Chrome öffnet sich automatisch, kommt Werbung (adnxs)

Pretok · 13.07.2015, 17:59

Hallo liebes Trojaner Board,

Seit gestern habe ich das Problem, dass sich Chrome automatisch startet und ein Haufen von Tabs mit Werbung öffnet (ib.adnxs.com...). Chrome öffnet sich automatisch wieder wenn ich ihn schließe. Irgendwie habe ich es geschafft gerade den Malwarebytes zu installieren und zu starten. Das Ergebnis steht noch aus.

Entschuldigung für die vielen Rechtschreibfehler. Habe ziemlich viel Panik momentan.

Vielen Dank!

M-K-D-B · 13.07.2015, 18:13

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

Pretok · 13.07.2015, 18:34

Hallo Matthias!

Malwarebytes hatte schon mal einige Viren gefunden und entfernt. Das Problem besteht weiterhin. Das automatische Öffnen von Chrome erschwert die Arbeit enorm. Existiert eine Möglichkeit Chrome vom starten zu hindern? Firefox scheint nicht infiziert zu sein.

Vielen Dank für Ihre Hilfe!

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by MinhKhoi (administrator) on MINH-PC on 13-07-2015 19:25:02
Running from C:\Users\MinhKhoi\Downloads
Loaded Profiles: MinhKhoi (Available Profiles: MinhKhoi)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Safesoft Protector\privoxy.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
() C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Spotify Ltd) C:\Users\MinhKhoi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Spotify Ltd) C:\Users\MinhKhoi\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe
(Curse, Inc) C:\Users\MinhKhoi\AppData\Roaming\Curse Client\Bin\Curse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\MinhKhoi\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\MinhKhoi\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files (x86)\i@Sky WIC\iatsky.exe
(Spotify Ltd) C:\Users\MinhKhoi\AppData\Roaming\Spotify\Spotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\nacl64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [IATSKY] => C:\Program Files (x86)\i@Sky WIC\iatsky.exe [335872 2011-07-26] ()
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-10] (Electronic Arts)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Spotify Web Helper] => C:\Users\MinhKhoi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-02] (Spotify Ltd)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [456576 2015-06-10] (Sony)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Spotify] => C:\Users\MinhKhoi\AppData\Roaming\Spotify\Spotify.exe [7504952 2015-07-02] (Spotify Ltd)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [GoogleChromeAutoLaunch_64D29EBBD6095DE27C76D9DCC05F0847] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27839144 2015-05-19] (Microsoft Corporation)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\MountPoints2: {94ce0f5a-0953-11e5-beb8-4c72b9417483} - "K:\Setup.exe" 
Startup: C:\Users\MinhKhoi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-02-23]
ShortcutTarget: Curse.lnk -> C:\Users\MinhKhoi\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-223650244-726234444-1137304623-1001] => Internet Explorer proxy is enabled
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-223650244-726234444-1137304623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MBBF361A1-104A-4067-8C8A-E67C4E372659&SearchSource=55&CUI=&UM=5&UP=SP7CF5E081-1CB1-498C-832B-1F9C614AF1C3&SSPV=
HKU\S-1-5-21-223650244-726234444-1137304623-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FB7344AC-CC7C-4AC5-8903-FD6693C64965} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FB7344AC-CC7C-4AC5-8903-FD6693C64965} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-223650244-726234444-1137304623-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-223650244-726234444-1137304623-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-223650244-726234444-1137304623-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-223650244-726234444-1137304623-1001 -> {FB7344AC-CC7C-4AC5-8903-FD6693C64965} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2E05EAAA-047A-4B66-9B46-9A00C5A103F1}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\MinhKhoi\AppData\Roaming\Mozilla\Firefox\Profiles\kaosrq9v.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-09] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-06-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-06-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-223650244-726234444-1137304623-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MinhKhoi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-16] (Apple Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\MinhKhoi\AppData\Roaming\Mozilla\Firefox\Profiles\kaosrq9v.default\Extensions\iobitascsurfingprotection@iobit.com [2014-12-04]
FF Extension: Adblock Plus - C:\Users\MinhKhoi\AppData\Roaming\Mozilla\Firefox\Profiles\kaosrq9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-02]

Chrome: 
=======
CHR Profile: C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-02]
CHR Extension: (Google Drive) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-02]
CHR Extension: (YouTube) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-02]
CHR Extension: (Google Search) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-02]
CHR Extension: (Avast SafePrice) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-04]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-08-02]
CHR Extension: (AdBlock) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-15]
CHR Extension: (Avast Online Security) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Turbo for YouTube) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgnmngkgolhffjjdaipkkjbmbnpefef [2014-07-22]
CHR Extension: (Dingit Infinite HD App) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnhnfikffkjbdnfallfpgikamegbbag [2015-05-22]
CHR Extension: (Google Wallet) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02]
CHR Extension: (Gmail) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\MinhKhoi\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-01] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-08] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2015-06-13] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-08] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-10] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
R2 PrivoxyService; C:\Program Files (x86)\Safesoft Protector\privoxy.exe [371200 2015-07-09] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-23] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-06-02] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-02] (Disc Soft Ltd)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2015-06-05] (CSR plc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2015-06-13] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-01] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 19:25 - 2015-07-13 19:25 - 00030676 _____ C:\Users\MinhKhoi\Downloads\FRST.txt
2015-07-13 19:24 - 2015-07-13 19:25 - 00000000 ____D C:\FRST
2015-07-13 19:24 - 2015-07-13 19:24 - 02133504 _____ (Farbar) C:\Users\MinhKhoi\Downloads\FRST64.exe
2015-07-13 18:56 - 2015-07-13 19:04 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-07-13 18:56 - 2015-07-13 19:04 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-07-13 18:53 - 2015-07-13 19:21 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 18:53 - 2015-07-13 18:53 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-13 18:53 - 2015-07-13 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-13 18:52 - 2015-07-13 18:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-13 18:52 - 2015-07-13 18:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 18:52 - 2015-07-13 18:42 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\MinhKhoi\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-13 18:52 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-13 18:52 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-13 18:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-13 18:37 - 2015-07-13 19:20 - 00001078 _____ C:\WINDOWS\setupact.log
2015-07-13 18:37 - 2015-07-13 18:37 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-13 18:37 - 2015-07-01 20:50 - 00017448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngiodriver_x64
2015-07-13 18:36 - 2015-07-13 19:19 - 00211202 _____ C:\WINDOWS\PFRO.log
2015-07-12 21:54 - 2015-07-12 21:54 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-07-12 09:10 - 2015-07-12 09:10 - 00000000 ___SH C:\DkHyperbootSync
2015-07-09 23:05 - 2015-07-09 23:05 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\CSO
2015-07-09 23:05 - 2015-07-09 23:05 - 00000000 ____D C:\ProgramData\Nexon
2015-07-09 16:05 - 2015-07-09 16:06 - 00000000 ____D C:\Program Files (x86)\Safesoft Protector
2015-07-09 15:59 - 2015-07-09 15:59 - 00000222 _____ C:\Users\MinhKhoi\Desktop\Counter-Strike Nexon Zombies.url
2015-07-03 22:04 - 2015-07-04 17:09 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner (4)
2015-07-02 17:43 - 2015-07-02 17:43 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\UE BOOM
2015-07-02 17:43 - 2015-07-02 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Ears
2015-07-02 17:43 - 2015-07-02 17:43 - 00000000 ____D C:\Program Files (x86)\UE BOOM Update-Assistent 1.4.52
2015-07-02 17:36 - 2015-07-02 17:36 - 11275208 _____ (Logitech, Inc.) C:\Users\MinhKhoi\Downloads\UEFWUpdate_1.4.52.exe
2015-07-01 20:56 - 2015-07-01 20:56 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-01 20:56 - 2015-07-01 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-01 20:55 - 2015-07-01 20:55 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-07-01 20:55 - 2015-07-01 20:55 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-29 18:34 - 2015-06-29 18:34 - 00000222 _____ C:\Users\MinhKhoi\Desktop\Clicker Heroes.url
2015-06-29 18:34 - 2015-06-29 18:34 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\com.playsaurus.heroclicker
2015-06-28 10:27 - 2015-06-28 10:29 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Minh Khoi
2015-06-24 20:37 - 2015-06-24 20:37 - 04053824 _____ (SEC) C:\Users\MinhKhoi\Downloads\EWS_V3.70.5.0.exe
2015-06-23 20:53 - 2015-06-23 20:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-23 19:53 - 2015-06-23 19:53 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Aufgabe 1
2015-06-20 15:20 - 2015-06-20 15:20 - 00000000 ____D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2015-06-20 15:19 - 2015-06-20 15:19 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\hpqLog
2015-06-17 19:49 - 2015-06-17 20:02 - 1073595164 _____ C:\Users\MinhKhoi\Downloads\Spiele_usbstick.zip
2015-06-16 13:35 - 2015-06-16 13:36 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner (3)
2015-06-16 13:35 - 2015-06-16 13:35 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner (2)
2015-06-16 12:27 - 2015-06-16 12:27 - 00000000 ____D C:\Users\MinhKhoi\Documents\My Games
2015-06-15 19:23 - 2015-06-15 19:23 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2015-06-15 19:22 - 2015-06-15 19:22 - 00002291 _____ C:\Users\Public\Desktop\Samsung Drucker-Diagnose.lnk
2015-06-15 19:16 - 2015-06-15 19:16 - 03439936 _____ C:\Users\MinhKhoi\Downloads\SamsungPrinterInstaller.exe
2015-06-15 18:15 - 2015-06-15 18:15 - 00000222 _____ C:\Users\MinhKhoi\Desktop\Chivalry Medieval Warfare.url
2015-06-13 12:29 - 2015-06-13 12:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-06-13 12:29 - 2015-06-13 12:29 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Intel Corporation
2015-06-13 12:28 - 2015-06-13 12:28 - 00000000 ____D C:\Users\MinhKhoi\Intel
2015-06-13 12:26 - 2015-06-13 12:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-06-13 12:26 - 2015-06-13 12:26 - 00000000 ____D C:\Intel
2015-06-13 12:26 - 2015-06-13 12:25 - 00099288 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2015-06-13 10:44 - 2015-06-13 10:44 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 19:45 - 2014-06-01 23:33 - 00000000 _____ C:\Recovery.txt
2015-07-13 19:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-13 19:24 - 2014-10-22 23:32 - 01161837 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-13 19:24 - 2014-06-02 07:13 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-223650244-726234444-1137304623-1001
2015-07-13 19:22 - 2014-06-02 19:21 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Skype
2015-07-13 19:21 - 2014-10-23 12:01 - 00000000 ___RD C:\Users\MinhKhoi\OneDrive
2015-07-13 19:21 - 2014-06-02 20:12 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Spotify
2015-07-13 19:21 - 2014-06-02 07:09 - 00000000 ____D C:\ProgramData\Origin
2015-07-13 19:20 - 2015-01-11 19:24 - 00005080 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MINH-PC-MinhKhoi Minh-PC
2015-07-13 19:19 - 2014-10-22 23:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-13 19:19 - 2014-07-15 08:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-13 19:19 - 2014-06-02 18:33 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 19:19 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-13 19:18 - 2014-06-02 20:11 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Spotify
2015-07-13 19:17 - 2014-11-16 19:39 - 00007690 _____ C:\WINDOWS\system32\--traceoff
2015-07-13 19:17 - 2014-11-16 19:34 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Sony
2015-07-13 19:17 - 2014-09-18 17:18 - 00000000 ____D C:\ProgramData\Sony
2015-07-13 19:17 - 2014-09-18 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-07-13 19:17 - 2014-09-18 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2015-07-13 19:13 - 2015-02-23 16:17 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Curse Client
2015-07-13 19:03 - 2014-06-02 18:33 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-13 18:54 - 2014-09-24 08:17 - 00006740 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-13 18:54 - 2014-09-24 07:43 - 00856738 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-13 18:54 - 2014-09-24 07:43 - 00196444 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-13 18:53 - 2015-01-12 18:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-13 18:53 - 2014-06-02 19:27 - 01474560 ___SH C:\Users\MinhKhoi\Desktop\Thumbs.db
2015-07-13 18:51 - 2014-06-02 18:41 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-13 18:47 - 2014-12-04 22:33 - 00000000 ____D C:\ProgramData\ProductData
2015-07-13 18:37 - 2014-12-04 22:33 - 00002199 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-07-13 18:37 - 2014-10-22 23:36 - 00000000 ____D C:\Users\MinhKhoi
2015-07-13 18:36 - 2014-06-04 20:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-13 18:26 - 2015-05-25 10:46 - 00070144 _____ C:\WINDOWS\SysWOW64\tasks.dll
2015-07-12 09:01 - 2014-11-08 12:43 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{82CBEA4B-27EC-4DAD-8ED4-3FA6ACCF9DC7}
2015-07-12 00:13 - 2014-06-06 22:21 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\TS3Client
2015-07-12 00:06 - 2015-01-12 18:53 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-10 21:21 - 2015-06-12 22:27 - 00003180 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMinhKhoi
2015-07-10 21:21 - 2015-06-12 22:27 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMinhKhoi.job
2015-07-10 17:28 - 2014-06-02 19:40 - 00228352 ___SH C:\Users\MinhKhoi\Downloads\Thumbs.db
2015-07-10 14:04 - 2014-06-02 07:09 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-10 14:01 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-09 23:05 - 2014-06-14 17:36 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-09 17:53 - 2015-01-12 18:53 - 00003860 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-07-09 17:53 - 2015-01-12 18:53 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-09 16:04 - 2014-06-02 18:33 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-09 15:59 - 2014-06-05 18:40 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-09 15:56 - 2014-09-18 17:18 - 00002044 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-07-09 15:56 - 2012-12-06 21:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-06 23:24 - 2014-11-03 18:48 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2014-11-03 18:48 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 10:30 - 2015-01-12 18:52 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Adobe
2015-07-04 09:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-02 22:44 - 2014-06-02 18:40 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-07-01 20:59 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-01 20:55 - 2014-06-02 18:40 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-01 20:54 - 2014-06-02 18:40 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-29 22:41 - 2014-06-02 07:05 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Packages
2015-06-28 10:36 - 2015-06-10 18:27 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\.filius
2015-06-25 18:33 - 2015-01-11 19:27 - 00003850 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1420997251
2015-06-25 18:33 - 2015-01-11 19:27 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-25 18:33 - 2015-01-11 19:27 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-24 20:37 - 2015-01-19 22:44 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-06-23 19:52 - 2015-02-16 19:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-20 15:21 - 2012-12-06 21:39 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-06-20 15:20 - 2012-12-06 21:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-06-20 15:20 - 2012-12-06 21:40 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-06-20 15:19 - 2012-08-02 05:15 - 00000000 ____D C:\SWSETUP
2015-06-19 22:28 - 2015-06-12 22:27 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-06-19 21:53 - 2014-06-03 18:40 - 00000099 _____ C:\Users\Public\LMDebug.log
2015-06-15 19:23 - 2015-01-19 22:45 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Samsung
2015-06-15 19:23 - 2015-01-19 22:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-06-15 19:23 - 2014-06-02 07:09 - 00000000 ____D C:\ProgramData\Samsung
2015-06-15 19:15 - 2015-01-01 00:02 - 00000000 __SHD C:\Users\MinhKhoi\AppData\Local\EmieBrowserModeList
2015-06-15 19:15 - 2014-11-08 12:43 - 00000000 __SHD C:\Users\MinhKhoi\AppData\Local\EmieUserList
2015-06-15 19:15 - 2014-11-08 12:43 - 00000000 __SHD C:\Users\MinhKhoi\AppData\Local\EmieSiteList
2015-06-13 12:31 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-13 12:29 - 2014-10-22 23:34 - 02008552 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-06-13 12:29 - 2012-12-06 21:40 - 00000000 ____D C:\ProgramData\Intel
2015-06-13 12:28 - 2012-12-06 21:40 - 00000000 ____D C:\Program Files\Intel
2015-06-13 12:26 - 2012-12-06 21:40 - 00016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll

==================== Files in the root of some directories =======

2014-06-02 07:07 - 2014-06-02 07:07 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\MinhKhoi\AppData\Local\Temp\hp_u_823824.exe
C:\Users\MinhKhoi\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-11 09:27

