pf
         17.7s C:\Windows\Prefetch\SYSTWEAKASP.TMP-F369339B.pf
         24.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1376E394-7CA5-49C5-9513-694A0728B8D8}
         25.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7AAE57C-7FBC-410F-9680-4CFD934AD7D5}
         27.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3D81F0E24483216681D9F91762405B57
         35.1s C:\Windows\Prefetch\ASPSETUP.TMP-1B570E8D.pf
         35.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{49FDC04E-6F47-4EBF-BEA8-EA4649EA5632}
         39.1s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8T57REOA\ConvertAdSetup[1].exe
         41.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ACFAD2426B5EAA098A8DAAC3A2AD70F6
         41.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\335555FD86C023C6294557666A778C1D
         43.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
         43.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
         48.5s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
         48.5s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
         48.8s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
         48.8s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
         57.4s C:\Windows\Prefetch\CSCRIPT.EXE-AC3ABA62.pf
         57.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{195F1083-3E88-48A7-8BE0-59B78C41C31E}
         58.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BBF9C108-F869-4C49-A3E0-BAE1D9721AC7}
         58.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{79B61EA9-6B13-4FDA-90D3-9DE1C4AAC2E5}
         58.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9FF2F852-22A0-44A9-8FE1-044EB58A6D76}
         58.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F7DB99D0-AB4E-497F-875A-FEDD01B92F1E}
         62.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EB48FC0-C8F6-4645-B0E9-FE3923819FBB}
         67.0s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
         67.0s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
         67.1s C:\Users\HP\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\AdvancedSystemProtector.exe.log
         67.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\ConvertAd\Uninstall.exe.vir
         68.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9828C594-6399-4E6C-9807-8BDB75F2C81D}
         69.2s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         69.2s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         69.2s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         69.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{41D7FC49-E01B-4F3F-BF15-0EEC70AB3B3A}
         70.1s C:\Windows\Prefetch\NSIBE9A.TMP-C5B6DF45.pf

   C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\VDM8A4PL\SPSetup[1].exe -> Deleted
      Size . . . . . . . : 7.353.072 bytes
      Age  . . . . . . . : 9.2 days (2014-10-12 13:02:26)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : C721916999E274F7C155A6FB16F04C60750590F8DCB0C43CE353BB0C3787357A
      Product  . . . . . : Search Protect
      Publisher  . . . . : Client Connect LTD
      Description  . . . : Search Protect
      Version  . . . . . : 2.17.26.7
      LanguageID . . . . : 0
    > Bitdefender  . . . : Application.SearchProtect.R
    > Kaspersky  . . . . : not-a-virus:WebToolbar.NSIS.Agent.n
      Fuzzy  . . . . . . : 104.0

   C:\Users\HP\AppData\Local\Temp\hAUK6.exe -> Quarantined
      Size . . . . . . . : 402.944 bytes
      Age  . . . . . . . : 9.2 days (2014-10-12 13:00:56)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 8E04BB51BB855A70A38987442D1056BB738F4298AC4CFA17489E356B7B4E48CA
      Product  . . . . . :  
      Description
      Copyright  . . . . : Copyright (C) 2014
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Gen:Variant.Adware.Zusy.91730
      Fuzzy  . . . . . . : 105.0