==================== End of log ============================

--- --- ---

[CODE]
Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by MinhKhoi at 2015-07-13 19:25:35
Running from C:\Users\MinhKhoi\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-223650244-726234444-1137304623-500 - Administrator - Disabled)
Gast (S-1-5-21-223650244-726234444-1137304623-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-223650244-726234444-1137304623-1003 - Limited - Enabled)
MinhKhoi (S-1-5-21-223650244-726234444-1137304623-1001 - Administrator - Enabled) => C:\Users\MinhKhoi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield™ Hardline-Beta (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Becker Content Manager (HKLM-x32\...\Becker Content Manager) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version:  - )
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
i@Sky WIC (HKLM-x32\...\i@Sky WIC) (Version: 1.1 - iatsky)
i@Sky WIC (x32 Version: 1.1 - iatsky) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.31 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{d1a77557-43bc-4f85-940a-0dcfe57b885a}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.16 - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.51.00(19.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.5.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.31 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Sniper Elite 3 Update 1 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Sniper Elite 3, âåðñèÿ 1.0 (HKLM-x32\...\Sniper Elite 3_is1) (Version: 1.0 - )
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.275 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.275 - Sony)
Spotify (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{5BF68D14-5E8F-4178-9DCC-34194C27DB64}) (Version: 6.1.4.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
UE BOOM Update-Assistent (HKLM-x32\...\{AABC2E40-7BF0-4E24-BB20-DED8905BDFBB}) (Version: 1.4.52 - Logitech, Inc.)
Unity Web Player (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Vivaldi (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Vivaldi) (Version: 1.0.94.2 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
XSplit Broadcaster (HKLM-x32\...\{31D17C3E-3D43-4C0E-B816-6730706AC390}) (Version: 2.1.1501.0626 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-07-2015 19:16:17 Removed Vegas Pro 13.0 (64-bit)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {010B5880-9965-47BC-B3F8-C8D1A20A9FC5} - System32\Tasks\Opera scheduled Autoupdate 1420997251 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
Task: {13FC0A5E-77AF-4A14-99CC-2E21119F318E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2BEE2B7F-82D3-4E0B-8D69-3642985BDAFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2F5DDD9F-2578-442C-9874-4C0283EC9987} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {3E688478-D26F-41BA-88C4-1C9DF086BD18} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {6436E179-19C9-4FF9-9453-9B19FD9C7585} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {86D17DFD-61A6-4DDE-82FC-81C4DD03945E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MINH-PC-MinhKhoi Minh-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {924B4A54-6FC2-4332-8B76-444857BA672B} - System32\Tasks\HPCeeScheduleForMinhKhoi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {96C1A14E-417C-488A-A262-CD2E7CEA58DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {9A87B413-7AEA-4555-9064-0251D9E99FC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: {9CC51698-5446-4271-BDB1-78410B510B99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE5FB5AE-CC24-42CF-98D5-E0B666E02B2D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B224E761-10D3-4216-8AD6-1E4F10D36700} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {B8B7402A-5EEE-45BA-B602-F2821FE80774} - System32\Tasks\ASC8_SkipUac_MinhKhoi => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit)
Task: {CF3B0B99-A334-4842-9FA3-95EB91E1D657} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {CFDCBE09-532A-4ECF-B6B6-6B4702DBE003} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {D145C36A-D742-4699-A565-34C4853777A4} - System32\Tasks\System Defrag => C:\Users\MinhKhoi\AppData\Roaming\Updater\winupd.exe [2015-05-24] () <==== ATTENTION
Task: {DA3A5AC1-8096-4D77-95C2-EEF0C489BA5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: {E734DBE6-1A39-4352-A695-E649BE7D0FEA} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-10] (IObit)
Task: {EB51E74A-9A8E-496B-9897-B3D56572726B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {EDD3644B-F3D2-4A72-9293-48CAE43E0D6C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {EF1AAA73-00ED-4CB4-8AAD-762D7A94ADB5} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-11-04] (IObit)
Task: {F97BCB6F-FC28-4F97-ABA1-64552BC46E9D} - System32\Tasks\Video Update Service => C:\Program Files (x86)\Video Update\VideoUpdate.exe [2015-05-28] (Secure Updater)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_MinhKhoi.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMinhKhoi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-10-22 23:32 - 2014-12-13 10:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2015-01-19 22:44 - 2014-04-16 10:22 - 00029184 _____ () C:\WINDOWS\System32\usp01l.dll
2014-06-02 17:23 - 2015-02-03 12:54 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-12-04 22:33 - 2014-07-11 17:04 - 01106720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-09-18 17:18 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-09-25 13:33 - 2014-09-25 13:33 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2014-04-25 13:23 - 2014-04-25 13:23 - 00027304 _____ () C:\Program Files\Microsoft Office\Office15\lynchtmlconvpxy.dll
2011-07-26 00:25 - 2011-07-26 00:25 - 00335872 _____ () C:\Program Files (x86)\i@Sky WIC\iatsky.exe
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-23 11:58 - 2014-10-23 11:58 - 00120224 _____ () C:\Users\MinhKhoi\AppData\Local\assembly\dl3\JNBN5L2Y.8X8\HOMPJTMT.3KQ\0b0d9b97\0017145d_cd85cd01\HPItunesModule.DLL
2014-12-04 22:33 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-07-01 20:55 - 2015-07-01 20:55 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 20:55 - 2015-07-01 20:55 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-13 18:47 - 2015-07-13 18:47 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071301\algo.dll
2015-01-11 19:33 - 2014-06-04 16:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2014-12-04 22:33 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2014-12-04 22:33 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2014-12-04 22:33 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-12-04 22:33 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-25 12:29 - 2015-05-08 02:36 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-09 16:05 - 2015-07-09 16:05 - 00086528 _____ () C:\Program Files (x86)\Safesoft Protector\mgwz.dll
2014-06-02 07:10 - 2015-07-10 14:03 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-09-18 17:18 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-09-18 17:18 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2015-07-09 15:56 - 2015-06-18 10:42 - 00911360 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\deviceupdate_dll.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-09-18 17:18 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-09-18 17:18 - 2015-04-21 13:22 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2014-07-09 16:35 - 2014-07-09 16:35 - 00644096 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2014-12-04 22:33 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-03-12 17:34 - 2015-07-02 17:10 - 41287224 _____ () C:\Users\MinhKhoi\AppData\Roaming\Spotify\libcef.dll
2015-01-20 22:23 - 2015-06-23 19:57 - 00393608 _____ () C:\Users\MinhKhoi\AppData\Roaming\Curse Client\Bin\opus.dll
2015-01-20 22:23 - 2015-06-23 19:57 - 00443272 _____ () C:\Users\MinhKhoi\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2015-07-09 16:04 - 2015-07-07 05:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-09 16:04 - 2015-07-07 05:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2012-12-06 21:46 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-07-01 20:55 - 2015-07-01 20:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-12 17:34 - 2015-07-02 17:10 - 01488440 _____ () C:\Users\MinhKhoi\AppData\Roaming\Spotify\libglesv2.dll
2015-03-12 17:34 - 2015-07-02 17:10 - 00079928 _____ () C:\Users\MinhKhoi\AppData\Roaming\Spotify\libegl.dll
2015-03-12 17:34 - 2015-03-21 13:00 - 09305656 _____ () C:\Users\MinhKhoi\AppData\Roaming\Spotify\pdf.dll
2015-06-13 12:26 - 2015-06-13 12:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-09 16:04 - 2015-07-07 05:49 - 16285512 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\MinhKhoi\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-223650244-726234444-1137304623-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1680x1050.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{7A7D6ADD-900A-4A83-9E26-504A09BEDE48}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{773CB243-6C14-4237-8EA8-2061C580B8B4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{433E6DD7-29F6-4B36-A99D-543368CF22D6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{57F0425F-7B66-4949-92C8-767D90E5567F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{02250601-7341-463D-9439-EE7081CC85B1}C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DDF7BB31-62B2-4E81-A178-2200573CCD4A}C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E8559618-DDA3-48BD-8651-F1CBC747CFC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8805F573-0346-4BF5-BD5F-648CF773DFAE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{1886400D-18D5-4EAB-A31F-626C96116FFE}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{F981EF4D-8660-4EA0-A78F-6BAD51E480D0}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{BFCAA31A-CDEC-4834-8128-C416960EA199}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{81DFEA9E-BFCA-4BFF-8AD1-F5075383C508}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4049ED6C-DE36-4DBC-AA25-7BA96D4E1876}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5D325734-8A3F-4BD1-8CF7-DD54BFDB43B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{3F65BB43-B56D-4FDB-8415-C4A8A2822C1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{28F20239-B6C9-46EE-BA48-9A8A50A63A57}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{516D568E-3FFC-4EC3-AB8D-9D7029B83377}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DF03D1EF-4EA1-48CC-875B-5E02376FF8BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CD1FC98B-0B99-4735-BA5B-C53F39BE4CC3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{62844338-5B34-42FD-B36A-E6A5443474E4}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta 2\bfh.exe
FirewallRules: [{CCB44AC7-675A-4DEF-8B1B-E1F0485EA4AA}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta 2\bfh.exe
FirewallRules: [{B7A47422-9BB4-4EBC-958F-B5A27A20C562}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{003E2F54-A7A9-490B-A6C5-DB166FABF59D}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{DA7E3E18-F917-495D-857D-CA8DF668B9A6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{14B616F0-3478-4B12-A599-FC6E03438BA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F2A41379-1B4B-4A79-B357-0698CEE0B608}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{591E0038-3FAB-4582-8425-BABB55FBFAEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0A9731EF-C5AC-4098-81BB-424567CED144}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{8642CBE5-6545-4C34-851E-A83B89CAB5DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [TCP Query User{98B1F03D-DF40-4D3C-8D5B-4E990218407C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FD540336-BAB4-47A8-B8FA-BD7D976D71C5}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8DBF38E5-3BA9-4E4B-AFEA-830678BF59FF}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{076642CF-4833-4CBC-ACAC-8767D462F064}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{363F5705-411A-44C6-BDC5-342311776355}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0922780B-238A-44FC-A655-E6E1DD7A64F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{28EBE219-6C31-4BF1-BC1A-85DAC47B4672}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{588BDD01-5B63-413C-8817-79581C5FFC32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4BBE19D7-5F83-41B7-8782-6E9B4D607AE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EE8159B6-42A5-4B18-81A0-659A57325746}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9D89B260-7381-43BB-BCA5-051D08978CC7}] => (Allow) C:\Users\MinhKhoi\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{B1C3ECEC-D176-4B4B-84A6-997B96E8414A}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{67A4BF5B-9E4A-417F-A072-8CB4935CF3CA}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{1130CE51-8083-4267-88FD-69392BCFDF08}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0984A374-9A6B-46BD-9B69-B72FAB6802B6}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CA8E481F-2A6A-44F2-880C-4CF0120969F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF978C71-5257-4338-BCEA-36DBF01359BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BA64512D-51DD-4098-A425-CE87219F95FA}C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EA8B88BE-370B-4F18-A9F5-582357B26949}C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{19747B52-B76F-4E12-975C-B71A49CDBD38}] => (Allow) C:\Users\MinhKhoi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39B2900E-1017-4F20-A557-BE1CF125BD72}] => (Allow) C:\Users\MinhKhoi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{79AD3780-D016-4DE3-BCA9-4A201A9DFE1E}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CED9E320-09E7-43EB-B161-BF71DC537E3B}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{19CDE7AD-EABF-4CAF-9CC5-9010E1D35037}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{17D7B367-B84E-404B-98FD-DCF9D92FB9DC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{C0C41909-9CE3-4E87-8EA9-C10E603A8D15}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{863B2E4B-6962-4557-8AD2-8C9708722756}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{CC32ABBA-00DA-49A0-9906-CB34F043D0EB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{7303E58F-FFE2-49F6-A3CE-5E47D002BB0A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{F4910809-D151-4EDE-A42D-238B02472087}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{FD5FD801-B03D-4134-905A-CE9DF6EB97E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{FDEBC6CA-7F52-4B22-BDF7-AA4E99B66C82}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{ADCE0AD2-2B61-4B39-8137-F314B91519DA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{FC0427FC-6017-41ED-96C7-0B7A78F0521F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{776C66B7-6C7B-4CC6-83D0-AE12738104A2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{87E4C87D-C252-4A99-AF08-1EA071006708}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{F7A6C1BB-A0C2-4673-BA43-F2BD7316C10C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{D66E9D1A-04F5-4B38-9B9D-0DAC13EA607E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{E7E9E9E9-B05F-4852-B6CF-615B1B7C0E9C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{80630561-C02A-4DEC-96D9-62B74BEC293E}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{190A0855-4BA7-42DA-8523-4994FD7A2382}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{BF22EA54-50F7-4C9F-BB72-B94FF29F7966}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{DC27268D-BAB9-4618-B078-B262E5BEFA3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{3712F910-E454-4D15-A9A7-1A0F60046788}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{3913369C-C9ED-4E1B-8ECC-712D3A0A245B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{3A8C2991-0935-4068-9DFF-55EB585DBF80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{53B65118-F224-487C-B25C-47839D9349C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{159AD28B-BE4F-433B-A8C3-7341F7CFAC67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{D6605F0A-B7AD-4F0D-8AC6-C5784F83E3C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{193E9389-1455-433A-84A4-D84C1202E50D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4A124292-B503-483A-80BC-49F9E632472B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{5FED9969-6B47-4D55-B4AC-74D361C73E6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{63B4948E-55DC-4082-BF52-26D944DB6CB3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A9A1D139-D900-4AFB-8356-7D306407FC9F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5FD86DAA-5085-4B3A-91C4-ACFE0B4B284C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3DA7C927-64E1-4B77-B6E5-E7C6E9014B0C}] => (Allow) LPort=53000
FirewallRules: [{7FDAC930-76BD-462B-926F-6902CF99C9A1}] => (Allow) LPort=52000

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2015 07:24:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/13/2015 07:24:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/13/2015 07:24:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/13/2015 07:24:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/13/2015 07:19:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/13/2015 07:19:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/13/2015 07:12:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/13/2015 07:12:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/13/2015 07:11:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/13/2015 07:11:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat


System errors:
=============
Error: (07/13/2015 07:23:10 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/13/2015 07:23:03 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/13/2015 07:22:00 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MINH-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.36 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/13/2015 07:20:58 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MINH-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.36 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/13/2015 07:20:56 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MINH-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.36 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/13/2015 07:20:56 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MINH-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.36 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/13/2015 07:19:27 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MINH-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.36 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/13/2015 07:19:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MINH-PC        :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.36 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/13/2015 07:19:26 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{2E05EAAA-047A-4B66-9B46-9A00C5A103F1} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (07/13/2015 07:19:19 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MINH-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.36 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office:
=========================
Error: (07/13/2015 07:24:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/13/2015 07:24:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/13/2015 07:24:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/13/2015 07:24:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/13/2015 07:19:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/13/2015 07:19:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/13/2015 07:12:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/13/2015 07:12:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/13/2015 07:11:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/13/2015 07:11:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 12227.56 MB
Available physical RAM: 7997.4 MB
Total Virtual: 12627.56 MB
Available Virtual: 7839.61 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.01 GB) (Free:576.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.25 GB) (Free:1.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 93A3E1D4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: FF9F03C9)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

==================== End of log ============================

--- --- ---

Pretok · 13.07.2015, 18:59

Code:

ATTFilter

19:54:32.0865 0x3ad8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:54:32.0865 0x3ad8  UEFI system
19:54:34.0832 0x3ad8  ============================================================
19:54:34.0832 0x3ad8  Current date / time: 2015/07/13 19:54:34.0832
19:54:34.0832 0x3ad8  SystemInfo:
19:54:34.0832 0x3ad8  
19:54:34.0832 0x3ad8  OS Version: 6.3.9600 ServicePack: 0.0
19:54:34.0832 0x3ad8  Product type: Workstation
19:54:34.0832 0x3ad8  ComputerName: MINH-PC
19:54:34.0832 0x3ad8  UserName: MinhKhoi
19:54:34.0832 0x3ad8  Windows directory: C:\WINDOWS
19:54:34.0832 0x3ad8  System windows directory: C:\WINDOWS
19:54:34.0832 0x3ad8  Running under WOW64
19:54:34.0832 0x3ad8  Processor architecture: Intel x64
19:54:34.0832 0x3ad8  Number of processors: 8
19:54:34.0832 0x3ad8  Page size: 0x1000
19:54:34.0832 0x3ad8  Boot type: Normal boot
19:54:34.0833 0x3ad8  ============================================================
19:54:35.0381 0x3ad8  KLMD registered as C:\WINDOWS\system32\drivers\61520515.sys
19:54:36.0195 0x3ad8  System UUID: {BC672BE9-DFFE-3FD1-881C-2A9C0A64C07D}
19:54:36.0624 0x3ad8  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:54:36.0624 0x3ad8  Drive \Device\Harddisk1\DR1 - Size: 0x3BA816000 ( 14.91 Gb ), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:54:36.0641 0x3ad8  ============================================================
19:54:36.0641 0x3ad8  \Device\Harddisk0\DR0:
19:54:36.0641 0x3ad8  GPT partitions:
19:54:36.0665 0x3ad8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {72F4C320-BB03-4478-8991-9762516245BD}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
19:54:36.0665 0x3ad8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {5262F34D-B783-40D8-847C-505859E30104}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
19:54:36.0665 0x3ad8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {BCEE2353-D155-4B08-B1D3-9CEF8696AB54}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
19:54:36.0666 0x3ad8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8CAF2767-BD4D-4817-A51E-64EF94F26BC1}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x72C04000
19:54:36.0666 0x3ad8  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {197B98A3-1AC4-4890-9C02-C79127F2509F}, Name: , StartLBA 0x72EF8000, BlocksNum 0xE1000
19:54:36.0666 0x3ad8  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BEB8B52B-50E1-406E-9191-823F00329A2E}, Name: , StartLBA 0x72FD9000, BlocksNum 0xAF000
19:54:36.0666 0x3ad8  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {05BFB9C1-9AB7-4069-B956-4B910550F6A8}, Name: Basic data partition, StartLBA 0x73088000, BlocksNum 0x167E800
19:54:36.0666 0x3ad8  MBR partitions:
19:54:36.0666 0x3ad8  \Device\Harddisk1\DR1:
19:54:36.0666 0x3ad8  MBR partitions:
19:54:36.0666 0x3ad8  ============================================================
19:54:36.0684 0x3ad8  C: <-> \Device\Harddisk0\DR0\Partition4
19:54:36.0716 0x3ad8  D: <-> \Device\Harddisk0\DR0\Partition7
19:54:36.0716 0x3ad8  ============================================================
19:54:36.0716 0x3ad8  Initialize success
19:54:36.0716 0x3ad8  ============================================================
19:54:54.0173 0x2eb8  ============================================================
19:54:54.0173 0x2eb8  Scan started
19:54:54.0173 0x2eb8  Mode: Manual; SigCheck; TDLFS; 
19:54:54.0173 0x2eb8  ============================================================
19:54:54.0173 0x2eb8  KSN ping started
19:54:56.0459 0x2eb8  KSN ping finished: true
19:54:58.0124 0x2eb8  ================ Scan system memory ========================
19:54:58.0124 0x2eb8  System memory - ok
19:54:58.0124 0x2eb8  ================ Scan services =============================
19:54:58.0303 0x2eb8  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
19:54:58.0353 0x2eb8  1394ohci - ok
19:54:58.0429 0x2eb8  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
19:54:58.0437 0x2eb8  3ware - ok
19:54:58.0477 0x2eb8  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
19:54:58.0493 0x2eb8  ACPI - ok
19:54:58.0496 0x2eb8  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
19:54:58.0504 0x2eb8  acpiex - ok
19:54:58.0520 0x2eb8  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
19:54:58.0527 0x2eb8  acpipagr - ok
19:54:58.0557 0x2eb8  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
19:54:58.0569 0x2eb8  AcpiPmi - ok
19:54:58.0600 0x2eb8  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
19:54:58.0610 0x2eb8  acpitime - ok
19:54:58.0740 0x2eb8  [ A542C712794FB8FBD27E37271C730F36, 8C327BFAC10C7BBD48277D4FEB862D58CA1F22DC10F0632BB8B18CF54A507216 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:58.0746 0x2eb8  AdobeARMservice - ok
19:54:58.0858 0x2eb8  [ 834A28E896CBACDE4A5DBEA5350E33AB, 0D92D83B4C872CF4EECD0C444000BB1419B36F8F5F8F3194772A99E6D48D34B5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:58.0866 0x2eb8  AdobeFlashPlayerUpdateSvc - ok
19:54:58.0890 0x2eb8  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
19:54:58.0910 0x2eb8  ADP80XX - ok
19:54:58.0956 0x2eb8  [ 2F442BAA7A739EDFB8CBF6BFBE8F5388, 3D32935DFEB0EA026F9824A78A7232C08C47FE13792AC1A212239B8103F98439 ] AdvancedSystemCareService8 C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
19:54:58.0973 0x2eb8  AdvancedSystemCareService8 - ok
19:54:59.0006 0x2eb8  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
19:54:59.0314 0x2eb8  AeLookupSvc - ok
19:54:59.0332 0x2eb8  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
19:54:59.0360 0x2eb8  AFD - ok
19:54:59.0373 0x2eb8  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
19:54:59.0381 0x2eb8  agp440 - ok
19:54:59.0418 0x2eb8  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
19:54:59.0432 0x2eb8  ahcache - ok
19:54:59.0464 0x2eb8  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
19:54:59.0538 0x2eb8  ALG - ok
19:54:59.0551 0x2eb8  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
19:54:59.0974 0x2eb8  AmdK8 - ok
19:54:59.0990 0x2eb8  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
19:54:59.0999 0x2eb8  AmdPPM - ok
19:55:00.0013 0x2eb8  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
19:55:00.0021 0x2eb8  amdsata - ok
19:55:00.0035 0x2eb8  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
19:55:00.0046 0x2eb8  amdsbs - ok
19:55:00.0065 0x2eb8  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
19:55:00.0072 0x2eb8  amdxata - ok
19:55:00.0134 0x2eb8  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
19:55:00.0263 0x2eb8  AppHostSvc - ok
19:55:00.0297 0x2eb8  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
19:55:00.0623 0x2eb8  AppID - ok
19:55:00.0653 0x2eb8  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
19:55:00.0670 0x2eb8  AppIDSvc - ok
19:55:00.0710 0x2eb8  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
19:55:00.0731 0x2eb8  Appinfo - ok
19:55:00.0858 0x2eb8  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:55:00.0863 0x2eb8  Apple Mobile Device - ok
19:55:00.0961 0x2eb8  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
19:55:00.0987 0x2eb8  AppReadiness - ok
19:55:01.0042 0x2eb8  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
19:55:01.0115 0x2eb8  AppXSvc - ok
19:55:01.0121 0x2eb8  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
19:55:01.0128 0x2eb8  arcsas - ok
19:55:01.0214 0x2eb8  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:55:01.0221 0x2eb8  aspnet_state - ok
19:55:01.0248 0x2eb8  [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
19:55:01.0259 0x2eb8  aswHwid - ok
19:55:01.0271 0x2eb8  [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
19:55:01.0277 0x2eb8  aswMonFlt - ok
19:55:01.0310 0x2eb8  [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
19:55:01.0316 0x2eb8  aswRdr - ok
19:55:01.0319 0x2eb8  [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
19:55:01.0325 0x2eb8  aswRvrt - ok
19:55:01.0342 0x2eb8  [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
19:55:01.0362 0x2eb8  aswSnx - ok
19:55:01.0393 0x2eb8  [ A04F190FCD762E7BCC9BFC70563C52DB, 2BF6823F2EADBDA28DF1CCECCAC84D9FF37D3CFB66A7B402575C6B9FCFB45EB3 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
19:55:01.0404 0x2eb8  aswSP - ok
19:55:01.0427 0x2eb8  [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
19:55:01.0433 0x2eb8  aswStm - ok
19:55:01.0461 0x2eb8  [ F87990FDBDD4DC037343A80BD7E67538, B81B71F65BC23629C7EB79EE7B4DE38BBE155B1FC37EE66D50E2677C6CA50934 ] aswTap          C:\WINDOWS\system32\DRIVERS\aswTap.sys
19:55:01.0466 0x2eb8  aswTap - ok
19:55:01.0473 0x2eb8  [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
19:55:01.0481 0x2eb8  aswVmm - ok
19:55:01.0494 0x2eb8  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:55:01.0837 0x2eb8  AsyncMac - ok
19:55:01.0844 0x2eb8  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
19:55:01.0850 0x2eb8  atapi - ok
19:55:01.0923 0x2eb8  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
19:55:01.0939 0x2eb8  AudioEndpointBuilder - ok
19:55:01.0977 0x2eb8  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
19:55:01.0998 0x2eb8  Audiosrv - ok
19:55:02.0106 0x2eb8  [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:55:02.0117 0x2eb8  avast! Antivirus - ok
19:55:02.0263 0x2eb8  [ 46C430FE178028F7AD151B62EBA3EEC5, C883B7A974A629549470B28532640C1FD2166CC4F95C69E4C4A1596AF5A5A331 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
19:55:02.0328 0x2eb8  AvastVBoxSvc - ok
19:55:02.0358 0x2eb8  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
19:55:02.0715 0x2eb8  AxInstSV - ok
19:55:02.0733 0x2eb8  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
19:55:02.0748 0x2eb8  b06bdrv - ok
19:55:02.0752 0x2eb8  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
19:55:03.0707 0x2eb8  BasicDisplay - ok
19:55:03.0818 0x2eb8  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
19:55:03.0843 0x2eb8  BasicRender - ok
19:55:03.0850 0x2eb8  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
19:55:03.0855 0x2eb8  bcmfn2 - ok
19:55:03.0900 0x2eb8  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
19:55:04.0087 0x2eb8  BDESVC - ok
19:55:04.0115 0x2eb8  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:55:04.0123 0x2eb8  Beep - ok
19:55:04.0169 0x2eb8  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
19:55:04.0189 0x2eb8  BFE - ok
19:55:04.0242 0x2eb8  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
19:55:04.0267 0x2eb8  BITS - ok
19:55:04.0294 0x2eb8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:55:04.0305 0x2eb8  Bonjour Service - ok
19:55:04.0310 0x2eb8  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
19:55:04.0320 0x2eb8  bowser - ok
19:55:04.0358 0x2eb8  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
19:55:04.0380 0x2eb8  BrokerInfrastructure - ok
19:55:04.0417 0x2eb8  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
19:55:04.0445 0x2eb8  Browser - ok
19:55:04.0457 0x2eb8  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
19:55:04.0475 0x2eb8  BthAvrcpTg - ok
19:55:04.0510 0x2eb8  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
19:55:04.0542 0x2eb8  BthHFEnum - ok
19:55:04.0567 0x2eb8  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
19:55:04.0577 0x2eb8  bthhfhid - ok
19:55:04.0613 0x2eb8  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
19:55:04.0625 0x2eb8  BthHFSrv - ok
19:55:04.0638 0x2eb8  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
19:55:04.0651 0x2eb8  BTHMODEM - ok
19:55:04.0670 0x2eb8  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
19:55:05.0001 0x2eb8  bthserv - ok
19:55:05.0005 0x2eb8  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
19:55:05.0222 0x2eb8  cdfs - ok
19:55:05.0255 0x2eb8  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
19:55:05.0276 0x2eb8  cdrom - ok
19:55:05.0314 0x2eb8  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
19:55:05.0528 0x2eb8  CertPropSvc - ok
19:55:05.0541 0x2eb8  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
19:55:05.0561 0x2eb8  circlass - ok
19:55:05.0584 0x2eb8  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
19:55:05.0599 0x2eb8  CLFS - ok
19:55:05.0664 0x2eb8  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
19:55:05.0670 0x2eb8  CLVirtualDrive - ok
19:55:05.0681 0x2eb8  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
19:55:05.0697 0x2eb8  CmBatt - ok
19:55:05.0722 0x2eb8  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
19:55:05.0738 0x2eb8  CNG - ok
19:55:05.0743 0x2eb8  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
19:55:05.0760 0x2eb8  CompositeBus - ok
19:55:05.0763 0x2eb8  COMSysApp - ok
19:55:05.0776 0x2eb8  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
19:55:05.0784 0x2eb8  condrv - ok
19:55:05.0832 0x2eb8  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
19:55:06.0078 0x2eb8  CryptSvc - ok
19:55:06.0086 0x2eb8  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
19:55:06.0093 0x2eb8  dam - ok
19:55:06.0121 0x2eb8  [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d            C:\WINDOWS\System32\drivers\dc3d.sys
19:55:06.0128 0x2eb8  dc3d - ok
19:55:06.0195 0x2eb8  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:55:06.0277 0x2eb8  DcomLaunch - ok
19:55:06.0335 0x2eb8  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
19:55:07.0036 0x2eb8  defragsvc - ok
19:55:07.0075 0x2eb8  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
19:55:07.0088 0x2eb8  DeviceAssociationService - ok
19:55:07.0109 0x2eb8  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
19:55:07.0274 0x2eb8  DeviceInstall - ok
19:55:07.0279 0x2eb8  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
19:55:07.0289 0x2eb8  Dfsc - ok
19:55:07.0303 0x2eb8  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
19:55:07.0309 0x2eb8  dg_ssudbus - ok
19:55:07.0349 0x2eb8  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
19:55:07.0488 0x2eb8  Dhcp - ok
19:55:07.0568 0x2eb8  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
19:55:07.0623 0x2eb8  DiagTrack - ok
19:55:07.0628 0x2eb8  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
19:55:07.0636 0x2eb8  disk - ok
19:55:07.0650 0x2eb8  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
19:55:07.0666 0x2eb8  dmvsc - ok
19:55:07.0722 0x2eb8  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:55:07.0755 0x2eb8  Dnscache - ok
19:55:07.0809 0x2eb8  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:55:07.0822 0x2eb8  dot3svc - ok
19:55:07.0861 0x2eb8  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
19:55:07.0871 0x2eb8  DPS - ok
19:55:07.0904 0x2eb8  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:55:07.0911 0x2eb8  drmkaud - ok
19:55:07.0952 0x2eb8  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
19:55:07.0963 0x2eb8  DsmSvc - ok
19:55:08.0009 0x2eb8  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\WINDOWS\System32\drivers\dtsoftbus01.sys
19:55:08.0017 0x2eb8  dtsoftbus01 - ok
19:55:08.0117 0x2eb8  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
19:55:08.0150 0x2eb8  DXGKrnl - ok
19:55:08.0154 0x2eb8  EagleX64 - ok
19:55:08.0189 0x2eb8  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
19:55:08.0205 0x2eb8  Eaphost - ok
19:55:08.0272 0x2eb8  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
19:55:08.0334 0x2eb8  ebdrv - ok
19:55:08.0362 0x2eb8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
19:55:08.0370 0x2eb8  EFS - ok
19:55:08.0373 0x2eb8  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
19:55:08.0381 0x2eb8  EhStorClass - ok
19:55:08.0392 0x2eb8  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
19:55:08.0400 0x2eb8  EhStorTcgDrv - ok
19:55:08.0434 0x2eb8  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
19:55:08.0888 0x2eb8  ErrDev - ok
19:55:08.0947 0x2eb8  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
19:55:09.0097 0x2eb8  EventSystem - ok
19:55:09.0114 0x2eb8  [ D2EAA04AF43154B62FA85B08BAD0A7CA, B18F09CAD04AD61A1B8DCD3BBC70A82FB50008C147389D3245E39856BA940A87 ] excfs           C:\WINDOWS\system32\DRIVERS\excfs.sys
19:55:09.0119 0x2eb8  excfs - ok
19:55:09.0123 0x2eb8  [ E6082A6C109238A725D83184724C4A36, 66F0D4798C357FFCC5A35E45BE8E5F0A97E7BCF98CFAA1BB2269F6D6B910A0A3 ] excsd           C:\WINDOWS\system32\DRIVERS\excsd.sys
19:55:09.0129 0x2eb8  excsd - ok
19:55:09.0631 0x2eb8  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
19:55:10.0156 0x2eb8  exfat - ok
19:55:10.0191 0x2eb8  [ 68030FF4B7669E15916910885E2E6160, 324EC07A0135354A5D41ED841919D61C218ECA718DE8A8357B0D2AD0B621777B ] ExpressCache    C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
19:55:10.0197 0x2eb8  ExpressCache - ok
19:55:10.0212 0x2eb8  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
19:55:10.0222 0x2eb8  fastfat - ok
19:55:10.0275 0x2eb8  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
19:55:11.0081 0x2eb8  Fax - ok
19:55:11.0090 0x2eb8  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
19:55:11.0110 0x2eb8  fdc - ok
19:55:11.0145 0x2eb8  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
19:55:11.0153 0x2eb8  fdPHost - ok
19:55:11.0169 0x2eb8  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
19:55:11.0192 0x2eb8  FDResPub - ok
19:55:11.0231 0x2eb8  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
19:55:11.0257 0x2eb8  fhsvc - ok
19:55:11.0260 0x2eb8  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
19:55:11.0267 0x2eb8  FileInfo - ok
19:55:11.0284 0x2eb8  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
19:55:11.0325 0x2eb8  Filetrace - ok
19:55:11.0353 0x2eb8  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
19:55:11.0360 0x2eb8  flpydisk - ok
19:55:11.0408 0x2eb8  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:55:11.0420 0x2eb8  FltMgr - ok
19:55:11.0476 0x2eb8  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\WINDOWS\system32\FntCache.dll
19:55:11.0519 0x2eb8  FontCache - ok
19:55:11.0603 0x2eb8  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:55:11.0608 0x2eb8  FontCache3.0.0.0 - ok
19:55:11.0636 0x2eb8  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
19:55:11.0642 0x2eb8  FsDepends - ok
19:55:11.0648 0x2eb8  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:55:11.0655 0x2eb8  Fs_Rec - ok
19:55:11.0666 0x2eb8  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
19:55:11.0682 0x2eb8  fvevol - ok
19:55:11.0689 0x2eb8  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
19:55:11.0696 0x2eb8  FxPPM - ok
19:55:11.0705 0x2eb8  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
19:55:11.0712 0x2eb8  gagp30kx - ok
19:55:11.0749 0x2eb8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:55:11.0754 0x2eb8  GEARAspiWDM - ok
19:55:11.0782 0x2eb8  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
19:55:11.0796 0x2eb8  gencounter - ok
19:55:11.0870 0x2eb8  [ C0B698B7D0E03B2A01D0F781BEE052BB, C20A43B02FF2536FF009C82CFE286598A87AC0BC5072F8E278802DD0B227AC3E ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
19:55:11.0892 0x2eb8  GfExperienceService - ok
19:55:11.0949 0x2eb8  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
19:55:11.0958 0x2eb8  GPIOClx0101 - ok
19:55:12.0021 0x2eb8  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
19:55:12.0104 0x2eb8  gpsvc - ok
19:55:12.0166 0x2eb8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:12.0172 0x2eb8  gupdate - ok
19:55:12.0175 0x2eb8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:12.0181 0x2eb8  gupdatem - ok
19:55:12.0189 0x2eb8  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
19:55:12.0762 0x2eb8  HDAudBus - ok
19:55:12.0765 0x2eb8  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
19:55:12.0773 0x2eb8  HidBatt - ok
19:55:12.0840 0x2eb8  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
19:55:12.0853 0x2eb8  HidBth - ok
19:55:12.0863 0x2eb8  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
19:55:12.0875 0x2eb8  hidi2c - ok
19:55:12.0913 0x2eb8  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
19:55:12.0932 0x2eb8  HidIr - ok
19:55:12.0964 0x2eb8  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
19:55:12.0974 0x2eb8  hidserv - ok
19:55:12.0980 0x2eb8  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
19:55:13.0182 0x2eb8  HidUsb - ok
19:55:13.0218 0x2eb8  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
19:55:13.0606 0x2eb8  hkmsvc - ok
19:55:13.0640 0x2eb8  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
19:55:14.0033 0x2eb8  HomeGroupListener - ok
19:55:14.0090 0x2eb8  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
19:55:14.0118 0x2eb8  HomeGroupProvider - ok
19:55:14.0175 0x2eb8  [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:55:14.0178 0x2eb8  HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
19:55:16.0487 0x2eb8  Detect skipped due to KSN trusted
19:55:16.0487 0x2eb8  HP Support Assistant Service - ok
19:55:16.0519 0x2eb8  [ E2550FBBBA31E2D4F9757E0A533689F0, 0AE6B0D89E74E57F87A6431D005BFF4213AC4C98A74A7C796894FC2A8D42E0DD ] HPConnectedRemote c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
19:55:16.0523 0x2eb8  HPConnectedRemote - ok
19:55:16.0610 0x2eb8  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:55:16.0631 0x2eb8  hpqwmiex - ok
19:55:16.0635 0x2eb8  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
19:55:16.0641 0x2eb8  HpSAMD - ok
19:55:16.0682 0x2eb8  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
19:55:16.0705 0x2eb8  HTTP - ok
19:55:16.0722 0x2eb8  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
19:55:16.0728 0x2eb8  hwpolicy - ok
19:55:16.0746 0x2eb8  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
19:55:16.0752 0x2eb8  hyperkbd - ok
19:55:16.0764 0x2eb8  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
19:55:16.0770 0x2eb8  HyperVideo - ok
19:55:16.0800 0x2eb8  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
19:55:16.0942 0x2eb8  i8042prt - ok
19:55:16.0945 0x2eb8  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
19:55:16.0950 0x2eb8  iaLPSSi_GPIO - ok
19:55:16.0963 0x2eb8  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
19:55:16.0969 0x2eb8  iaLPSSi_I2C - ok
19:55:17.0022 0x2eb8  [ 71341219FBB4BAB7F2462C4267DAB594, 0C6B684781D27F423D20186A40D7513DD6ABC38AD286D013791B37CBF5477A55 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
19:55:17.0036 0x2eb8  iaStorA - ok
19:55:17.0070 0x2eb8  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
19:55:17.0085 0x2eb8  iaStorAV - ok
19:55:17.0164 0x2eb8  [ B64E1D5BABD095C13A382838F9DCC77F, D8FF4E1BBA7EF5EE136CC5892C72E0774D0AAE40CD9EB3368A698DA6C078BBAA ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:55:17.0168 0x2eb8  IAStorDataMgrSvc - ok
19:55:17.0195 0x2eb8  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
19:55:17.0207 0x2eb8  iaStorV - ok
19:55:17.0210 0x2eb8  IEEtwCollectorService - ok
19:55:17.0269 0x2eb8  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
19:55:17.0296 0x2eb8  IKEEXT - ok
19:55:17.0347 0x2eb8  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:55:17.0360 0x2eb8  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
19:55:19.0674 0x2eb8  Detect skipped due to KSN trusted
19:55:19.0674 0x2eb8  Intel(R) Capability Licensing Service Interface - ok
19:55:19.0699 0x2eb8  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
19:55:19.0717 0x2eb8  Intel(R) Capability Licensing Service TCP IP Interface - ok
19:55:19.0733 0x2eb8  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
19:55:19.0739 0x2eb8  intelide - ok
19:55:19.0788 0x2eb8  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
19:55:19.0794 0x2eb8  intelpep - ok
19:55:19.0803 0x2eb8  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
19:55:19.0829 0x2eb8  intelppm - ok
19:55:19.0860 0x2eb8  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:55:19.0876 0x2eb8  IpFilterDriver - ok
19:55:19.0934 0x2eb8  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
19:55:19.0959 0x2eb8  iphlpsvc - ok
19:55:19.0979 0x2eb8  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
19:55:19.0989 0x2eb8  IPMIDRV - ok
19:55:20.0000 0x2eb8  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
19:55:20.0019 0x2eb8  IPNAT - ok
19:55:20.0085 0x2eb8  [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:55:20.0099 0x2eb8  iPod Service - ok
19:55:20.0112 0x2eb8  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
19:55:20.0123 0x2eb8  IRENUM - ok
19:55:20.0131 0x2eb8  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
19:55:20.0138 0x2eb8  isapnp - ok
19:55:20.0180 0x2eb8  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
19:55:20.0193 0x2eb8  iScsiPrt - ok
19:55:20.0248 0x2eb8  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:55:20.0257 0x2eb8  jhi_service - ok
19:55:20.0273 0x2eb8  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
19:55:20.0283 0x2eb8  kbdclass - ok
19:55:20.0292 0x2eb8  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
19:55:20.0317 0x2eb8  kbdhid - ok
19:55:20.0342 0x2eb8  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
19:55:20.0498 0x2eb8  kdnic - ok
19:55:20.0511 0x2eb8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
19:55:20.0519 0x2eb8  KeyIso - ok
19:55:20.0531 0x2eb8  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
19:55:20.0541 0x2eb8  KSecDD - ok
19:55:20.0563 0x2eb8  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
19:55:20.0574 0x2eb8  KSecPkg - ok
19:55:20.0582 0x2eb8  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
19:55:20.0608 0x2eb8  ksthunk - ok
19:55:20.0642 0x2eb8  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
19:55:20.0668 0x2eb8  KtmRm - ok
19:55:20.0694 0x2eb8  [ 50AECF8C21AB2A6428A6E1E10549D8E5, 6BC7C60CF5E8AFB9972619EE1C78357756E9C0A3EC783C3056CEB600DCBB1555 ] L1C             C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
19:55:20.0701 0x2eb8  L1C - ok
19:55:20.0846 0x2eb8  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
19:55:20.0865 0x2eb8  LanmanServer - ok
19:55:20.0907 0x2eb8  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
19:55:20.0922 0x2eb8  LanmanWorkstation - ok
19:55:20.0960 0x2eb8  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
19:55:21.0195 0x2eb8  lfsvc - ok
19:55:21.0209 0x2eb8  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\WINDOWS\system32\drivers\LGBusEnum.sys
19:55:21.0215 0x2eb8  LGBusEnum - ok
19:55:21.0224 0x2eb8  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\WINDOWS\system32\drivers\LGVirHid.sys
19:55:21.0229 0x2eb8  LGVirHid - ok
19:55:21.0330 0x2eb8  [ D780F136EFB4380262DAC9C38305499C, 94FAF67F22C5B4963A8B7DE9C6DA4CC641A2CF5BEBB8198FF966995E4C5818E0 ] LiveUpdateSvc   C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
19:55:21.0374 0x2eb8  LiveUpdateSvc - ok
19:55:21.0387 0x2eb8  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
19:55:21.0408 0x2eb8  lltdio - ok
19:55:21.0446 0x2eb8  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
19:55:21.0473 0x2eb8  lltdsvc - ok
19:55:21.0497 0x2eb8  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
19:55:21.0640 0x2eb8  lmhosts - ok
19:55:21.0666 0x2eb8  [ B16F2A40E738277AB75515D4B024305E, 38F48CCD72FA2B32DFD3123C0864AB724AC673414EEE09C6F582754177CD4B98 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:55:21.0676 0x2eb8  LMS - ok
19:55:21.0709 0x2eb8  [ 28AA6E8F6CA9F3716AC8A310DFBAB1B5, 4452084D2211CEDC7CED7FC02D04A28EB2211BEAD97271F142DD95EF2B3C6D58 ] Logi_Headset_DFU C:\WINDOWS\System32\Drivers\lhusbdfuamd64.sys
19:55:21.0714 0x2eb8  Logi_Headset_DFU - ok
19:55:21.0726 0x2eb8  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
19:55:21.0735 0x2eb8  LSI_SAS - ok
19:55:21.0752 0x2eb8  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
19:55:21.0762 0x2eb8  LSI_SAS2 - ok
19:55:21.0779 0x2eb8  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
19:55:21.0789 0x2eb8  LSI_SAS3 - ok
19:55:21.0804 0x2eb8  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
19:55:21.0812 0x2eb8  LSI_SSS - ok
19:55:21.0861 0x2eb8  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
19:55:21.0882 0x2eb8  LSM - ok
19:55:21.0920 0x2eb8  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
19:55:21.0949 0x2eb8  luafv - ok
19:55:21.0984 0x2eb8  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
19:55:21.0990 0x2eb8  MBAMProtector - ok
19:55:22.0470 0x2eb8  [ 516E29AD03BDF610CC36A95AE692FE42, 09F913B169AD775FF587AE59AEC5DD2A2D8646803F48BF616C74EEC0DE3BE7A2 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
19:55:22.0502 0x2eb8  MBAMScheduler - ok
19:55:22.0631 0x2eb8  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
19:55:22.0657 0x2eb8  MBAMService - ok
19:55:22.0727 0x2eb8  [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
19:55:22.0734 0x2eb8  MBAMSwissArmy - ok
19:55:22.0770 0x2eb8  [ 28B597A61C9AC9B59BC0573D70A62CBF, 032C095ECDAEEE800BD9C7AB08C089E7530A9DD09AE577D1612035F2BFFAA61C ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
19:55:22.0775 0x2eb8  MBAMWebAccessControl - ok
19:55:22.0793 0x2eb8  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
19:55:22.0800 0x2eb8  megasas - ok
19:55:22.0887 0x2eb8  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
19:55:22.0903 0x2eb8  megasr - ok
19:55:22.0931 0x2eb8  [ 18B9AD128EC84E8D16A83F70CF36594F, 199DF15D68E2A079794E5DD325162C1A68A65EF26EEF5A6C6154281DDE57279A ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
19:55:22.0937 0x2eb8  MEIx64 - ok
19:55:22.0971 0x2eb8  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
19:55:23.0377 0x2eb8  MMCSS - ok
19:55:23.0418 0x2eb8  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
19:55:23.0428 0x2eb8  Modem - ok
19:55:23.0506 0x2eb8  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
19:55:23.0604 0x2eb8  monitor - ok
19:55:23.0627 0x2eb8  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\WINDOWS\System32\drivers\MijXfilt.sys
19:55:23.0988 0x2eb8  MotioninJoyXFilter - detected UnsignedFile.Multi.Generic ( 1 )
19:55:26.0299 0x2eb8  Detect skipped due to KSN trusted