   C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe -> Quarantined
      Size . . . . . . . : 1.104.088 bytes
      Age  . . . . . . . : 9.2 days (2014-10-12 13:11:57)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : C90802B073D4E2DB8529B1A777C32B7A9F35A6281918A37A3F1789DD3D111904
      Needs elevation  . : Yes
      Product  . . . . . : Term Tutor
      Publisher  . . . . : Term Tutor
      Description  . . . : Term Tutor Setup
      Version  . . . . . : 1.9.0.8
      LanguageID . . . . : 0
    > Bitdefender  . . . : Adware.Vitruvian.A
      Fuzzy  . . . . . . : 109.0
      Forensic Cluster
         -27.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC35BD21-A696-4214-83E1-D3642F742E1B}
         -27.1s C:\Users\HP\AppData\Local\Temp\is45637729\
         -27.1s C:\Users\HP\AppData\Local\Temp\is45637729\
         -27.1s C:\Users\HP\AppData\Local\Temp\is45637729\
         -27.1s C:\Users\HP\AppData\Local\Temp\is45637729\
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -21.1s C:\Users\HP\AppData\Local\Temp\is45637729\77669533_stp\Generic_vo.exe
         -4.4s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\
         -4.4s C:\Users\HP\AppData\Local\Temp\is45637729\77669869_stp\Oct6_sweet-page.exe
         -3.3s C:\ProgramData\Thunder Network\
         -3.3s C:\ProgramData\Thunder Network\DownloadLib\
         -3.3s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
         -3.3s C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat
         -2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E594B87C-F25C-4360-9EFF-71CB93044A4F}
         -2.3s C:\ProgramData\Xunlei\XLCompact\
         -2.3s C:\ProgramData\Xunlei\
         -2.3s C:\ProgramData\Xunlei\XLCompact\XLDownEngine.stat
         -0.0s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\
          0.0s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
          0.0s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
          0.0s C:\Users\HP\AppData\Local\Temp\is45637729\77669931_stp\termtutor-setup-1.9.0.8.exe
          4.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E0419FCF-02D6-422B-90A6-81388B6A6E43}
          9.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D88F5F16-5EDB-40B8-9903-12657AB10B4B}
         10.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
         10.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\
         10.8s C:\Users\HP\AppData\Local\Temp\is45637729\77669948_stp\rcpsetup_adppi15_adppi15.exe
         14.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         14.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         14.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{961F664B-379F-4BEC-9D5D-6B048A150626}
         16.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ABCF3865-3912-473D-8BDE-4F34CC17409F}
         17.3s C:\Windows\Prefetch\GENERIC_VO.EXE-258B7E67.pf
         17.7s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\setup_mbot_de[1].exe
         18.8s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
         18.8s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
         18.8s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
         21.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
         21.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B0E4810F-B3F3-4754-A9E8-978D4478B762}
         24.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F693A391-6A6A-4E40-95C3-0672B6839DE8}
         25.0s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
         25.0s C:\Windows\Prefetch\RCPSETUP_ADPPI15_ADPPI15.TMP-8D4D610F.pf
         27.0s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\UninstallManager.exe.vir
         27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\uninstallDlg2.xml.vir
         27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\MessageBox.xml.vir
         27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg.png.vir
         27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bg1.png.vir
         27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\bk_shadow.png.vir
         27.1s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button.png.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\button1.png.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox.png.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checkbox_select.png.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\checked.png.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\close.png.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_bg.png.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\loading_light.png.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\min.png.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\scrollbar.bmp.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\Thumbs.db.vir
         27.2s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\unchecked.png.vir
         27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code1.jpg.vir
         27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code2.jpg.vir
         27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code3.jpg.vir
         27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code4.jpg.vir
         27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code5.jpg.vir
         27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\code6.jpg.vir
         27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\images\code\Thumbs.db.vir
         27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\294.json.vir
         27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
         27.3s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Roaming\sweet-page\un.ini.vir
         31.9s C:\Users\HP\AppData\Local\Programs\
         31.9s C:\Users\HP\AppData\Local\Programs\Common\
         32.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6861938-4B8A-4E0A-8D89-730DED6EEA9D}
         33.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD5C6EDE-2AF7-4524-BBD0-B71B42510CA2}
         33.5s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.dat.vir
         33.5s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.exe.vir
         34.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AC49A0B0197C349D70479AFCAACF58BB
         35.8s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\predm.exe.vir
         38.1s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\mybestofferstoday_widget.exe.vir
         38.4s C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday\MyBestOffersToday.lnk.vir
         38.5s C:\AdwCleaner\Quarantine\C\Program Files\mbot_de_145\unins000.msg.vir
         38.9s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\mbot_de_145\1.20\cnf.cyl.vir
         39.0s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\mbot_de_145\upmbot_de_145.cyl.vir
         39.1s C:\Windows\Prefetch\NSAD29E.TMP-B509BFC1.pf
         39.6s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\NRW6L1C9\BlockAndSurf_2222-5510[1].exe
         39.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A5FACA3B-1973-40B2-80CB-9D0CF9DCCD4F}
         39.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6B12A7AA-C1F4-40BC-A299-716422CF91AF}
         43.2s C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir
         43.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5D622A79-7F38-4FE0-B94A-86537F3F20FF}
         44.4s C:\Windows\System32\LogFiles\Scm\989a5c20-c98d-417c-b6ee-78e290e34774
         47.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21F6DA95-CD45-4B32-B40A-730D00EE186C}
         47.9s C:\Windows\System32\LogFiles\Scm\e54ecce2-55e3-4510-98ce-747ae04fec2a
         48.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3FC9B0D6-0C60-4347-A9C0-D6ACC06A966D}
         48.9s C:\Windows\Prefetch\UPMBOT_DE_145.EXE-CFBD6794.pf
         53.2s C:\Windows\Prefetch\REGCLEANPRO.EXE-7C96B5A3.pf
         57.4s C:\Windows\Prefetch\SYSTWEAKASP.TMP-F369339B.pf
         64.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1376E394-7CA5-49C5-9513-694A0728B8D8}
         65.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7AAE57C-7FBC-410F-9680-4CFD934AD7D5}
         66.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3D81F0E24483216681D9F91762405B57
         74.7s C:\Windows\Prefetch\ASPSETUP.TMP-1B570E8D.pf
         75.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{49FDC04E-6F47-4EBF-BEA8-EA4649EA5632}
         78.7s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8T57REOA\ConvertAdSetup[1].exe
         80.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ACFAD2426B5EAA098A8DAAC3A2AD70F6
         81.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\335555FD86C023C6294557666A778C1D
         83.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
         83.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DAE9220F-2521-4AAE-AF21-9E61E4A02B71}
         88.1s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
         88.1s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
         88.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
         88.4s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
         97.0s C:\Windows\Prefetch\CSCRIPT.EXE-AC3ABA62.pf
         97.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{195F1083-3E88-48A7-8BE0-59B78C41C31E}
         97.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BBF9C108-F869-4C49-A3E0-BAE1D9721AC7}
         97.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{79B61EA9-6B13-4FDA-90D3-9DE1C4AAC2E5}
         97.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9FF2F852-22A0-44A9-8FE1-044EB58A6D76}
         97.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F7DB99D0-AB4E-497F-875A-FEDD01B92F1E}
         101.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EB48FC0-C8F6-4645-B0E9-FE3923819FBB}
         106.7s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
         106.7s C:\Windows\System32\LogFiles\Scm\f41226da-977a-4926-9745-3addc7d2dd19
         106.7s C:\Users\HP\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\AdvancedSystemProtector.exe.log
         106.7s C:\AdwCleaner\Quarantine\C\Users\HP\AppData\Local\ConvertAd\Uninstall.exe.vir
         107.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9828C594-6399-4E6C-9807-8BDB75F2C81D}
         108.8s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         108.8s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         108.8s C:\Windows\Prefetch\CAWRAPPER.EXE-4E5430D4.pf
         109.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{41D7FC49-E01B-4F3F-BF15-0EEC70AB3B3A}
         109.7s C:\Windows\Prefetch\NSIBE9A.TMP-C5B6DF45.pf

   C:\Users\HP\AppData\Local\Temp\n8696\VOPackage.exe -> Quarantined
      Size . . . . . . . : 284.637 bytes
      Age  . . . . . . . : 9.2 days (2014-10-12 13:00:36)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 45871B60700DADC2194CBFEE6E5ED3AA5C27CC894FF03D5810CD05F46BB8635D
      Product
      Publisher  . . . . :  
      Description  . . . : install
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Kaspersky  . . . . : Trojan-Downloader.NSIS.Agent.ox
      Fuzzy  . . . . . . : 112.0


Suspicious files ____________________________________________________________

   C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\FRST[1].exe
      Size . . . . . . . : 1.102.848 bytes
      Age  . . . . . . . : 1.0 days (2014-10-20 18:06:40)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1734B22637E54C04204E2BC545933B447C45E95CA2BB58DE198E981BA66FAC9A
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -3.2s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_de-de_3be922cae7f7c5ea\appobj.dll.mui
         -3.0s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_de-de_3be922cae7f7c5ea\uihelper.dll.mui
         -3.0s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_de-de_3be922cae7f7c5ea\iisres.dll.mui
         -0.8s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_it-it_7184c1eda100bf34\appobj.dll.mui
         -0.6s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_it-it_7184c1eda100bf34\uihelper.dll.mui
         -0.5s C:\Windows\WinSxS\x86_microsoft-windows-i..libraries.resources_31bf3856ad364e35_6.3.9600.16384_it-it_7184c1eda100bf34\iisres.dll.mui
          0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\8DG94NWB\FRST[1].exe
          1.8s C:\Windows\WinSxS\x86_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.3.9600.16384_de-de_7b1c9f56525fc7c2\iis.msc
          2.3s C:\Windows\WinSxS\x86_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.3.9600.16384_it-it_b0b83e790b68c10c\iis.msc
          2.3s C:\Windows\WinSxS\x86_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.3.9600.16384_it-it_b0b83e790b68c10c\iis.msc
          2.3s C:\Windows\WinSxS\x86_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.3.9600.16384_it-it_b0b83e790b68c10c\iis.msc
          2.8s C:\Windows\WinSxS\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.0.9600.16384_none_36e06c997c6fb32e\inetcpl.cpl

   C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\OIQOA9AK\FRST[1].exe
      Size . . . . . . . : 1.102.336 bytes
      Age  . . . . . . . : 0.9 days (2014-10-20 21:59:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : EB2816E82B7BA8B46B36637F9A94B809EFF8B9BA7B003015C29B0FA86A36D2BB
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\OIQOA9AK\FRST[1].exe
          0.0s C:\Users\HP\Desktop\FRST.exe