Pretok · 13.07.2015, 19:02

Code:

ATTFilter

19:55:26.0299 0x2eb8  MotioninJoyXFilter - ok
19:55:26.0321 0x2eb8  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
19:55:26.0329 0x2eb8  mouclass - ok
19:55:26.0369 0x2eb8  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
19:55:26.0632 0x2eb8  mouhid - ok
19:55:26.0662 0x2eb8  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
19:55:26.0669 0x2eb8  mountmgr - ok
19:55:26.0717 0x2eb8  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:55:26.0724 0x2eb8  MozillaMaintenance - ok
19:55:26.0751 0x2eb8  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
19:55:26.0776 0x2eb8  mpsdrv - ok
19:55:26.0847 0x2eb8  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
19:55:26.0868 0x2eb8  MpsSvc - ok
19:55:26.0903 0x2eb8  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
19:55:27.0575 0x2eb8  MRxDAV - ok
19:55:27.0605 0x2eb8  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:55:27.0633 0x2eb8  mrxsmb - ok
19:55:27.0670 0x2eb8  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
19:55:27.0683 0x2eb8  mrxsmb10 - ok
19:55:27.0704 0x2eb8  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
19:55:27.0724 0x2eb8  mrxsmb20 - ok
19:55:27.0760 0x2eb8  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
19:55:27.0769 0x2eb8  MsBridge - ok
19:55:27.0806 0x2eb8  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
19:55:27.0817 0x2eb8  MSDTC - ok
19:55:27.0821 0x2eb8  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:55:27.0842 0x2eb8  Msfs - ok
19:55:27.0864 0x2eb8  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
19:55:27.0871 0x2eb8  msgpiowin32 - ok
19:55:27.0880 0x2eb8  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
19:55:27.0887 0x2eb8  mshidkmdf - ok
19:55:27.0896 0x2eb8  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
19:55:27.0904 0x2eb8  mshidumdf - ok
19:55:27.0907 0x2eb8  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
19:55:27.0913 0x2eb8  msisadrv - ok
19:55:27.0949 0x2eb8  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
19:55:27.0960 0x2eb8  MSiSCSI - ok
19:55:27.0962 0x2eb8  msiserver - ok
19:55:27.0977 0x2eb8  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:55:27.0995 0x2eb8  MSKSSRV - ok
19:55:28.0029 0x2eb8  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
19:55:28.0037 0x2eb8  MsLldp - ok
19:55:28.0046 0x2eb8  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:55:28.0070 0x2eb8  MSPCLOCK - ok
19:55:28.0086 0x2eb8  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:55:28.0094 0x2eb8  MSPQM - ok
19:55:28.0112 0x2eb8  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
19:55:28.0124 0x2eb8  MsRPC - ok
19:55:28.0143 0x2eb8  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
19:55:28.0150 0x2eb8  mssmbios - ok
19:55:28.0159 0x2eb8  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
19:55:28.0166 0x2eb8  MSTEE - ok
19:55:28.0178 0x2eb8  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
19:55:28.0198 0x2eb8  MTConfig - ok
19:55:28.0220 0x2eb8  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
19:55:28.0228 0x2eb8  Mup - ok
19:55:28.0238 0x2eb8  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
19:55:28.0245 0x2eb8  mvumis - ok
19:55:28.0287 0x2eb8  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
19:55:28.0304 0x2eb8  napagent - ok
19:55:28.0353 0x2eb8  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
19:55:28.0367 0x2eb8  NativeWifiP - ok
19:55:28.0486 0x2eb8  [ E59AFB64C2F6E0C99350E1C944C75088, 10A9044192D0A83857A57286EABB05037922860483DA2B05AFCC485A8311E4EF ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
19:55:28.0501 0x2eb8  NAUpdate - ok
19:55:28.0538 0x2eb8  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
19:55:28.0558 0x2eb8  NcaSvc - ok
19:55:28.0588 0x2eb8  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
19:55:28.0607 0x2eb8  NcbService - ok
19:55:28.0647 0x2eb8  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
19:55:28.0657 0x2eb8  NcdAutoSetup - ok
19:55:28.0710 0x2eb8  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
19:55:28.0735 0x2eb8  NDIS - ok
19:55:28.0758 0x2eb8  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
19:55:28.0766 0x2eb8  NdisCap - ok
19:55:28.0783 0x2eb8  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
19:55:28.0794 0x2eb8  NdisImPlatform - ok
19:55:28.0825 0x2eb8  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:55:28.0834 0x2eb8  NdisTapi - ok
19:55:28.0849 0x2eb8  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:55:28.0866 0x2eb8  Ndisuio - ok
19:55:28.0877 0x2eb8  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
19:55:28.0886 0x2eb8  NdisVirtualBus - ok
19:55:28.0902 0x2eb8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:55:28.0914 0x2eb8  NdisWan - ok
19:55:28.0936 0x2eb8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:55:28.0948 0x2eb8  NdisWanLegacy - ok
19:55:28.0985 0x2eb8  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:55:28.0993 0x2eb8  NDProxy - ok
19:55:29.0006 0x2eb8  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
19:55:29.0017 0x2eb8  Ndu - ok
19:55:29.0053 0x2eb8  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:55:29.0061 0x2eb8  NetBIOS - ok
19:55:29.0075 0x2eb8  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:55:29.0093 0x2eb8  NetBT - ok
19:55:29.0110 0x2eb8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:55:29.0118 0x2eb8  Netlogon - ok
19:55:29.0165 0x2eb8  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
19:55:29.0178 0x2eb8  Netman - ok
19:55:29.0216 0x2eb8  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
19:55:29.0234 0x2eb8  netprofm - ok
19:55:29.0271 0x2eb8  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:55:29.0279 0x2eb8  NetTcpPortSharing - ok
19:55:29.0311 0x2eb8  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
19:55:29.0321 0x2eb8  netvsc - ok
19:55:29.0343 0x2eb8  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
19:55:29.0357 0x2eb8  NlaSvc - ok
19:55:29.0361 0x2eb8  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:55:29.0382 0x2eb8  Npfs - ok
19:55:29.0421 0x2eb8  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
19:55:29.0431 0x2eb8  npsvctrig - ok
19:55:29.0458 0x2eb8  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
19:55:29.0470 0x2eb8  nsi - ok
19:55:29.0501 0x2eb8  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
19:55:29.0516 0x2eb8  nsiproxy - ok
19:55:29.0591 0x2eb8  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:55:29.0644 0x2eb8  Ntfs - ok
19:55:29.0682 0x2eb8  [ 96ACBF3DDC38A52FEE115F577F36568F, DB8CB01971208C8D7A306A5FEDA39A3802195123E6B801DFB905B0E1934D3C96 ] NuidFltr        C:\WINDOWS\System32\drivers\NuidFltr.sys
19:55:29.0689 0x2eb8  NuidFltr - ok
19:55:29.0696 0x2eb8  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:55:29.0704 0x2eb8  Null - ok
19:55:29.0716 0x2eb8  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
19:55:29.0723 0x2eb8  NVHDA - ok
19:55:29.0923 0x2eb8  [ ED4D88A04D22E6B00DB6BC8FACDBAFED, 38DDB9B353D3A24DD8390C6FB58FD513B46F9F715BC7E68D0958E78EACC3D3FA ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
19:55:30.0118 0x2eb8  nvlddmkm - ok
19:55:30.0228 0x2eb8  [ 32ECE52E4C4A5FC2115279D7B13E6270, AE520E4708B3750D61BE17AA6020D0D0518CC72D4D29F4D618090F74EA2850BF ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
19:55:30.0270 0x2eb8  NvNetworkService - ok
19:55:30.0282 0x2eb8  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
19:55:30.0292 0x2eb8  nvraid - ok
19:55:30.0304 0x2eb8  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
19:55:30.0315 0x2eb8  nvstor - ok
19:55:30.0337 0x2eb8  [ DA48A4EB3DD38C7BF90CB12DD1672618, 2EFEEE7E9294A17251B45259C06B40E11088D38970068D6D88EE2105B35F5530 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
19:55:30.0342 0x2eb8  NvStreamKms - ok
19:55:30.0352 0x2eb8  NvStreamSvc - ok
19:55:30.0399 0x2eb8  [ B7CD89EFA562A991F2864EFD3147473A, D38BAE7883BC073562C3C77DF59663B820CFE8305A3319C6E5CF8E48752E18C1 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
19:55:30.0419 0x2eb8  nvsvc - ok
19:55:30.0432 0x2eb8  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
19:55:30.0437 0x2eb8  nvvad_WaveExtensible - ok
19:55:30.0448 0x2eb8  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
19:55:30.0459 0x2eb8  nv_agp - ok
19:55:30.0529 0x2eb8  [ 880CD3C9ACE342F29AB2F90C751B91A4, 7882ED604EE443E182B323D9A38E35B49FD8C28EDC1196B65EDFABB22CBF6161 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
19:55:30.0586 0x2eb8  Origin Client Service - ok
19:55:30.0645 0x2eb8  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:30.0655 0x2eb8  ose64 - ok
19:55:30.0693 0x2eb8  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
19:55:30.0708 0x2eb8  p2pimsvc - ok
19:55:30.0751 0x2eb8  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
19:55:30.0771 0x2eb8  p2psvc - ok
19:55:30.0783 0x2eb8  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
19:55:30.0794 0x2eb8  Parport - ok
19:55:30.0813 0x2eb8  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
19:55:30.0821 0x2eb8  partmgr - ok
19:55:30.0852 0x2eb8  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
19:55:30.0868 0x2eb8  PcaSvc - ok
19:55:30.0877 0x2eb8  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
19:55:30.0888 0x2eb8  pci - ok
19:55:30.0895 0x2eb8  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
19:55:30.0902 0x2eb8  pciide - ok
19:55:30.0910 0x2eb8  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
19:55:30.0919 0x2eb8  pcmcia - ok
19:55:30.0923 0x2eb8  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
19:55:30.0930 0x2eb8  pcw - ok
19:55:30.0947 0x2eb8  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
19:55:30.0954 0x2eb8  pdc - ok
19:55:30.0993 0x2eb8  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
19:55:31.0016 0x2eb8  PEAUTH - ok
19:55:31.0090 0x2eb8  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
19:55:31.0101 0x2eb8  PerfHost - ok
19:55:31.0147 0x2eb8  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
19:55:31.0185 0x2eb8  pla - ok
19:55:31.0198 0x2eb8  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
19:55:31.0208 0x2eb8  PlugPlay - ok
19:55:31.0211 0x2eb8  PnkBstrA - ok
19:55:31.0241 0x2eb8  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
19:55:31.0250 0x2eb8  PNRPAutoReg - ok
19:55:31.0268 0x2eb8  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
19:55:31.0283 0x2eb8  PNRPsvc - ok
19:55:31.0306 0x2eb8  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
19:55:31.0332 0x2eb8  PolicyAgent - ok
19:55:31.0362 0x2eb8  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
19:55:31.0374 0x2eb8  Power - ok
19:55:31.0384 0x2eb8  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:55:31.0395 0x2eb8  PptpMiniport - ok
19:55:31.0506 0x2eb8  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
19:55:31.0585 0x2eb8  PrintNotify - ok
19:55:31.0638 0x2eb8  [ 35B25F79F6C6F1C6D45BC34F07726E92, BF19B36DB622C052E9526BD90A24E101F7806135EB8F9157123391F21E5F06AA ] PrivoxyService  C:\Program Files (x86)\Safesoft Protector\privoxy.exe
19:55:31.0646 0x2eb8  PrivoxyService - detected UnsignedFile.Multi.Generic ( 1 )
19:55:34.0007 0x2eb8  PrivoxyService ( UnsignedFile.Multi.Generic ) - warning
19:55:34.0007 0x2eb8  Force sending object to P2P due to detect: PrivoxyService
19:55:36.0421 0x2eb8  Object send P2P result: true
19:55:38.0782 0x2eb8  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
19:55:38.0793 0x2eb8  Processor - ok
19:55:38.0809 0x2eb8  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
19:55:38.0821 0x2eb8  ProfSvc - ok
19:55:38.0854 0x2eb8  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
19:55:38.0865 0x2eb8  Psched - ok
19:55:38.0879 0x2eb8  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
19:55:38.0901 0x2eb8  QWAVE - ok
19:55:38.0929 0x2eb8  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
19:55:38.0948 0x2eb8  QWAVEdrv - ok
19:55:38.0977 0x2eb8  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:55:38.0985 0x2eb8  RasAcd - ok
19:55:39.0002 0x2eb8  [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
19:55:39.0011 0x2eb8  RasAgileVpn - ok
19:55:39.0031 0x2eb8  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:55:39.0041 0x2eb8  RasAuto - ok
19:55:39.0045 0x2eb8  [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:55:39.0075 0x2eb8  Rasl2tp - ok
19:55:39.0117 0x2eb8  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:55:39.0137 0x2eb8  RasMan - ok
19:55:39.0145 0x2eb8  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:55:39.0167 0x2eb8  RasPppoe - ok
19:55:39.0181 0x2eb8  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
19:55:39.0190 0x2eb8  RasSstp - ok
19:55:39.0249 0x2eb8  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:55:39.0265 0x2eb8  rdbss - ok
19:55:39.0303 0x2eb8  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
19:55:39.0312 0x2eb8  rdpbus - ok
19:55:39.0322 0x2eb8  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
19:55:39.0334 0x2eb8  RDPDR - ok
19:55:39.0381 0x2eb8  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
19:55:39.0388 0x2eb8  RdpVideoMiniport - ok
19:55:39.0402 0x2eb8  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
19:55:39.0415 0x2eb8  rdyboost - ok
19:55:39.0449 0x2eb8  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
19:55:39.0474 0x2eb8  ReFS - ok
19:55:39.0487 0x2eb8  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:55:39.0500 0x2eb8  RemoteAccess - ok
19:55:39.0522 0x2eb8  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:55:39.0549 0x2eb8  RemoteRegistry - ok
19:55:39.0569 0x2eb8  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
19:55:39.0581 0x2eb8  RpcEptMapper - ok
19:55:39.0613 0x2eb8  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:55:39.0623 0x2eb8  RpcLocator - ok
19:55:39.0667 0x2eb8  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:55:39.0688 0x2eb8  RpcSs - ok
19:55:39.0700 0x2eb8  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:55:39.0709 0x2eb8  rspndr - ok
19:55:39.0717 0x2eb8  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
19:55:39.0725 0x2eb8  s3cap - ok
19:55:39.0751 0x2eb8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
19:55:39.0759 0x2eb8  SamSs - ok
19:55:39.0775 0x2eb8  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
19:55:39.0785 0x2eb8  sbp2port - ok
19:55:39.0800 0x2eb8  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
19:55:39.0822 0x2eb8  SCardSvr - ok
19:55:39.0842 0x2eb8  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
19:55:39.0865 0x2eb8  ScDeviceEnum - ok
19:55:39.0889 0x2eb8  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
19:55:39.0898 0x2eb8  scfilter - ok
19:55:39.0952 0x2eb8  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:55:39.0987 0x2eb8  Schedule - ok
19:55:39.0992 0x2eb8  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
19:55:40.0002 0x2eb8  SCPolicySvc - ok
19:55:40.0041 0x2eb8  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
19:55:40.0053 0x2eb8  sdbus - ok
19:55:40.0064 0x2eb8  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
19:55:40.0072 0x2eb8  sdstor - ok
19:55:40.0087 0x2eb8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
19:55:40.0117 0x2eb8  secdrv - ok
19:55:40.0147 0x2eb8  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
19:55:40.0157 0x2eb8  seclogon - ok
19:55:40.0170 0x2eb8  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
19:55:40.0182 0x2eb8  SENS - ok
19:55:40.0216 0x2eb8  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
19:55:40.0247 0x2eb8  SensrSvc - ok
19:55:40.0260 0x2eb8  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
19:55:40.0268 0x2eb8  SerCx - ok
19:55:40.0280 0x2eb8  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
19:55:40.0290 0x2eb8  SerCx2 - ok
19:55:40.0308 0x2eb8  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
19:55:40.0316 0x2eb8  Serenum - ok
19:55:40.0325 0x2eb8  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
19:55:40.0334 0x2eb8  Serial - ok
19:55:40.0360 0x2eb8  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
19:55:40.0367 0x2eb8  sermouse - ok
19:55:40.0405 0x2eb8  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
19:55:40.0422 0x2eb8  SessionEnv - ok
19:55:40.0438 0x2eb8  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
19:55:40.0447 0x2eb8  sfloppy - ok
19:55:40.0487 0x2eb8  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:55:40.0504 0x2eb8  SharedAccess - ok
19:55:40.0549 0x2eb8  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:55:40.0572 0x2eb8  ShellHWDetection - ok
19:55:40.0582 0x2eb8  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
19:55:40.0591 0x2eb8  SiSRaid2 - ok
19:55:40.0599 0x2eb8  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
19:55:40.0609 0x2eb8  SiSRaid4 - ok
19:55:40.0653 0x2eb8  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:55:40.0664 0x2eb8  SkypeUpdate - ok
19:55:40.0682 0x2eb8  [ E77CB3736A702D46A6FB15FB4A9894E3, A341AD51825D4DB8A68ADDABE0FD17693DE387B0DA11800D427B8EA31577626C ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
19:55:40.0687 0x2eb8  SmartDefragDriver - ok
19:55:40.0705 0x2eb8  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
19:55:40.0722 0x2eb8  smphost - ok
19:55:40.0761 0x2eb8  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
19:55:40.0773 0x2eb8  SNMPTRAP - ok
19:55:40.0812 0x2eb8  [ 21FF393512F51F5A98620C794B4488A3, 8A35923D3D6993FC014D86F0F7BD5C106586824DB8D26C04DC2AD0B8ED13ED20 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
19:55:40.0821 0x2eb8  Sony PC Companion - ok
19:55:40.0833 0x2eb8  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
19:55:40.0853 0x2eb8  spaceport - ok
19:55:40.0864 0x2eb8  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
19:55:40.0874 0x2eb8  SpbCx - ok
19:55:40.0918 0x2eb8  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
19:55:40.0943 0x2eb8  Spooler - ok
19:55:41.0078 0x2eb8  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
19:55:41.0220 0x2eb8  sppsvc - ok
19:55:41.0233 0x2eb8  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:55:41.0247 0x2eb8  srv - ok
19:55:41.0290 0x2eb8  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
19:55:41.0307 0x2eb8  srv2 - ok
19:55:41.0313 0x2eb8  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
19:55:41.0333 0x2eb8  srvnet - ok
19:55:41.0348 0x2eb8  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:55:41.0360 0x2eb8  SSDPSRV - ok
19:55:41.0386 0x2eb8  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\WINDOWS\system32\Drivers\SSPORT.sys
19:55:41.0391 0x2eb8  SSPORT - ok
19:55:41.0436 0x2eb8  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
19:55:41.0448 0x2eb8  SstpSvc - ok
19:55:41.0479 0x2eb8  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
19:55:41.0490 0x2eb8  ssudmdm - ok
19:55:41.0565 0x2eb8  [ 97F839E8AEC48EE271509BF4BC764C24, 7B9B791E987ADC8991C128CD52CB253F295E41DF502BF8933DF388994E84560D ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
19:55:41.0577 0x2eb8  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
19:55:43.0950 0x2eb8  Detect skipped due to KSN trusted
19:55:43.0951 0x2eb8  STacSV - ok
19:55:44.0020 0x2eb8  [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:55:44.0041 0x2eb8  Steam Client Service - ok
19:55:44.0102 0x2eb8  [ E7AF8F82C69A5E9B2CC46633BCBBAAEE, D7FC81DB72A1A96219335AFF861ADD82BEC115CBCB70C6765058E1D76702403C ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:55:44.0116 0x2eb8  Stereo Service - ok
19:55:44.0123 0x2eb8  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
19:55:44.0130 0x2eb8  stexstor - ok
19:55:44.0151 0x2eb8  [ 7E89F65EB250463EE8665CFE19566FC3, 45849BAFA62E72A97103C5F02962D346D3F79DE9DB07297D1073FF355A506D9C ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
19:55:44.0173 0x2eb8  STHDA - ok
19:55:44.0196 0x2eb8  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
19:55:44.0221 0x2eb8  stisvc - ok
19:55:44.0237 0x2eb8  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
19:55:44.0247 0x2eb8  storahci - ok
19:55:44.0279 0x2eb8  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
19:55:44.0289 0x2eb8  storflt - ok
19:55:44.0302 0x2eb8  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
19:55:44.0311 0x2eb8  stornvme - ok
19:55:44.0347 0x2eb8  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
19:55:44.0358 0x2eb8  StorSvc - ok
19:55:44.0390 0x2eb8  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
19:55:44.0398 0x2eb8  storvsc - ok
19:55:44.0426 0x2eb8  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
19:55:44.0437 0x2eb8  svsvc - ok
19:55:44.0470 0x2eb8  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
19:55:44.0476 0x2eb8  swenum - ok
19:55:44.0488 0x2eb8  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
19:55:44.0512 0x2eb8  swprv - ok
19:55:44.0573 0x2eb8  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
19:55:44.0628 0x2eb8  SysMain - ok
19:55:44.0655 0x2eb8  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
19:55:44.0674 0x2eb8  SystemEventsBroker - ok
19:55:44.0715 0x2eb8  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
19:55:44.0739 0x2eb8  TabletInputService - ok