   C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\VDM8A4PL\FRST[1].exe
      Size . . . . . . . : 1.103.360 bytes
      Age  . . . . . . . : 2.2 days (2014-10-19 13:20:51)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : CA139C24BFF3F6F049AD8389DD893C943BEA87388387A2D1A518C05D45767EF2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\HP\Desktop\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1.102.848 bytes
      Age  . . . . . . . : 4.9 days (2014-10-16 20:37:12)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1734B22637E54C04204E2BC545933B447C45E95CA2BB58DE198E981BA66FAC9A
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -140.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001270
         -140.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001270
         -135.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001271
         -135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
         -135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
         -135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
         -135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
         -125.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001273
         -110.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001274
         -94.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001277
         -90.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_984068_02.sqm
         -90.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238784_03.sqm
         -90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457982_03.sqm
         -90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142597_04.sqm
         -90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458005_09.sqm
         -90.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_13238528_08.sqm
         -90.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457933_06.sqm
         -90.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457985_06.sqm
         -89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_6_02.sqm
         -89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_791812_02.sqm
         -89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_791812_02.sqm
         -89.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001278
         -88.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\WSqmCons_02.sqm
         -80.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001279
         -80.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127a
         -80.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127a
         -79.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127b
         -78.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127c
         -75.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127d
         -74.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127e
         -71.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127f
         -70.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001280
         -69.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001281
         -58.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001283
         -50.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001285
         -28.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001288
         -28.4s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001289
         -27.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128a
         -26.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128b
         -26.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128c
         -25.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0381C14D7D4614738FA6FFB3FBC512C5_A0E72179A9A6B71762F18EEA691E54D2
         -25.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0381C14D7D4614738FA6FFB3FBC512C5_A0E72179A9A6B71762F18EEA691E54D2
         -24.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128e
         -23.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128f
         -23.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001290
         -23.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001291
         -22.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001292
         -22.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001293
         -21.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001294
         -19.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001295
         -19.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001296
         -19.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001297
         -15.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001298
         -11.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129a
         -9.3s C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.mybet.com_0.localstorage
         -9.3s C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.mybet.com_0.localstorage-journal
         -5.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129b
         -5.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129c
          0.0s C:\Users\HP\Desktop\FRST-OlderVersion\FRST.exe
          0.0s C:\Users\HP\Desktop\Neuer Ordner\FRST-OlderVersion\FRST.exe
          1.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129d
         12.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129e
         16.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129f
         17.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a0
         31.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a1
         34.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a2
         34.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a2
         45.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a3
         45.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a3
         48.9s C:\Windows\Prefetch\FRST.EXE-476CF0A1.pf
         56.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a4
         60.3s C:\FRST\Logs\
         60.3s C:\FRST\
         60.3s C:\FRST\Hives\
         60.3s C:\FRST\Quarantine\
         64.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a5
         71.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a6
         71.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a7
         72.5s C:\FRST\Hives\ERDNT.INF
         72.5s C:\FRST\Hives\ERDNT.INF
         72.5s C:\FRST\Hives\ERDNT.CON
         72.5s C:\FRST\Hives\SYSTEM
         73.2s C:\FRST\Hives\BCD
         73.2s C:\FRST\Hives\SOFTWARE
         74.9s C:\FRST\Hives\DEFAULT
         74.9s C:\FRST\Hives\SECURITY
         74.9s C:\FRST\Hives\SAM
         74.9s C:\FRST\Hives\Users\
         74.9s C:\FRST\Hives\Users\00000001\
         74.9s C:\FRST\Hives\Users\00000001\NTUSER.DAT
         75.0s C:\FRST\Hives\Users\00000002\
         75.0s C:\FRST\Hives\Users\00000002\UsrClass.dat
         75.3s C:\FRST\Hives\ERDNT.EXE
         75.3s C:\FRST\Hives\ERDNT.EXE
         75.6s C:\FRST\Hives\ERDNTWIN.LOC
         75.6s C:\FRST\Hives\ERDNTDOS.LOC
         75.7s C:\Windows\Prefetch\CMD.EXE-CD245F9E.pf
         76.2s C:\Users\HP\Desktop\Neuer Ordner\FRST.txt
         77.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a8
         82.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a9
         110.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012aa
         110.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ab
         113.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ac
         114.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ad
         120.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ae
         134.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012af
         136.4s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b0
         139.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b1
         140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
         140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
         140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
         159.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b2
         170.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b3
         184.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b4
         184.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b5
         187.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b6
         187.7s C:\FRST\Logs\Addition_16-10-2014_20-40-19.txt
         189.7s C:\FRST\Logs\FRST_16-10-2014_20-40-21.txt

   C:\Users\HP\Desktop\FRST.exe
      Size . . . . . . . : 1.102.336 bytes
      Age  . . . . . . . : 0.9 days (2014-10-20 21:59:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : EB2816E82B7BA8B46B36637F9A94B809EFF8B9BA7B003015C29B0FA86A36D2BB
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.0s C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE\OIQOA9AK\FRST[1].exe
          0.0s C:\Users\HP\Desktop\FRST.exe