19:55:44.0772 0x2eb8  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:55:44.0789 0x2eb8  TapiSrv - ok
19:55:44.0865 0x2eb8  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
19:55:44.0925 0x2eb8  Tcpip - ok
19:55:44.0992 0x2eb8  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:55:45.0044 0x2eb8  TCPIP6 - ok
19:55:45.0088 0x2eb8  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
19:55:45.0097 0x2eb8  tcpipreg - ok
19:55:45.0104 0x2eb8  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
19:55:45.0114 0x2eb8  tdx - ok
19:55:45.0216 0x2eb8  [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
19:55:45.0318 0x2eb8  TeamViewer9 - ok
19:55:45.0336 0x2eb8  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
19:55:45.0343 0x2eb8  terminpt - ok
19:55:45.0375 0x2eb8  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:55:45.0406 0x2eb8  TermService - ok
19:55:45.0440 0x2eb8  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
19:55:45.0451 0x2eb8  Themes - ok
19:55:45.0486 0x2eb8  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
19:55:45.0494 0x2eb8  THREADORDER - ok
19:55:45.0508 0x2eb8  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
19:55:45.0522 0x2eb8  TimeBroker - ok
19:55:45.0540 0x2eb8  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
19:55:45.0553 0x2eb8  TPM - ok
19:55:45.0591 0x2eb8  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
19:55:45.0605 0x2eb8  TrkWks - ok
19:55:45.0678 0x2eb8  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
19:55:45.0703 0x2eb8  TrustedInstaller - ok
19:55:45.0720 0x2eb8  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
19:55:45.0729 0x2eb8  TsUsbFlt - ok
19:55:45.0759 0x2eb8  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
19:55:45.0768 0x2eb8  TsUsbGD - ok
19:55:45.0831 0x2eb8  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
19:55:45.0842 0x2eb8  tunnel - ok
19:55:45.0851 0x2eb8  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
19:55:45.0860 0x2eb8  uagp35 - ok
19:55:45.0872 0x2eb8  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
19:55:45.0880 0x2eb8  UASPStor - ok
19:55:45.0914 0x2eb8  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
19:55:45.0926 0x2eb8  UCX01000 - ok
19:55:45.0962 0x2eb8  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
19:55:45.0978 0x2eb8  udfs - ok
19:55:45.0998 0x2eb8  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
19:55:46.0006 0x2eb8  UEFI - ok
19:55:46.0039 0x2eb8  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
19:55:46.0051 0x2eb8  UI0Detect - ok
19:55:46.0066 0x2eb8  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
19:55:46.0077 0x2eb8  uliagpkx - ok
19:55:46.0094 0x2eb8  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
19:55:46.0120 0x2eb8  umbus - ok
19:55:46.0135 0x2eb8  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
19:55:46.0142 0x2eb8  UmPass - ok
19:55:46.0178 0x2eb8  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
19:55:46.0194 0x2eb8  UmRdpService - ok
19:55:46.0243 0x2eb8  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:55:46.0282 0x2eb8  upnphost - ok
19:55:46.0303 0x2eb8  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
19:55:46.0317 0x2eb8  USBAAPL64 - ok
19:55:46.0327 0x2eb8  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
19:55:46.0338 0x2eb8  usbaudio - ok
19:55:46.0363 0x2eb8  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
19:55:46.0372 0x2eb8  usbccgp - ok
19:55:46.0389 0x2eb8  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
19:55:46.0413 0x2eb8  usbcir - ok
19:55:46.0432 0x2eb8  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
19:55:46.0441 0x2eb8  usbehci - ok
19:55:46.0451 0x2eb8  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
19:55:46.0468 0x2eb8  usbhub - ok
19:55:46.0507 0x2eb8  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
19:55:46.0523 0x2eb8  USBHUB3 - ok
19:55:46.0544 0x2eb8  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
19:55:46.0570 0x2eb8  usbohci - ok
19:55:46.0592 0x2eb8  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
19:55:46.0627 0x2eb8  usbprint - ok
19:55:46.0673 0x2eb8  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\WINDOWS\System32\drivers\usbscan.sys
19:55:46.0692 0x2eb8  usbscan - ok
19:55:46.0712 0x2eb8  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
19:55:46.0722 0x2eb8  USBSTOR - ok
19:55:46.0734 0x2eb8  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
19:55:46.0743 0x2eb8  usbuhci - ok
19:55:46.0782 0x2eb8  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
19:55:46.0794 0x2eb8  USBXHCI - ok
19:55:46.0809 0x2eb8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
19:55:46.0817 0x2eb8  VaultSvc - ok
19:55:46.0934 0x2eb8  [ EB2461E88E1E9F2243FAA3F167BFB94E, 1A7E51BC964CC42A2839FE6DB20A7E2E695E827B62851B0B25CCDB091A144D24 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
19:55:46.0946 0x2eb8  VBoxAswDrv - ok
19:55:46.0957 0x2eb8  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
19:55:46.0964 0x2eb8  vdrvroot - ok
19:55:46.0997 0x2eb8  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
19:55:47.0039 0x2eb8  vds - ok
19:55:47.0053 0x2eb8  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
19:55:47.0064 0x2eb8  VerifierExt - ok
19:55:47.0110 0x2eb8  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
19:55:47.0132 0x2eb8  vhdmp - ok
19:55:47.0154 0x2eb8  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
19:55:47.0162 0x2eb8  viaide - ok
19:55:47.0193 0x2eb8  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
19:55:47.0201 0x2eb8  vmbus - ok
19:55:47.0209 0x2eb8  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
19:55:47.0217 0x2eb8  VMBusHID - ok
19:55:47.0265 0x2eb8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
19:55:47.0286 0x2eb8  vmicguestinterface - ok
19:55:47.0298 0x2eb8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
19:55:47.0314 0x2eb8  vmicheartbeat - ok
19:55:47.0323 0x2eb8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
19:55:47.0338 0x2eb8  vmickvpexchange - ok
19:55:47.0347 0x2eb8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
19:55:47.0363 0x2eb8  vmicrdv - ok
19:55:47.0373 0x2eb8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
19:55:47.0388 0x2eb8  vmicshutdown - ok
19:55:47.0397 0x2eb8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
19:55:47.0412 0x2eb8  vmictimesync - ok
19:55:47.0423 0x2eb8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
19:55:47.0441 0x2eb8  vmicvss - ok
19:55:47.0446 0x2eb8  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
19:55:47.0453 0x2eb8  volmgr - ok
19:55:47.0462 0x2eb8  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
19:55:47.0478 0x2eb8  volmgrx - ok
19:55:47.0487 0x2eb8  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
19:55:47.0500 0x2eb8  volsnap - ok
19:55:47.0515 0x2eb8  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
19:55:47.0524 0x2eb8  vpci - ok
19:55:47.0536 0x2eb8  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
19:55:47.0548 0x2eb8  vsmraid - ok
19:55:47.0605 0x2eb8  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
19:55:47.0665 0x2eb8  VSS - ok
19:55:47.0689 0x2eb8  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
19:55:47.0703 0x2eb8  VSTXRAID - ok
19:55:47.0746 0x2eb8  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
19:55:47.0764 0x2eb8  vwifibus - ok
19:55:47.0804 0x2eb8  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
19:55:47.0822 0x2eb8  W32Time - ok
19:55:47.0892 0x2eb8  [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
19:55:47.0902 0x2eb8  w3logsvc - ok
19:55:47.0910 0x2eb8  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
19:55:47.0917 0x2eb8  WacomPen - ok
19:55:47.0947 0x2eb8  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:55:47.0956 0x2eb8  Wanarp - ok
19:55:47.0959 0x2eb8  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:55:47.0966 0x2eb8  Wanarpv6 - ok
19:55:48.0008 0x2eb8  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
19:55:48.0044 0x2eb8  WAS - ok
19:55:48.0095 0x2eb8  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
19:55:48.0137 0x2eb8  wbengine - ok
19:55:48.0153 0x2eb8  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
19:55:48.0187 0x2eb8  WbioSrvc - ok
19:55:48.0205 0x2eb8  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
19:55:48.0219 0x2eb8  Wcmsvc - ok
19:55:48.0274 0x2eb8  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
19:55:48.0294 0x2eb8  wcncsvc - ok
19:55:48.0334 0x2eb8  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
19:55:48.0345 0x2eb8  WcsPlugInService - ok
19:55:48.0372 0x2eb8  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
19:55:48.0380 0x2eb8  WdBoot - ok
19:55:48.0394 0x2eb8  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
19:55:48.0417 0x2eb8  Wdf01000 - ok
19:55:48.0427 0x2eb8  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
19:55:48.0439 0x2eb8  WdFilter - ok
19:55:48.0471 0x2eb8  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
19:55:48.0483 0x2eb8  WdiServiceHost - ok
19:55:48.0486 0x2eb8  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
19:55:48.0497 0x2eb8  WdiSystemHost - ok
19:55:48.0525 0x2eb8  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
19:55:48.0536 0x2eb8  WdNisDrv - ok
19:55:48.0552 0x2eb8  WdNisSvc - ok
19:55:48.0578 0x2eb8  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:55:48.0596 0x2eb8  WebClient - ok
19:55:48.0640 0x2eb8  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
19:55:48.0660 0x2eb8  Wecsvc - ok
19:55:48.0690 0x2eb8  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
19:55:48.0704 0x2eb8  WEPHOSTSVC - ok
19:55:48.0738 0x2eb8  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
19:55:48.0753 0x2eb8  wercplsupport - ok
19:55:48.0793 0x2eb8  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
19:55:48.0808 0x2eb8  WerSvc - ok
19:55:48.0828 0x2eb8  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
19:55:48.0836 0x2eb8  WFPLWFS - ok
19:55:48.0844 0x2eb8  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
19:55:48.0865 0x2eb8  WiaRpc - ok
19:55:48.0885 0x2eb8  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
19:55:48.0893 0x2eb8  WIMMount - ok
19:55:48.0894 0x2eb8  WinDefend - ok
19:55:48.0942 0x2eb8  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
19:55:48.0965 0x2eb8  WinHttpAutoProxySvc - ok
19:55:49.0014 0x2eb8  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:55:49.0029 0x2eb8  Winmgmt - ok
19:55:49.0113 0x2eb8  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
19:55:49.0181 0x2eb8  WinRM - ok
19:55:49.0216 0x2eb8  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
19:55:49.0241 0x2eb8  WinUsb - ok
19:55:49.0285 0x2eb8  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
19:55:49.0324 0x2eb8  WlanSvc - ok
19:55:49.0384 0x2eb8  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
19:55:49.0420 0x2eb8  wlidsvc - ok
19:55:49.0435 0x2eb8  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
19:55:49.0450 0x2eb8  WmiAcpi - ok
19:55:49.0485 0x2eb8  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
19:55:49.0494 0x2eb8  wmiApSrv - ok
19:55:49.0500 0x2eb8  WMPNetworkSvc - ok
19:55:49.0504 0x2eb8  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
19:55:49.0513 0x2eb8  Wof - ok
19:55:49.0550 0x2eb8  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
19:55:49.0601 0x2eb8  workfolderssvc - ok
19:55:49.0615 0x2eb8  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
19:55:49.0624 0x2eb8  wpcfltr - ok
19:55:49.0654 0x2eb8  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
19:55:49.0664 0x2eb8  WPCSvc - ok
19:55:49.0713 0x2eb8  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
19:55:49.0732 0x2eb8  WPDBusEnum - ok
19:55:49.0745 0x2eb8  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
19:55:49.0751 0x2eb8  WpdUpFltr - ok
19:55:49.0764 0x2eb8  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
19:55:49.0773 0x2eb8  ws2ifsl - ok
19:55:49.0806 0x2eb8  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
19:55:49.0830 0x2eb8  wscsvc - ok
19:55:49.0832 0x2eb8  WSearch - ok
19:55:49.0905 0x2eb8  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
19:55:50.0000 0x2eb8  WSService - ok
19:55:50.0097 0x2eb8  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
19:55:50.0160 0x2eb8  wuauserv - ok
19:55:50.0171 0x2eb8  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
19:55:50.0180 0x2eb8  WudfPf - ok
19:55:50.0194 0x2eb8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
19:55:50.0205 0x2eb8  WUDFRd - ok
19:55:50.0227 0x2eb8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
19:55:50.0237 0x2eb8  WUDFSensorLP - ok
19:55:50.0273 0x2eb8  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
19:55:50.0302 0x2eb8  wudfsvc - ok
19:55:50.0308 0x2eb8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
19:55:50.0317 0x2eb8  WUDFWpdFs - ok
19:55:50.0322 0x2eb8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
19:55:50.0332 0x2eb8  WUDFWpdMtp - ok
19:55:50.0360 0x2eb8  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
19:55:50.0381 0x2eb8  WwanSvc - ok
19:55:50.0415 0x2eb8  [ 377F3E3467A8BFA3CDC921AD6425D513, 699271DA1D63E90FE1F9FE8AF3A8789CA588A0B7A2AFF5899EBA443361E041A5 ] XSplit_Dummy    C:\WINDOWS\system32\drivers\xspltspk.sys
19:55:50.0420 0x2eb8  XSplit_Dummy - ok
19:55:50.0445 0x2eb8  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\WINDOWS\System32\drivers\xusb21.sys
19:55:50.0452 0x2eb8  xusb21 - ok
19:55:50.0455 0x2eb8  ================ Scan global ===============================
19:55:50.0504 0x2eb8  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
19:55:50.0541 0x2eb8  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
19:55:50.0566 0x2eb8  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
19:55:50.0602 0x2eb8  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
19:55:50.0611 0x2eb8  [ Global ] - ok
19:55:50.0612 0x2eb8  ================ Scan MBR ==================================
19:55:50.0644 0x2eb8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:55:50.0716 0x2eb8  \Device\Harddisk0\DR0 - ok
19:55:50.0719 0x2eb8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:55:50.0761 0x2eb8  \Device\Harddisk1\DR1 - ok
19:55:50.0761 0x2eb8  ================ Scan VBR ==================================
19:55:50.0763 0x2eb8  [ E0A910F6431A1DF4F1E543B6C7A5A5B0 ] \Device\Harddisk0\DR0\Partition1
19:55:50.0813 0x2eb8  \Device\Harddisk0\DR0\Partition1 - ok
19:55:50.0825 0x2eb8  [ C1AC28D254475E39BE6E0B2063DF1991 ] \Device\Harddisk0\DR0\Partition2
19:55:50.0879 0x2eb8  \Device\Harddisk0\DR0\Partition2 - ok
19:55:50.0890 0x2eb8  [ 2B2EE364C29758054406C94704C1E713 ] \Device\Harddisk0\DR0\Partition3
19:55:50.0890 0x2eb8  \Device\Harddisk0\DR0\Partition3 - ok
19:55:50.0897 0x2eb8  [ 16B563D912C0FAE04EA0168DE8E87D07 ] \Device\Harddisk0\DR0\Partition4
19:55:50.0943 0x2eb8  \Device\Harddisk0\DR0\Partition4 - ok
19:55:50.0968 0x2eb8  [ A2D7081E8B3779F9A3D2B7C962552F55 ] \Device\Harddisk0\DR0\Partition5
19:55:50.0970 0x2eb8  \Device\Harddisk0\DR0\Partition5 - ok
19:55:50.0977 0x2eb8  [ 1478A2C9B3B4170EAA80017CE426CEC4 ] \Device\Harddisk0\DR0\Partition6
19:55:50.0978 0x2eb8  \Device\Harddisk0\DR0\Partition6 - ok
19:55:50.0984 0x2eb8  [ 0984AD6D7A4CE397F2B140347770918E ] \Device\Harddisk0\DR0\Partition7
19:55:50.0985 0x2eb8  \Device\Harddisk0\DR0\Partition7 - ok
19:55:50.0985 0x2eb8  ================ Scan generic autorun ======================
19:55:51.0018 0x2eb8  [ 49BD5663071AA799AC0B1E6B48EB9257, 39364B7E08C87545B4E48264509D73800FE5B0A76E34E0B169DA489895820B22 ] C:\Program Files\IDT\WDM\beats64.exe
19:55:51.0020 0x2eb8  BeatsOSDApp - detected UnsignedFile.Multi.Generic ( 1 )
19:55:53.0354 0x2eb8  Detect skipped due to KSN trusted
19:55:53.0354 0x2eb8  BeatsOSDApp - ok
19:55:53.0440 0x2eb8  [ D5FFA9F81738C81253C0D3C7E03E3AB0, C908F7DAE626997128DEE511822245224BBA94C6C139DD284253EDBCE710D947 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
19:55:53.0481 0x2eb8  NvBackend - ok
19:55:53.0513 0x2eb8  [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\WINDOWS\system32\rundll32.exe
19:55:53.0539 0x2eb8  ShadowPlay - ok
19:55:53.0589 0x2eb8  [ 94BFCE236D6340011721470E394056E3, 42A7808F6C53C268354E9E47F0689FE2B4717F61E97CBAA0ABF33E0275B908EF ] C:\Program Files\IDT\WDM\sttray64.exe
19:55:53.0636 0x2eb8  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
19:55:55.0958 0x2eb8  Detect skipped due to KSN trusted
19:55:55.0958 0x2eb8  SysTrayApp - ok
19:55:56.0193 0x2eb8  [ 19ECAAEA3CC248489FE987C10B688C0D, 967CB23A8176B3181EE2A55DFBB04A69988AB22105D4C450C5B5E729B91FAD5A ] C:\Program Files\Logitech Gaming Software\LCore.exe
19:55:56.0394 0x2eb8  Launch LCore - ok
19:55:56.0466 0x2eb8  [ BAD24090378CD1D9D70DD21CF21D1BFB, A5FB5F8DCF33BB252304D6DA7CB62906E5A437A561A066A647C8D199EE3C57B8 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
19:55:56.0470 0x2eb8  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
19:55:58.0781 0x2eb8  Detect skipped due to KSN trusted
19:55:58.0781 0x2eb8  IAStorIcon - ok
19:55:58.0821 0x2eb8  [ B1964E8776FD7633F149788F5B2A71CB, E30AC137B9DC2D3456499E0BB3B1955D2E0F7FFDB11E7A290A9DA25C76F4FAF8 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
19:55:58.0835 0x2eb8  CDAServer - ok
19:55:58.0838 0x2eb8  [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\Windows\system32\rundll32.exe
19:55:58.0849 0x2eb8  Logitech Download Assistant - ok
19:55:58.0886 0x2eb8  [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
19:55:58.0892 0x2eb8  CLMLServer_For_P2G8 - ok
19:55:58.0912 0x2eb8  [ B35B97FC934A9A7D02232094128CD636, 08F9E36F7DB86325986712210DF1B235DAC4F76FB599D2756E863A9FAFEBD57B ] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
19:55:58.0926 0x2eb8  CLVirtualDrive - ok
19:55:59.0054 0x2eb8  [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
19:55:59.0167 0x2eb8  AvastUI.exe - ok
19:55:59.0236 0x2eb8  [ 603668084332DDB58D8C5AACE30B04FC, B6FA6BBE18D433F41F96640726444B7CB9D669BAE87A545E1408391B9469EDB9 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
19:55:59.0245 0x2eb8  iTunesHelper - ok
19:55:59.0277 0x2eb8  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
19:55:59.0289 0x2eb8  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
19:56:01.0639 0x2eb8  Detect skipped due to KSN trusted
19:56:01.0639 0x2eb8  QuickTime Task - ok
19:56:01.0652 0x2eb8  [ 71DE6F84C8F4F1B387366F5F472DF097, 57E207CA812793E3E8B7564F1C009D183DD3FBCF4F15B830B22CB0081A5D68CD ] C:\Program Files (x86)\i@Sky WIC\iatsky.exe
19:56:01.0681 0x2eb8  IATSKY - detected UnsignedFile.Multi.Generic ( 1 )
19:56:04.0009 0x2eb8  Detect skipped due to KSN trusted
19:56:04.0009 0x2eb8  IATSKY - ok
19:56:04.0100 0x2eb8  [ F6B7C701F4AA5F7BBEC8F4BEA47100E2, E04CA6F629693CFAA1632A7B7DD877BDF80133853DC7C9B40D5865B9C196B5E8 ] C:\Program Files (x86)\Origin\Origin.exe
19:56:04.0156 0x2eb8  EADM - ok
19:56:04.0246 0x2eb8  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
19:56:04.0319 0x2eb8  DAEMON Tools Lite - ok
19:56:04.0491 0x2eb8  [ E602DFD7B38FFA0C4E39CA6CFBCC44F8, 8F1E2F7559606D6165C4147CD8B223FC8352AC30491B67F7F9162D51B005C40A ] C:\Users\MinhKhoi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
19:56:04.0541 0x2eb8  Spotify Web Helper - ok
19:56:04.0583 0x2eb8  Skype - ok
19:56:04.0665 0x2eb8  [ 8F97EDDF827C64AB2C42971095BF2F76, 5A42AA8E3A5E5BA6E93F1CD5B3229022D881B6180976E48A219A7C80F3EBE37D ] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
19:56:04.0685 0x2eb8  Sony PC Companion - ok
19:56:04.0746 0x2eb8  [ 668A5B92BC57424509E1A64443806F06, 065DA4895AF9817596F9BE72BB11A04FF298CF553B302440691C578FFD4C23D2 ] C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
19:56:04.0783 0x2eb8  Advanced SystemCare 8 - ok
19:56:05.0035 0x2eb8  [ ECA8159FC4C9F4613565015199B1A44B, E394208BF7F800BF10E4144BBA66D083D642CA6C870831B78D549442C9CD22AC ] C:\Users\MinhKhoi\AppData\Roaming\Spotify\Spotify.exe
19:56:05.0190 0x2eb8  Spotify - ok
19:56:05.0265 0x2eb8  [ F288DAF124DD1329BDE302D5D88DB85C, EFDEC20C797C996174D0E98ADAFB35DED239D2564C02CB789021CB418AD1D4B4 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
19:56:05.0281 0x2eb8  GoogleChromeAutoLaunch_64D29EBBD6095DE27C76D9DCC05F0847 - ok
19:56:05.0340 0x2eb8  Lync - ok
19:56:05.0342 0x2eb8  Waiting for KSN requests completion. In queue: 7
19:56:06.0342 0x2eb8  Waiting for KSN requests completion. In queue: 7
19:56:07.0343 0x2eb8  Waiting for KSN requests completion. In queue: 7
19:56:08.0355 0x2eb8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
19:56:08.0355 0x2eb8  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
19:56:08.0356 0x2eb8  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x40010 ( disabled )
19:56:08.0365 0x2eb8  Win FW state via NFP2: enabled
19:56:10.0702 0x2eb8  ============================================================
19:56:10.0702 0x2eb8  Scan finished
19:56:10.0702 0x2eb8  ============================================================
19:56:10.0707 0x13a4  Detected object count: 1
19:56:10.0707 0x13a4  Actual detected object count: 1
19:56:35.0441 0x13a4  PrivoxyService ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:35.0441 0x13a4  PrivoxyService ( UnsignedFile.Multi.Generic ) - User select action: Skip