   C:\Users\HP\Desktop\Neuer Ordner\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1.102.848 bytes
      Age  . . . . . . . : 4.9 days (2014-10-16 20:37:12)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : D3409357C55C3C634B638942C12B3860DA2A429ED344CDACB86C67950416A305
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -140.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001270
         -140.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001270
         -135.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001271
         -135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
         -135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
         -135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
         -135.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001272
         -125.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001273
         -110.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001274
         -94.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001277
         -90.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_984068_02.sqm
         -90.7s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Global_13238784_03.sqm
         -90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457982_03.sqm
         -90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_142597_04.sqm
         -90.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101458005_09.sqm
         -90.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_13238528_08.sqm
         -90.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457933_06.sqm
         -90.3s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_101457985_06.sqm
         -89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_6_02.sqm
         -89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_791812_02.sqm
         -89.6s C:\ProgramData\Microsoft\Windows\Sqm\Upload\windows_Private_791812_02.sqm
         -89.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001278
         -88.4s C:\ProgramData\Microsoft\Windows\Sqm\Upload\WSqmCons_02.sqm
         -80.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001279
         -80.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127a
         -80.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127a
         -79.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127b
         -78.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127c
         -75.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127d
         -74.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127e
         -71.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00127f
         -70.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001280
         -69.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001281
         -58.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001283
         -50.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001285
         -28.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001288
         -28.4s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001289
         -27.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128a
         -26.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128b
         -26.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128c
         -25.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0381C14D7D4614738FA6FFB3FBC512C5_A0E72179A9A6B71762F18EEA691E54D2
         -25.7s C:\Users\HP\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0381C14D7D4614738FA6FFB3FBC512C5_A0E72179A9A6B71762F18EEA691E54D2
         -24.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128e
         -23.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00128f
         -23.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001290
         -23.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001291
         -22.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001292
         -22.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001293
         -21.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001294
         -19.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001295
         -19.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001296
         -19.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001297
         -15.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_001298
         -11.0s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129a
         -9.3s C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.mybet.com_0.localstorage
         -9.3s C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.mybet.com_0.localstorage-journal
         -5.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129b
         -5.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129c
          0.0s C:\Users\HP\Desktop\FRST-OlderVersion\FRST.exe
          0.0s C:\Users\HP\Desktop\Neuer Ordner\FRST-OlderVersion\FRST.exe
          1.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129d
         12.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129e
         16.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_00129f
         17.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a0
         31.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a1
         34.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a2
         34.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a2
         45.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a3
         45.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a3
         48.9s C:\Windows\Prefetch\FRST.EXE-476CF0A1.pf
         56.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a4
         60.3s C:\FRST\Logs\
         60.3s C:\FRST\
         60.3s C:\FRST\Hives\
         60.3s C:\FRST\Quarantine\
         64.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a5
         71.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a6
         71.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a7
         72.5s C:\FRST\Hives\ERDNT.INF
         72.5s C:\FRST\Hives\ERDNT.INF
         72.5s C:\FRST\Hives\ERDNT.CON
         72.5s C:\FRST\Hives\SYSTEM
         73.2s C:\FRST\Hives\BCD
         73.2s C:\FRST\Hives\SOFTWARE
         74.9s C:\FRST\Hives\DEFAULT
         74.9s C:\FRST\Hives\SECURITY
         74.9s C:\FRST\Hives\SAM
         74.9s C:\FRST\Hives\Users\
         74.9s C:\FRST\Hives\Users\00000001\
         74.9s C:\FRST\Hives\Users\00000001\NTUSER.DAT
         75.0s C:\FRST\Hives\Users\00000002\
         75.0s C:\FRST\Hives\Users\00000002\UsrClass.dat
         75.3s C:\FRST\Hives\ERDNT.EXE
         75.3s C:\FRST\Hives\ERDNT.EXE
         75.6s C:\FRST\Hives\ERDNTWIN.LOC
         75.6s C:\FRST\Hives\ERDNTDOS.LOC
         75.7s C:\Windows\Prefetch\CMD.EXE-CD245F9E.pf
         76.2s C:\Users\HP\Desktop\Neuer Ordner\FRST.txt
         77.1s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a8
         82.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012a9
         110.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012aa
         110.7s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ab
         113.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ac
         114.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ad
         120.5s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ae
         134.3s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012af
         136.4s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b0
         139.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b1
         140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
         140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
         140.3s C:\Users\HP\Desktop\Neuer Ordner\Addition.txt
         159.6s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b2
         170.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b3
         184.8s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b4
         184.9s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b5
         187.2s C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\f_0012b6
         187.7s C:\FRST\Logs\Addition_16-10-2014_20-40-19.txt
         189.7s C:\FRST\Logs\FRST_16-10-2014_20-40-21.txt