M-K-D-B · 14.07.2015, 11:27

Servus,

das mit Chrome sollten wir schon wieder hinbekommen.

Bitte alle alten Logdateien von MBAM mit Funden posten!

Zukünftig bitte beachten:

Zitat:

Running from C:\Users\MinhKhoi\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

Pretok · 14.07.2015, 16:16

Hallo Matthias!

Hier noch einmal die Log von gestern, die ich ohne Kenntnisse durchgeführt habe. Ich werde nun MBAM deinstallieren und erneut von Ihrer angeforderten Internetseite herunterladen.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 13.07.2015
Suchlauf-Zeit: 18:53:43
Logdatei: log13.7.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.13.03
Rootkit Datenbank: v2015.07.10.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: MinhKhoi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 403565
Verstrichene Zeit: 15 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-223650244-726234444-1137304623-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [8decb78ce1a9c2749487e537db282dd3], 

Registrierungswerte: 1
PUM.Bad.Proxy, HKU\S-1-5-21-223650244-726234444-1137304623-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, In Quarantäne, [097044ff6b1f57df69be55e310f57987]

Registrierungsdaten: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-223650244-726234444-1137304623-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MBBF361A1-104A-4067-8C8A-E67C4E372659&SearchSource=55&CUI=&UM=5&UP=SP7CF5E081-1CB1-498C-832B-1F9C614AF1C3&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MBBF361A1-104A-4067-8C8A-E67C4E372659&SearchSource=55&CUI=&UM=5&UP=SP7CF5E081-1CB1-498C-832B-1F9C614AF1C3&SSPV=),Ersetzt,[f98087bc8cfe7abcfb1708d06a9b3fc1]

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
Backdoor.Bot, C:\Users\MinhKhoi\Downloads\dreamscene_win7_64 - CHIP-Installer.exe, In Quarantäne, [d1a8da695a3014221eeb6b02a65aea16], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Hier die Logdatei des ADW-Cleaners:

Code:

ATTFilter

# AdwCleaner v4.208 - Bericht erstellt 14/07/2015 um 15:28:52
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : MinhKhoi - MINH-PC
# Gestarted von : C:\Users\MinhKhoi\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : PrivoxyService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\MinhKhoi\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\MinhKhoi\AppData\Roaming\Updater
Datei Gelöscht : C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\SecureWebChannel
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v39.0 (x86 de)


-\\ Google Chrome v43.0.2357.132

[C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
[C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M3FC52F83-3BB7-4EF2-837B-028351A540F4&SearchSource=58&CUI=&UM=5&UP=SP7CF5E081-1CB1-498C-832B-1F9C614AF1C3&q={searchTerms}&SSPV=

-\\ Opera v30.0.1835.88


*************************

AdwCleaner[R0].txt - [3907 Bytes] - [14/07/2015 15:27:57]
AdwCleaner[S0].txt - [3222 Bytes] - [14/07/2015 15:28:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3281  Bytes] ##########

MBAM Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.07.2015
Suchlauf-Zeit: 15:36:56
Logdatei: mbamlog.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.14.03
Rootkit Datenbank: v2015.07.10.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: MinhKhoi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 409185
Verstrichene Zeit: 14 Min, 45 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-223650244-726234444-1137304623-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MBBF361A1-104A-4067-8C8A-E67C4E372659&SearchSource=55&CUI=&UM=5&UP=SP7CF5E081-1CB1-498C-832B-1F9C614AF1C3&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MBBF361A1-104A-4067-8C8A-E67C4E372659&SearchSource=55&CUI=&UM=5&UP=SP7CF5E081-1CB1-498C-832B-1F9C614AF1C3&SSPV=),Ersetzt,[1a91c0211c6e4de942846fb6b84d27d9]

Ordner: 1
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector, In Quarantäne, [d0dbffe213772214410e23dc788af709], 

Dateien: 15
Backdoor.Agent.WD, C:\Users\MinhKhoi\AppData\Local\Temp\hp_u_823824.exe, In Quarantäne, [674419c8b9d146f032b965ea728e30d0], 
PUP.Optional.DownloadGuide.A, C:\Users\MinhKhoi\Downloads\TCPOptimizer_CB-DL-Manager.exe, In Quarantäne, [edbeba27bad0191db7335d4c0df4a15f], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\checkproxy.exe, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\config.txt, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\default.action, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\default.filter, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\itchromium.exe, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\itchromium64.exe, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\mgwz.dll, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\privoxy.exe, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\privoxy.log, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\ssweb.dll, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\ssweb64.dll, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\tsff.exe, In Quarantäne, [d0dbffe213772214410e23dc788af709], 
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Safesoft Protector\tsie.dll, In Quarantäne, [d0dbffe213772214410e23dc788af709], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

JRT-Log

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.7 (07.13.2015:1)
OS: Windows 8.1 x64
Ran by MinhKhoi on 14.07.2015 at 17:07:50,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-223650244-726234444-1137304623-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\MinhKhoi\appdata\local\{0EB9AB3E-E9C0-4AA9-954A-029F3EA03C46}
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\MinhKhoi\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin



~~~ FireFox

Successfully deleted: [Folder] C:\Users\MinhKhoi\AppData\Roaming\mozilla\firefox\profiles\kaosrq9v.default\extensions\iobitascsurfingprotection@iobit.com
Successfully deleted the following from C:\Users\MinhKhoi\AppData\Roaming\mozilla\firefox\profiles\kaosrq9v.default\prefs.js

user_pref(extensions.xpiState, {\app-profile\:{\iobitascsurfingprotection@iobit.com\:{\d\:\C:\\\\Users\\\\MinhKhoi\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Pro



~~~ Chrome


[C:\Users\MinhKhoi\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\MinhKhoi\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\MinhKhoi\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\MinhKhoi\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.07.2015 at 17:11:53,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by MinhKhoi (administrator) on MINH-PC on 14-07-2015 17:14:11
Running from C:\Users\MinhKhoi\Desktop
Loaded Profiles: MinhKhoi (Available Profiles: MinhKhoi)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [IATSKY] => C:\Program Files (x86)\i@Sky WIC\iatsky.exe [335872 2011-07-26] ()
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-10] (Electronic Arts)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Spotify Web Helper] => C:\Users\MinhKhoi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [456576 2015-06-10] (Sony)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Spotify] => C:\Users\MinhKhoi\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\MountPoints2: {94ce0f5a-0953-11e5-beb8-4c72b9417483} - "K:\Setup.exe" 
Startup: C:\Users\MinhKhoi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-02-23]
ShortcutTarget: Curse.lnk -> C:\Users\MinhKhoi\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-223650244-726234444-1137304623-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FB7344AC-CC7C-4AC5-8903-FD6693C64965} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FB7344AC-CC7C-4AC5-8903-FD6693C64965} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-223650244-726234444-1137304623-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-223650244-726234444-1137304623-1001 -> {FB7344AC-CC7C-4AC5-8903-FD6693C64965} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2E05EAAA-047A-4B66-9B46-9A00C5A103F1}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\MinhKhoi\AppData\Roaming\Mozilla\Firefox\Profiles\kaosrq9v.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-09] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-06-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-06-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-223650244-726234444-1137304623-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MinhKhoi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-16] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\MinhKhoi\AppData\Roaming\Mozilla\Firefox\Profiles\kaosrq9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-02]

Chrome: 
=======
CHR Profile: C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-02]
CHR Extension: (Google Drive) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-02]
CHR Extension: (YouTube) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-02]
CHR Extension: (Google Search) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-02]
CHR Extension: (Avast SafePrice) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-04]
CHR Extension: (AdBlock) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-15]
CHR Extension: (Avast Online Security) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Dingit Infinite HD App) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnhnfikffkjbdnfallfpgikamegbbag [2015-05-22]
CHR Extension: (Google Wallet) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02]
CHR Extension: (Gmail) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\MinhKhoi\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-01] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-08] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2015-06-13] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-08] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-08] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-10] (Electronic Arts)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-23] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-06-02] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-02] (Disc Soft Ltd)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2015-06-05] (CSR plc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2015-06-13] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-01] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 17:14 - 2015-07-14 17:14 - 00023421 _____ C:\Users\MinhKhoi\Desktop\FRST.txt
2015-07-14 17:11 - 2015-07-14 17:11 - 00002726 _____ C:\Users\MinhKhoi\Desktop\JRT.txt
2015-07-14 16:07 - 2015-07-14 16:07 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-MINH-PC-Windows-8.1-(64-bit).dat
2015-07-14 16:07 - 2015-07-14 16:07 - 00000000 ____D C:\RegBackup
2015-07-14 16:06 - 2015-07-14 16:06 - 03034266 _____ (Malwarebytes Corporation) C:\Users\MinhKhoi\Desktop\JRT.exe
2015-07-14 15:36 - 2015-07-14 17:01 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 15:36 - 2015-07-14 15:36 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-14 15:36 - 2015-07-14 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-14 15:36 - 2015-07-14 15:36 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-14 15:36 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-14 15:36 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-14 15:36 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-14 15:35 - 2015-07-14 15:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\MinhKhoi\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-14 15:27 - 2015-07-14 15:28 - 00000000 ____D C:\AdwCleaner
2015-07-14 15:26 - 2015-07-14 15:26 - 00000000 ____D C:\Users\MinhKhoi\Desktop\das
2015-07-14 15:25 - 2015-07-14 15:25 - 02248704 _____ C:\Users\MinhKhoi\Desktop\AdwCleaner_4.208.exe
2015-07-13 20:26 - 2015-07-14 15:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-13 19:53 - 2015-07-13 19:53 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\MinhKhoi\Downloads\tdsskiller44.exe
2015-07-13 19:25 - 2015-07-13 19:26 - 00056691 _____ C:\Users\MinhKhoi\Downloads\Addition.txt
2015-07-13 19:25 - 2015-07-13 19:26 - 00046222 _____ C:\Users\MinhKhoi\Downloads\FRST.txt
2015-07-13 19:24 - 2015-07-14 17:14 - 00000000 ____D C:\FRST
2015-07-13 19:24 - 2015-07-13 19:24 - 02133504 _____ (Farbar) C:\Users\MinhKhoi\Desktop\FRST64.exe
2015-07-13 18:56 - 2015-07-13 19:04 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-07-13 18:56 - 2015-07-13 19:04 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-07-13 18:52 - 2015-07-13 18:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 18:37 - 2015-07-14 16:00 - 00001540 _____ C:\WINDOWS\setupact.log
2015-07-13 18:37 - 2015-07-13 18:37 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-13 18:37 - 2015-07-01 20:50 - 00017448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngiodriver_x64
2015-07-13 18:36 - 2015-07-14 15:58 - 00216212 _____ C:\WINDOWS\PFRO.log
2015-07-12 21:54 - 2015-07-12 21:54 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-07-09 23:05 - 2015-07-09 23:05 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\CSO
2015-07-09 23:05 - 2015-07-09 23:05 - 00000000 ____D C:\ProgramData\Nexon
2015-07-09 15:59 - 2015-07-09 15:59 - 00000222 _____ C:\Users\MinhKhoi\Desktop\Counter-Strike Nexon Zombies.url
2015-07-03 22:04 - 2015-07-04 17:09 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner (4)
2015-07-02 17:43 - 2015-07-02 17:43 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\UE BOOM
2015-07-02 17:43 - 2015-07-02 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Ears
2015-07-02 17:43 - 2015-07-02 17:43 - 00000000 ____D C:\Program Files (x86)\UE BOOM Update-Assistent 1.4.52
2015-07-02 17:36 - 2015-07-02 17:36 - 11275208 _____ (Logitech, Inc.) C:\Users\MinhKhoi\Downloads\UEFWUpdate_1.4.52.exe
2015-07-01 20:56 - 2015-07-01 20:56 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-01 20:56 - 2015-07-01 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-01 20:55 - 2015-07-01 20:55 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-07-01 20:55 - 2015-07-01 20:55 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-29 18:34 - 2015-06-29 18:34 - 00000222 _____ C:\Users\MinhKhoi\Desktop\Clicker Heroes.url
2015-06-29 18:34 - 2015-06-29 18:34 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\com.playsaurus.heroclicker
2015-06-28 10:27 - 2015-06-28 10:29 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Minh Khoi
2015-06-24 20:37 - 2015-06-24 20:37 - 04053824 _____ (SEC) C:\Users\MinhKhoi\Downloads\EWS_V3.70.5.0.exe
2015-06-23 19:53 - 2015-06-23 19:53 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Aufgabe 1
2015-06-20 15:20 - 2015-06-20 15:20 - 00000000 ____D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2015-06-20 15:19 - 2015-06-20 15:19 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\hpqLog
2015-06-17 19:49 - 2015-06-17 20:02 - 1073595164 _____ C:\Users\MinhKhoi\Downloads\Spiele_usbstick.zip
2015-06-16 13:35 - 2015-06-16 13:36 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner (3)
2015-06-16 13:35 - 2015-06-16 13:35 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner (2)
2015-06-16 12:27 - 2015-06-16 12:27 - 00000000 ____D C:\Users\MinhKhoi\Documents\My Games
2015-06-15 19:23 - 2015-06-15 19:23 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2015-06-15 19:22 - 2015-06-15 19:22 - 00002291 _____ C:\Users\Public\Desktop\Samsung Drucker-Diagnose.lnk
2015-06-15 19:16 - 2015-06-15 19:16 - 03439936 _____ C:\Users\MinhKhoi\Downloads\SamsungPrinterInstaller.exe
2015-06-15 18:15 - 2015-06-15 18:15 - 00000222 _____ C:\Users\MinhKhoi\Desktop\Chivalry Medieval Warfare.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 17:06 - 2014-10-22 23:32 - 01827338 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-14 17:03 - 2014-06-02 18:33 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 17:02 - 2014-06-02 19:21 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Skype
2015-07-14 17:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-14 17:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-14 16:55 - 2014-06-02 07:13 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-223650244-726234444-1137304623-1001
2015-07-14 16:53 - 2015-01-12 18:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-14 16:09 - 2015-01-11 19:24 - 00005080 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MINH-PC-MinhKhoi Minh-PC
2015-07-14 16:06 - 2014-06-02 20:11 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Spotify
2015-07-14 16:01 - 2014-06-02 20:12 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Spotify
2015-07-14 16:00 - 2015-02-23 16:17 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Curse Client
2015-07-14 16:00 - 2014-10-23 12:01 - 00000000 ____D C:\Users\MinhKhoi\OneDrive
2015-07-14 16:00 - 2014-06-02 07:09 - 00000000 ____D C:\ProgramData\Origin
2015-07-14 15:58 - 2014-11-12 16:19 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-07-14 15:58 - 2014-10-22 23:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-14 15:58 - 2014-06-02 18:33 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 15:58 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-14 15:36 - 2014-11-08 12:43 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{82CBEA4B-27EC-4DAD-8ED4-3FA6ACCF9DC7}
2015-07-14 15:35 - 2015-01-11 19:27 - 00003850 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1420997251
2015-07-14 15:35 - 2015-01-11 19:27 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-14 15:35 - 2015-01-11 19:27 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-14 15:32 - 2014-06-02 18:41 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-14 15:29 - 2014-07-15 08:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-13 19:45 - 2014-06-01 23:33 - 00000000 _____ C:\Recovery.txt
2015-07-13 19:34 - 2014-09-24 08:17 - 00006740 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-13 19:34 - 2014-09-24 07:43 - 00871112 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-13 19:34 - 2014-09-24 07:43 - 00200794 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-13 19:17 - 2014-11-16 19:39 - 00007690 _____ C:\WINDOWS\system32\--traceoff
2015-07-13 19:17 - 2014-11-16 19:34 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Sony
2015-07-13 19:17 - 2014-09-18 17:18 - 00000000 ____D C:\ProgramData\Sony
2015-07-13 19:17 - 2014-09-18 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-07-13 19:17 - 2014-09-18 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2015-07-13 18:53 - 2014-06-02 19:27 - 01474560 ___SH C:\Users\MinhKhoi\Desktop\Thumbs.db
2015-07-13 18:37 - 2014-12-04 22:33 - 00002199 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-07-13 18:37 - 2014-10-22 23:36 - 00000000 ____D C:\Users\MinhKhoi
2015-07-13 18:36 - 2014-06-04 20:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-13 18:26 - 2015-05-25 10:46 - 00070144 _____ C:\WINDOWS\SysWOW64\tasks.dll
2015-07-12 00:13 - 2014-06-06 22:21 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\TS3Client
2015-07-12 00:06 - 2015-01-12 18:53 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-10 21:21 - 2015-06-12 22:27 - 00003180 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMinhKhoi
2015-07-10 21:21 - 2015-06-12 22:27 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMinhKhoi.job
2015-07-10 17:28 - 2014-06-02 19:40 - 00228352 ___SH C:\Users\MinhKhoi\Downloads\Thumbs.db
2015-07-10 14:04 - 2014-06-02 07:09 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-10 14:01 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-09 23:05 - 2014-06-14 17:36 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-09 17:53 - 2015-01-12 18:53 - 00003860 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-07-09 17:53 - 2015-01-12 18:53 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-09 16:04 - 2014-06-02 18:33 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-09 15:59 - 2014-06-05 18:40 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-09 15:56 - 2014-09-18 17:18 - 00002044 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-07-09 15:56 - 2012-12-06 21:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-06 23:24 - 2014-11-03 18:48 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2014-11-03 18:48 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 10:30 - 2015-01-12 18:52 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Adobe
2015-07-04 09:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-02 22:44 - 2014-06-02 18:40 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-07-01 20:59 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-01 20:55 - 2014-06-02 18:40 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-01 20:54 - 2014-06-02 18:40 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-29 22:41 - 2014-06-02 07:05 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Packages
2015-06-28 10:36 - 2015-06-10 18:27 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\.filius
2015-06-24 20:37 - 2015-01-19 22:44 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-06-23 19:52 - 2015-02-16 19:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-20 15:21 - 2012-12-06 21:39 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-06-20 15:20 - 2012-12-06 21:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-06-20 15:20 - 2012-12-06 21:40 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-06-20 15:19 - 2012-08-02 05:15 - 00000000 ____D C:\SWSETUP
2015-06-19 22:28 - 2015-06-12 22:27 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-06-19 21:53 - 2014-06-03 18:40 - 00000099 _____ C:\Users\Public\LMDebug.log
2015-06-15 19:23 - 2015-01-19 22:45 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Samsung
2015-06-15 19:23 - 2015-01-19 22:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-06-15 19:23 - 2014-06-02 07:09 - 00000000 ____D C:\ProgramData\Samsung
2015-06-15 19:15 - 2015-01-01 00:02 - 00000000 __SHD C:\Users\MinhKhoi\AppData\Local\EmieBrowserModeList
2015-06-15 19:15 - 2014-11-08 12:43 - 00000000 __SHD C:\Users\MinhKhoi\AppData\Local\EmieUserList
2015-06-15 19:15 - 2014-11-08 12:43 - 00000000 __SHD C:\Users\MinhKhoi\AppData\Local\EmieSiteList

==================== Files in the root of some directories =======

2014-06-02 07:07 - 2014-06-02 07:07 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\MinhKhoi\AppData\Local\Temp\Quarantine.exe
C:\Users\MinhKhoi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\MinhKhoi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-14 16:22

==================== End of log ============================

Addition

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by MinhKhoi at 2015-07-14 17:14:33
Running from C:\Users\MinhKhoi\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-223650244-726234444-1137304623-500 - Administrator - Disabled)
Gast (S-1-5-21-223650244-726234444-1137304623-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-223650244-726234444-1137304623-1003 - Limited - Enabled)
MinhKhoi (S-1-5-21-223650244-726234444-1137304623-1001 - Administrator - Enabled) => C:\Users\MinhKhoi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield™ Hardline-Beta (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Becker Content Manager (HKLM-x32\...\Becker Content Manager) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version:  - )
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
i@Sky WIC (HKLM-x32\...\i@Sky WIC) (Version: 1.1 - iatsky)
i@Sky WIC (x32 Version: 1.1 - iatsky) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.31 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{d1a77557-43bc-4f85-940a-0dcfe57b885a}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.16 - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.51.00(19.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.5.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.31 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Sniper Elite 3 Update 1 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Sniper Elite 3, âåðñèÿ 1.0 (HKLM-x32\...\Sniper Elite 3_is1) (Version: 1.0 - )
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.275 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.275 - Sony)
Spotify (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{5BF68D14-5E8F-4178-9DCC-34194C27DB64}) (Version: 6.1.4.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
UE BOOM Update-Assistent (HKLM-x32\...\{AABC2E40-7BF0-4E24-BB20-DED8905BDFBB}) (Version: 1.4.52 - Logitech, Inc.)
Unity Web Player (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Vivaldi (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Vivaldi) (Version: 1.0.94.2 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
XSplit Broadcaster (HKLM-x32\...\{31D17C3E-3D43-4C0E-B816-6730706AC390}) (Version: 2.1.1501.0626 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-07-2015 19:16:17 Removed Vegas Pro 13.0 (64-bit)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {036A2669-4047-4271-AF78-A3859B483F63} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {13FC0A5E-77AF-4A14-99CC-2E21119F318E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2BEE2B7F-82D3-4E0B-8D69-3642985BDAFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2F5DDD9F-2578-442C-9874-4C0283EC9987} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {5F84FCB5-AA94-432B-BAA8-055E8EFD45E8} - System32\Tasks\Opera scheduled Autoupdate 1420997251 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {6436E179-19C9-4FF9-9453-9B19FD9C7585} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {86D17DFD-61A6-4DDE-82FC-81C4DD03945E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MINH-PC-MinhKhoi Minh-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {924B4A54-6FC2-4332-8B76-444857BA672B} - System32\Tasks\HPCeeScheduleForMinhKhoi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {96C1A14E-417C-488A-A262-CD2E7CEA58DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {9A87B413-7AEA-4555-9064-0251D9E99FC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: {9CC51698-5446-4271-BDB1-78410B510B99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE5FB5AE-CC24-42CF-98D5-E0B666E02B2D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B224E761-10D3-4216-8AD6-1E4F10D36700} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {B8B7402A-5EEE-45BA-B602-F2821FE80774} - System32\Tasks\ASC8_SkipUac_MinhKhoi => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit)
Task: {CF3B0B99-A334-4842-9FA3-95EB91E1D657} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {CFDCBE09-532A-4ECF-B6B6-6B4702DBE003} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {D145C36A-D742-4699-A565-34C4853777A4} - System32\Tasks\System Defrag => C:\Users\MinhKhoi\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {DA3A5AC1-8096-4D77-95C2-EEF0C489BA5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: {E734DBE6-1A39-4352-A695-E649BE7D0FEA} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-10] (IObit)
Task: {EB51E74A-9A8E-496B-9897-B3D56572726B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {EDD3644B-F3D2-4A72-9293-48CAE43E0D6C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {F97BCB6F-FC28-4F97-ABA1-64552BC46E9D} - System32\Tasks\Video Update Service => C:\Program Files (x86)\Video Update\VideoUpdate.exe [2015-05-28] (Secure Updater)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_MinhKhoi.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMinhKhoi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2015-01-19 22:44 - 2014-04-16 10:22 - 00029184 _____ () C:\WINDOWS\System32\usp01l.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-23 11:58 - 2014-10-23 11:58 - 00120224 _____ () C:\Users\MinhKhoi\AppData\Local\assembly\dl3\JNBN5L2Y.8X8\HOMPJTMT.3KQ\0b0d9b97\0017145d_cd85cd01\HPItunesModule.DLL
2015-07-01 20:55 - 2015-07-01 20:55 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 20:55 - 2015-07-01 20:55 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-14 15:29 - 2015-07-14 15:29 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071400\algo.dll
2015-07-01 20:55 - 2015-07-01 20:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-13 12:26 - 2015-06-13 12:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\MinhKhoi\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-223650244-726234444-1137304623-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1680x1050.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{7A7D6ADD-900A-4A83-9E26-504A09BEDE48}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{773CB243-6C14-4237-8EA8-2061C580B8B4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{433E6DD7-29F6-4B36-A99D-543368CF22D6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{57F0425F-7B66-4949-92C8-767D90E5567F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{02250601-7341-463D-9439-EE7081CC85B1}C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DDF7BB31-62B2-4E81-A178-2200573CCD4A}C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E8559618-DDA3-48BD-8651-F1CBC747CFC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8805F573-0346-4BF5-BD5F-648CF773DFAE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{1886400D-18D5-4EAB-A31F-626C96116FFE}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{F981EF4D-8660-4EA0-A78F-6BAD51E480D0}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{BFCAA31A-CDEC-4834-8128-C416960EA199}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{81DFEA9E-BFCA-4BFF-8AD1-F5075383C508}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4049ED6C-DE36-4DBC-AA25-7BA96D4E1876}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5D325734-8A3F-4BD1-8CF7-DD54BFDB43B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{3F65BB43-B56D-4FDB-8415-C4A8A2822C1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{28F20239-B6C9-46EE-BA48-9A8A50A63A57}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{516D568E-3FFC-4EC3-AB8D-9D7029B83377}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DF03D1EF-4EA1-48CC-875B-5E02376FF8BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CD1FC98B-0B99-4735-BA5B-C53F39BE4CC3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{62844338-5B34-42FD-B36A-E6A5443474E4}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta 2\bfh.exe
FirewallRules: [{CCB44AC7-675A-4DEF-8B1B-E1F0485EA4AA}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta 2\bfh.exe
FirewallRules: [{B7A47422-9BB4-4EBC-958F-B5A27A20C562}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{003E2F54-A7A9-490B-A6C5-DB166FABF59D}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{DA7E3E18-F917-495D-857D-CA8DF668B9A6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{14B616F0-3478-4B12-A599-FC6E03438BA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F2A41379-1B4B-4A79-B357-0698CEE0B608}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{591E0038-3FAB-4582-8425-BABB55FBFAEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0A9731EF-C5AC-4098-81BB-424567CED144}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{8642CBE5-6545-4C34-851E-A83B89CAB5DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [TCP Query User{98B1F03D-DF40-4D3C-8D5B-4E990218407C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FD540336-BAB4-47A8-B8FA-BD7D976D71C5}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8DBF38E5-3BA9-4E4B-AFEA-830678BF59FF}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{076642CF-4833-4CBC-ACAC-8767D462F064}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{363F5705-411A-44C6-BDC5-342311776355}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0922780B-238A-44FC-A655-E6E1DD7A64F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{28EBE219-6C31-4BF1-BC1A-85DAC47B4672}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{588BDD01-5B63-413C-8817-79581C5FFC32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4BBE19D7-5F83-41B7-8782-6E9B4D607AE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EE8159B6-42A5-4B18-81A0-659A57325746}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9D89B260-7381-43BB-BCA5-051D08978CC7}] => (Allow) C:\Users\MinhKhoi\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{B1C3ECEC-D176-4B4B-84A6-997B96E8414A}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{67A4BF5B-9E4A-417F-A072-8CB4935CF3CA}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{1130CE51-8083-4267-88FD-69392BCFDF08}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0984A374-9A6B-46BD-9B69-B72FAB6802B6}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CA8E481F-2A6A-44F2-880C-4CF0120969F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF978C71-5257-4338-BCEA-36DBF01359BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BA64512D-51DD-4098-A425-CE87219F95FA}C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EA8B88BE-370B-4F18-A9F5-582357B26949}C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{19747B52-B76F-4E12-975C-B71A49CDBD38}] => (Allow) C:\Users\MinhKhoi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39B2900E-1017-4F20-A557-BE1CF125BD72}] => (Allow) C:\Users\MinhKhoi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{79AD3780-D016-4DE3-BCA9-4A201A9DFE1E}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CED9E320-09E7-43EB-B161-BF71DC537E3B}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{19CDE7AD-EABF-4CAF-9CC5-9010E1D35037}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{17D7B367-B84E-404B-98FD-DCF9D92FB9DC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{C0C41909-9CE3-4E87-8EA9-C10E603A8D15}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{863B2E4B-6962-4557-8AD2-8C9708722756}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{CC32ABBA-00DA-49A0-9906-CB34F043D0EB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{7303E58F-FFE2-49F6-A3CE-5E47D002BB0A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{F4910809-D151-4EDE-A42D-238B02472087}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{FD5FD801-B03D-4134-905A-CE9DF6EB97E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{FDEBC6CA-7F52-4B22-BDF7-AA4E99B66C82}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{ADCE0AD2-2B61-4B39-8137-F314B91519DA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{FC0427FC-6017-41ED-96C7-0B7A78F0521F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{776C66B7-6C7B-4CC6-83D0-AE12738104A2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{87E4C87D-C252-4A99-AF08-1EA071006708}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{F7A6C1BB-A0C2-4673-BA43-F2BD7316C10C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{D66E9D1A-04F5-4B38-9B9D-0DAC13EA607E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{E7E9E9E9-B05F-4852-B6CF-615B1B7C0E9C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{80630561-C02A-4DEC-96D9-62B74BEC293E}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{190A0855-4BA7-42DA-8523-4994FD7A2382}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{BF22EA54-50F7-4C9F-BB72-B94FF29F7966}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{DC27268D-BAB9-4618-B078-B262E5BEFA3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{3712F910-E454-4D15-A9A7-1A0F60046788}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{3913369C-C9ED-4E1B-8ECC-712D3A0A245B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{3A8C2991-0935-4068-9DFF-55EB585DBF80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{53B65118-F224-487C-B25C-47839D9349C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{159AD28B-BE4F-433B-A8C3-7341F7CFAC67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{D6605F0A-B7AD-4F0D-8AC6-C5784F83E3C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{193E9389-1455-433A-84A4-D84C1202E50D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4A124292-B503-483A-80BC-49F9E632472B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{5FED9969-6B47-4D55-B4AC-74D361C73E6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{63B4948E-55DC-4082-BF52-26D944DB6CB3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A9A1D139-D900-4AFB-8356-7D306407FC9F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5FD86DAA-5085-4B3A-91C4-ACFE0B4B284C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{09A7EDF8-FEA4-496E-BE83-F7142CBE22B0}] => (Allow) LPort=53000
FirewallRules: [{CCE5421D-BC4A-4365-8811-996C66723F84}] => (Allow) LPort=52000