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\ (RegClean Pro) -> Deleted

Die FRST log kommen separat - zu viele Zeichen

Sabine99 · 21.10.2014, 17:54

Nun FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014 01
Ran by HP (administrator) on xxxxx on 21-10-2014 18:32:20
Running from C:\Users\HP\Desktop
Loaded Profile: HP (Available profiles: HP)
Platform: Microsoft Windows 8.1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
() C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-04-10] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-12-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-10] (Broadcom Corp)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-04-10] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-04-10] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 18:32 - 2014-10-21 18:32 - 00013964 _____ () C:\Users\HP\Desktop\FRST.txt
2014-10-21 18:31 - 2014-10-21 18:31 - 00188456 _____ () C:\Users\HP\Desktop\HitmanPro_20141021_1831.log
2014-10-21 18:30 - 2014-10-21 18:30 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-10-21 18:30 - 2014-10-21 18:30 - 00001190 _____ () C:\Windows\system32\bootdelete.lst
2014-10-21 18:25 - 2014-10-21 18:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-21 18:23 - 2014-10-21 18:25 - 10280824 _____ (SurfRight B.V.) C:\Users\HP\Desktop\HitmanPro.exe
2014-10-20 22:04 - 2014-10-20 22:04 - 00139264 _____ () C:\Users\HP\Desktop\SystemLook.exe
2014-10-20 21:56 - 2014-10-20 21:56 - 00854417 _____ () C:\Users\HP\Desktop\SecurityCheck.exe
2014-10-20 19:51 - 2014-10-20 19:51 - 02347384 _____ (ESET) C:\Users\HP\Desktop\esetsmartinstaller_deu.exe
2014-10-20 19:34 - 2014-10-20 19:34 - 00000000 ____D () C:\9bcd29b28965a011ca96fd2a
2014-10-20 18:06 - 2014-10-20 21:59 - 00000000 ____D () C:\Users\HP\Desktop\FRST-OlderVersion
2014-10-19 13:25 - 2014-10-21 17:46 - 00000000 ____D () C:\Users\HP\Desktop\Neuer Ordner
2014-10-19 13:10 - 2014-10-19 13:10 - 00000000 ____D () C:\Windows\ERUNT
2014-10-19 13:08 - 2014-10-19 13:08 - 01705698 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe
2014-10-19 12:43 - 2014-10-21 18:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 12:43 - 2014-10-19 12:43 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 12:43 - 2014-10-19 12:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-10-19 12:43 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 12:43 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 12:43 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-19 12:39 - 2014-10-19 12:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\HP\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-19 12:33 - 2014-10-19 12:33 - 284417501 _____ () C:\Windows\MEMORY.DMP
2014-10-19 12:33 - 2014-10-19 12:33 - 00619216 _____ () C:\Windows\Minidump\101914-17328-01.dmp
2014-10-19 12:14 - 2014-10-19 12:35 - 00000000 ____D () C:\AdwCleaner
2014-10-19 12:10 - 2014-10-19 12:10 - 01976320 _____ () C:\Users\HP\Desktop\AdwCleaner_4.000.exe
2014-10-16 20:49 - 2014-10-16 20:49 - 00380416 _____ () C:\Users\HP\Downloads\Gmer-19357.exe
2014-10-16 20:38 - 2014-10-21 18:32 - 00000000 ____D () C:\FRST
2014-10-16 20:37 - 2014-10-20 21:59 - 01102336 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe
2014-10-16 20:33 - 2014-10-16 20:33 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe
2014-10-16 20:23 - 2014-10-16 20:23 - 00025600 ___SH () C:\Users\HP\Downloads\Thumbs.db
2014-10-16 20:22 - 2014-10-16 20:22 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-10-16 20:14 - 2014-10-16 20:14 - 00512504 _____ () C:\Windows\Minidump\101614-12000-01.dmp
2014-10-12 15:32 - 2014-10-19 11:55 - 00001120 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2014-10-12 15:22 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-12 15:22 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 15:04 - 2014-10-12 15:04 - 00523208 _____ () C:\Windows\Minidump\101214-22593-01.dmp
2014-10-12 14:32 - 2014-10-20 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-12 14:31 - 2014-10-20 19:35 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-10-12 14:29 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-10-12 14:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-12 14:07 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-12 14:07 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-12 14:06 - 2014-10-12 14:19 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OnlineArmor
2014-10-12 14:03 - 2014-10-19 12:33 - 00000000 ____D () C:\Windows\Minidump
2014-10-12 14:03 - 2014-10-12 14:03 - 00606936 _____ () C:\Windows\Minidump\101214-26781-01.dmp
2014-10-12 14:03 - 2014-10-12 14:03 - 00003358 _____ () C:\EamClean.log
2014-10-12 13:58 - 2014-10-12 13:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\EurekaLab s.a.s
2014-10-12 13:52 - 2014-10-19 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-10-12 13:52 - 2014-10-19 13:34 - 00000000 ____D () C:\Program Files\Online Armor
2014-10-12 13:52 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-10-12 13:52 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-10-12 13:48 - 2014-10-12 13:48 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-12 13:46 - 2014-10-12 13:48 - 10696960 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\OnlineArmorSetup.exe
2014-10-12 13:33 - 2014-10-12 13:33 - 00001067 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-12 13:33 - 2014-10-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-12 13:32 - 2014-10-21 18:23 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-10-12 13:15 - 2014-10-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\ap_movie
2014-10-12 13:14 - 2014-10-12 13:14 - 00612126 _____ (CMI Limited) C:\Users\HP\AppData\Local\nsb44F.tmp
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Xunlei
2014-10-12 13:11 - 2014-10-12 13:11 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-10-12 13:07 - 2014-10-12 13:10 - 163265680 _____ (Emsisoft GmbH ) C:\Users\HP\Downloads\EmsisoftAntiMalwareSetup.exe
2014-10-12 13:02 - 2014-10-16 18:46 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-12 13:02 - 2014-10-16 18:46 - 00000000 ____D () C:\Program Files\Opera
2014-10-12 13:02 - 2014-10-12 13:02 - 00001111 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Opera Software
2014-10-12 13:02 - 2014-10-12 13:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Opera Software
2014-10-12 13:01 - 2014-10-12 13:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-12 13:00 - 2014-10-12 13:00 - 00873960 _____ (Opera Software) C:\Users\HP\Desktop\opera-23.0.1522.77-multi.exe
2014-10-12 13:00 - 2014-10-12 13:00 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia
2014-10-12 12:56 - 2014-09-22 08:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 18:28 - 2013-12-14 06:03 - 00853008 _____ () C:\Windows\system32\perfh010.dat
2014-10-21 18:28 - 2013-12-14 06:03 - 00206332 _____ () C:\Windows\system32\perfc010.dat
2014-10-21 18:28 - 2013-12-13 22:46 - 00005468 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 18:25 - 2014-04-10 06:45 - 01159712 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 18:22 - 2013-12-13 22:30 - 00028176 _____ () C:\Windows\PFRO.log
2014-10-21 18:22 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 18:22 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-21 18:02 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru
2014-10-20 21:20 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 20:48 - 2013-08-22 09:22 - 00333576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 20:45 - 2013-12-14 06:03 - 00000000 ____D () C:\Windows\it-IT
2014-10-20 20:45 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\de-DE
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\et-EE
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\en-GB
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\el-GR
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-20 20:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-20 20:44 - 2013-12-14 06:03 - 00000000 ____D () C:\Windows\system32\Drivers\it-IT
2014-10-20 20:44 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\th-TH
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\he-IL
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-10-20 20:44 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\FileManager
2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Camera
2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-10-20 20:43 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-10-20 20:14 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 20:13 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 18:17 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-19 12:22 - 2014-09-03 22:59 - 00001160 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-19 11:50 - 2013-08-22 15:08 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-10-19 11:50 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\IME
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-19 11:50 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-19 11:49 - 2013-12-14 05:51 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-10-19 11:49 - 2013-08-22 15:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ___SD () C:\Windows\system32\dsc
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\Com
2014-10-19 11:49 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Help
2014-10-16 20:26 - 2014-09-03 22:59 - 00000000 ____D () C:\Users\HP
2014-10-12 18:41 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-10-12 18:40 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-12 13:52 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\restore
2014-10-12 13:01 - 2013-08-22 09:23 - 00013554 _____ () C:\Windows\setupact.log
2014-10-12 12:57 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-12 12:42 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\LogFiles

Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\Quarantine.exe
C:\Users\HP\AppData\Local\Temp\yYKY0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 18:19

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014 01
Ran by HP at 2014-10-21 18:33:15
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse  (02/12/2014 3.0.0.23) (HKLM\...\88F3FD439A3012A11FEF853A27C299ED116ABA8D) (Version: 02/12/2014 3.0.0.23 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-10-2014 17:32:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {0FA9C72D-D3DC-41EA-AD12-0264A29FFF50} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2014-10-20] ()
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {1D4E5977-E467-459B-82E3-6C399289990D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-20] (Microsoft Corporation)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {515A8D55-B2DA-4DAC-A197-0B02F6DAE700} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2014-10-20] ()
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8F7FB3A6-5ECC-485E-B309-B4E99ABE21DD} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A02FE6A8-4963-4C7D-8D21-DC48FE3E517C} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {A1C0096D-7EF7-4283-9C87-611781AF8F49} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C37FC171-6AF7-4A02-9319-1AFF42F85373} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {DE636FF2-FD26-4241-9343-322918A02564} - System32\Tasks\Opera scheduled Autoupdate 1413111732 => C:\Program Files\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-10-12 13:32 - 2014-10-06 18:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2013-11-27 22:20 - 2013-11-27 22:20 - 00011776 _____ () C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2565251152-1528942193-4253351456-500 - Administrator - Disabled)
Gast (S-1-5-21-2565251152-1528942193-4253351456-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2565251152-1528942193-4253351456-1003 - Limited - Enabled)
HP (S-1-5-21-2565251152-1528942193-4253351456-1001 - Administrator - Enabled) => C:\Users\HP

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/21/2014 06:22:47 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (10/21/2014 06:13:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 25.0.1614.50 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10b8

Startzeit: 01cfed499db30e69

Endzeit: 60000

Anwendungspfad: C:\Program Files\Opera\25.0.1614.50\opera.exe

Berichts-ID: fdb77ce9-593c-11e4-9736-d850e69a5100

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/21/2014 05:58:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/20/2014 09:16:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/20/2014 09:01:00 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (10/21/2014 06:21:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv.dll

Error: (10/21/2014 06:21:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv.dll

Error: (10/21/2014 06:21:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst BrokerInfrastructure erreicht.

Error: (10/21/2014 06:21:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv.dll

Error: (10/21/2014 05:55:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (10/21/2014 05:55:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/21/2014 05:55:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/21/2014 05:55:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/21/2014 05:55:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ASUS HID Access Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/21/2014 05:55:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/21/2014 06:28:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (10/21/2014 06:22:47 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (10/21/2014 06:13:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe25.0.1614.5010b801cfed499db30e6960000C:\Program Files\Opera\25.0.1614.50\opera.exefdb77ce9-593c-11e4-9736-d850e69a5100

Error: (10/21/2014 05:58:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/20/2014 09:16:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/20/2014 09:01:00 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (10/20/2014 08:54:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000


CodeIntegrity Errors:
===================================
  Date: 2014-10-19 12:01:34.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:33.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:32.673
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:31.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:30.798
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:29.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:28.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:27.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 12:01:25.829
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2014-10-19 10:34:51.843
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\HP\AppData\Local\Temp\uxtiiuow.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 42%
Total physical RAM: 1933.15 MB
Available physical RAM: 1106.09 MB
Total Pagefile: 3917.15 MB
Available Pagefile: 2529.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.96 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:28.22 GB) (Free:9.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 67B602CA)

Partition: GPT Partition Type.

==================== End Of Log ============================

Code:

ATTFilter

Users shortcut scan result (x86) Version: 20-10-2014 01
Ran by HP at 2014-10-21 18:33:51
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk -> C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor\Online Armor deinstallieren.lnk -> C:\Program Files\Online Armor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor\Online Armor.lnk -> C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Deinstallieren.lnk -> C:\Program Files\Emsisoft Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Anti-Malware.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Emsisoft GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Homepage.lnk -> C:\Program Files\Emsisoft Anti-Malware\Emsisoft.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Hilfe.lnk -> C:\Program Files\Emsisoft Anti-Malware\de-de.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Live Update.Lnk -> C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS On-Screen Display.lnk -> C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSDMgr.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WinFlash.Lnk -> C:\Program Files\ASUS\WinFlash\WinFlash.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WebStorage\WebStorage.lnk -> C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe (ASUS Cloud Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources.lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\Links\Desktop.lnk -> C:\Users\HP\Desktop ()
Shortcut: C:\Users\HP\Links\Downloads.lnk -> C:\Users\HP\Downloads ()
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Emsisoft Anti-Malware.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Emsisoft GmbH)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Emsisoft GmbH)
Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office15\FIRSTRUN.EXE (Microsoft Corporation) -> /OEM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\HP\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\Users\HP\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\HP\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/
InternetURL: C:\Users\HP\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/
InternetURL: C:\Users\HP\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://support.asus.com/download
InternetURL: C:\Users\HP\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://support.asus.com/

==================== End of log =============================

M-K-D-B · 22.10.2014, 13:06

OnlineArmor ggf. nochmal deinstallieren und neu installieren.

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!

Verwende für jede Anwendung und jeden Account ein anderes Passwort.
Ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist das sehr wichtig.
Speichere keine Passwörter auf deinem PC, gib diese nicht an Dritte weiter.
Ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen.
Benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster.
Verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben.

Schritt 2
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
SpywareBlaster
Eine kurze Einführung findest du Hier

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Sabine99 · 22.10.2014, 17:45

Hallo Matthias,

danke ist jetzt alles OK ;-)

Hab nur noch eine Frage. Ich habe da noch einiges in Quarantäne.
Kann ich das bedenkenlos löschen. Das file hab ich im ersten Post mit angehängt.

Grüße, Ihr wart wieder mal meine letzte Rettung.

Sabine99

M-K-D-B · 22.10.2014, 19:37

Servus,

ja die Dinge in der Qurantäne kannst du löschen.

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Opera leitet zu anderen Seiten ....

Log-Analyse und Auswertung: Opera leitet zu anderen Seiten ....