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2015 05:13:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/14/2015 05:13:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/14/2015 05:13:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/14/2015 05:13:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/14/2015 05:07:45 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/14/2015 05:07:45 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/14/2015 05:07:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/14/2015 05:07:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/14/2015 05:01:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (07/14/2015 05:01:17 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4


System errors:
=============
Error: (07/14/2015 05:08:51 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/14/2015 05:08:49 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/14/2015 05:08:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/14/2015 05:08:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 05:08:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 05:08:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 05:08:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/14/2015 05:08:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/14/2015 05:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 05:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/14/2015 05:13:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/14/2015 05:13:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/14/2015 05:13:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/14/2015 05:13:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/14/2015 05:07:45 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/14/2015 05:07:45 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/14/2015 05:07:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/14/2015 05:07:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/14/2015 05:01:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (07/14/2015 05:01:17 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 12227.56 MB
Available physical RAM: 10076.47 MB
Total Virtual: 12835.56 MB
Available Virtual: 10459.58 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.01 GB) (Free:574.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.25 GB) (Free:1.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 93A3E1D4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: FF9F03C9)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

==================== End of log ============================

--- --- ---

M-K-D-B · 15.07.2015, 04:57

Servus,

Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in die Zeile:
Code:
ATTFilter
```
Safesoft Protector;SafesoftProtector;
         
```
Drücke auf Search Registry.
FRST beginnt mit dem Suchlauf. Dies kann einige Zeit dauern.
Am Ende erstellt FRST eine Textdatei Search.txt.
Poste mir deren Inhalt mit deiner nächsten Antwort.

Pretok · 15.07.2015, 06:29

Guten Morgen Matthias!

Hier die Search.txt

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by MinhKhoi at 2015-07-15 07:27:58
Running from C:\Users\MinhKhoi\Desktop
Boot Mode: Normal

================== Search Registry: "Safesoft Protector;SafesoftProtector" ===========

====== End of Search ======

M-K-D-B · 15.07.2015, 14:51

Servus,

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Wählen Sie eine
Kopiere nun folgendes in die Suchleiste
Code:
ATTFilter
```
C:\Program Files (x86)\Video Update\VideoUpdate.exe
         
```
und klicke auf Öffnen.
Klicke auf Scannen!.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen

Zitat:

Diese Datei wurde bereits von VirusTotal analysiert...

klicke auf Neu analysieren.
Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Pretok · 15.07.2015, 14:58

Hallo!

https://www.virustotal.com/de/file/37c967e9dbc1cac7349fb9b5d2280c7f52551e8ad552740856da38aef8009c7f/analysis/1436968660/

M-K-D-B · 15.07.2015, 15:10

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
Task: {D145C36A-D742-4699-A565-34C4853777A4} - System32\Tasks\System Defrag => C:\Users\MinhKhoi\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
C:\Users\MinhKhoi\AppData\Roaming\Updater
Task: {F97BCB6F-FC28-4F97-ABA1-64552BC46E9D} - System32\Tasks\Video Update Service => C:\Program Files (x86)\Video Update\VideoUpdate.exe [2015-05-28] (Secure Updater)
C:\Program Files (x86)\Video Update
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck,
die beiden neuen Logdateien von FRST.

Pretok · 15.07.2015, 22:54

Guten Abend!

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by MinhKhoi at 2015-07-15 21:40:21 Run:1
Running from C:\Users\MinhKhoi\Desktop
Loaded Profiles: MinhKhoi &  (Available Profiles: MinhKhoi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
Task: {D145C36A-D742-4699-A565-34C4853777A4} - System32\Tasks\System Defrag => C:\Users\MinhKhoi\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
C:\Users\MinhKhoi\AppData\Roaming\Updater
Task: {F97BCB6F-FC28-4F97-ABA1-64552BC46E9D} - System32\Tasks\Video Update Service => C:\Program Files (x86)\Video Update\VideoUpdate.exe [2015-05-28] (Secure Updater)
C:\Program Files (x86)\Video Update
RemoveProxy:
EmptyTemp:
end
         
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D145C36A-D742-4699-A565-34C4853777A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D145C36A-D742-4699-A565-34C4853777A4}" => key removed successfully
C:\Windows\System32\Tasks\System Defrag => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Defrag" => key removed successfully
"C:\Users\MinhKhoi\AppData\Roaming\Updater" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F97BCB6F-FC28-4F97-ABA1-64552BC46E9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F97BCB6F-FC28-4F97-ABA1-64552BC46E9D}" => key removed successfully
C:\Windows\System32\Tasks\Video Update Service => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video Update Service" => key removed successfully
C:\Program Files (x86)\Video Update => moved successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-223650244-726234444-1137304623-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-223650244-726234444-1137304623-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-223650244-726234444-1137304623-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-223650244-726234444-1137304623-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 488.2 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 21:41:46 ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d86cd766b60ac545b14f447095e5e31a
# end=init
# utc_time=2015-07-15 07:49:00
# local_time=2015-07-15 09:49:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24815
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d86cd766b60ac545b14f447095e5e31a
# end=updated
# utc_time=2015-07-15 07:51:02
# local_time=2015-07-15 09:51:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d86cd766b60ac545b14f447095e5e31a
# engine=24815
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-15 09:23:33
# local_time=2015-07-15 11:23:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 189994 35268178 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1218226 14077804 0 0
# scanned=356577
# found=7
# cleaned=0
# scan_time=5549
sh=5E850613B26FF16DD35B67A855C343D5722ABEE0 ft=1 fh=a20c7e20a8157dc5 vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="C:\Program Files (x86)\R.G. Mechanics\Grand Theft Auto V\3dmgame.dll"
sh=0918448BCAF31A76C61B02901227F9D70E3692C2 ft=1 fh=4497163f0ba9fbb5 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\MinhKhoi\AppData\Roaming\uTorrent\updates\3.4.2_31515.exe"
sh=BF5699E6D562EF964CB086F5D4BD57AE84ADA7AE ft=1 fh=e09f325aaea092b0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\MinhKhoi\Downloads\Audacity - CHIP-Installer.exe"
sh=84B67591FC02EA94BBD15A057FAEC2BCD3DE28B4 ft=1 fh=0fe48e0e4f79471c vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\MinhKhoi\Downloads\MorphVox Jr - CHIP-Installer.exe"
sh=0918448BCAF31A76C61B02901227F9D70E3692C2 ft=1 fh=4497163f0ba9fbb5 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\MinhKhoi\Downloads\uTorrent_v.3.4.2_31515.exe"
sh=44EAD887B2155A0A5E4D35D735E094C049ADBBD5 ft=1 fh=b79d87759f8f72a3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\MinhKhoi\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
sh=9EC25E1B17FE206E0D74685839997774D24A5B6C ft=1 fh=ab73f05cb3c355a1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\MinhKhoi\Downloads\Vollversion Advanced SystemCare 8 Pro - CHIP-Installer.exe"

Mir ist gerade eingefallen. Das auf dem Computer eine wahrscheinlich nicht legale Version von GTA V installiert ist. Ein Freund installierte mir diese. Ich werde das Spiel unverzüglich löschen. Dafür entschuldige ich mich sehr.

Code:

ATTFilter

 Results of screen317's Security Check version 1.004  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	18.0.0.209  
 Adobe Reader XI  
 Mozilla Firefox (39.0) 
 Google Chrome (43.0.2357.132) 
 Google Chrome (43.0.2357.134) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by MinhKhoi (administrator) on MINH-PC on 15-07-2015 23:43:53
Running from C:\Users\MinhKhoi\Desktop
Loaded Profiles: MinhKhoi (Available Profiles: MinhKhoi)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Spotify Ltd) C:\Users\MinhKhoi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Spotify Ltd) C:\Users\MinhKhoi\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\MinhKhoi\AppData\Roaming\Spotify\SpotifyCrashService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Spotify Ltd) C:\Users\MinhKhoi\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\MinhKhoi\AppData\Roaming\Spotify\Spotify.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Curse, Inc) C:\Users\MinhKhoi\AppData\Roaming\Curse Client\Bin\Curse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\i@Sky WIC\iatsky.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [IATSKY] => C:\Program Files (x86)\i@Sky WIC\iatsky.exe [335872 2011-07-26] ()
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-10] (Electronic Arts)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Spotify Web Helper] => C:\Users\MinhKhoi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [456576 2015-06-10] (Sony)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Run: [Spotify] => C:\Users\MinhKhoi\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\MountPoints2: {94ce0f5a-0953-11e5-beb8-4c72b9417483} - "K:\Setup.exe" 
Startup: C:\Users\MinhKhoi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-02-23]
ShortcutTarget: Curse.lnk -> C:\Users\MinhKhoi\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-223650244-726234444-1137304623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MBBF361A1-104A-4067-8C8A-E67C4E372659&SearchSource=55&CUI=&UM=5&UP=SP7CF5E081-1CB1-498C-832B-1F9C614AF1C3&SSPV=
HKU\S-1-5-21-223650244-726234444-1137304623-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FB7344AC-CC7C-4AC5-8903-FD6693C64965} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FB7344AC-CC7C-4AC5-8903-FD6693C64965} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-223650244-726234444-1137304623-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-223650244-726234444-1137304623-1001 -> {FB7344AC-CC7C-4AC5-8903-FD6693C64965} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2E05EAAA-047A-4B66-9B46-9A00C5A103F1}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\MinhKhoi\AppData\Roaming\Mozilla\Firefox\Profiles\kaosrq9v.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-06-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-06-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-223650244-726234444-1137304623-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MinhKhoi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-16] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\MinhKhoi\AppData\Roaming\Mozilla\Firefox\Profiles\kaosrq9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-02]

Chrome: 
=======
CHR Profile: C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-02]
CHR Extension: (Google Drive) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-02]
CHR Extension: (YouTube) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-02]
CHR Extension: (Google Search) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-02]
CHR Extension: (Avast SafePrice) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-04]
CHR Extension: (AdBlock) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-15]
CHR Extension: (Avast Online Security) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Dingit Infinite HD App) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnhnfikffkjbdnfallfpgikamegbbag [2015-05-22]
CHR Extension: (Google Wallet) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02]
CHR Extension: (Gmail) - C:\Users\MinhKhoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\MinhKhoi\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-01] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-08] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2015-06-13] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-08] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-10] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-23] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-06-02] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-02] (Disc Soft Ltd)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2015-06-05] (CSR plc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2015-06-13] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-01] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 23:36 - 2015-07-15 23:36 - 00852662 _____ C:\Users\MinhKhoi\Desktop\SecurityCheck.exe
2015-07-15 22:14 - 2015-07-15 22:14 - 00000000 ___SH C:\DkHyperbootSync
2015-07-15 21:53 - 2015-07-15 22:53 - 19198128 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-07-15 21:48 - 2015-07-15 21:48 - 02870984 _____ (ESET) C:\Users\MinhKhoi\Desktop\esetsmartinstaller_deu.exe
2015-07-15 07:31 - 2015-07-15 07:31 - 00000273 _____ C:\Users\MinhKhoi\Desktop\Search.txt
2015-07-15 07:30 - 2015-07-15 23:43 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner (5)
2015-07-14 17:37 - 2015-07-14 17:37 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\ProductData
2015-07-14 17:36 - 2015-07-14 17:36 - 00000000 ____D C:\ProgramData\ProductData
2015-07-14 17:14 - 2015-07-15 23:44 - 00027148 _____ C:\Users\MinhKhoi\Desktop\FRST.txt
2015-07-14 17:11 - 2015-07-14 17:11 - 00002726 _____ C:\Users\MinhKhoi\Desktop\JRT.txt
2015-07-14 16:07 - 2015-07-14 16:07 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-MINH-PC-Windows-8.1-(64-bit).dat
2015-07-14 16:07 - 2015-07-14 16:07 - 00000000 ____D C:\RegBackup
2015-07-14 16:06 - 2015-07-14 16:06 - 03034266 _____ (Malwarebytes Corporation) C:\Users\MinhKhoi\Desktop\JRT.exe
2015-07-14 15:36 - 2015-07-15 21:45 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 15:36 - 2015-07-14 15:36 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-14 15:36 - 2015-07-14 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-14 15:36 - 2015-07-14 15:36 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-14 15:36 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-14 15:36 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-14 15:36 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-14 15:35 - 2015-07-14 15:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\MinhKhoi\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-14 15:27 - 2015-07-14 15:28 - 00000000 ____D C:\AdwCleaner
2015-07-14 15:26 - 2015-07-14 15:26 - 00000000 ____D C:\Users\MinhKhoi\Desktop\das
2015-07-14 15:25 - 2015-07-14 15:25 - 02248704 _____ C:\Users\MinhKhoi\Desktop\AdwCleaner_4.208.exe
2015-07-13 20:26 - 2015-07-14 15:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-13 19:53 - 2015-07-13 19:53 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\MinhKhoi\Downloads\tdsskiller44.exe
2015-07-13 19:25 - 2015-07-13 19:26 - 00056691 _____ C:\Users\MinhKhoi\Downloads\Addition.txt
2015-07-13 19:25 - 2015-07-13 19:26 - 00046222 _____ C:\Users\MinhKhoi\Downloads\FRST.txt
2015-07-13 19:24 - 2015-07-15 23:43 - 00000000 ____D C:\FRST
2015-07-13 19:24 - 2015-07-13 19:24 - 02133504 _____ (Farbar) C:\Users\MinhKhoi\Desktop\FRST64.exe
2015-07-13 18:56 - 2015-07-13 19:04 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-07-13 18:56 - 2015-07-13 19:04 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-07-13 18:52 - 2015-07-13 18:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 18:37 - 2015-07-01 20:50 - 00017448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngiodriver_x64
2015-07-09 23:05 - 2015-07-09 23:05 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\CSO
2015-07-09 23:05 - 2015-07-09 23:05 - 00000000 ____D C:\ProgramData\Nexon
2015-07-09 15:59 - 2015-07-09 15:59 - 00000222 _____ C:\Users\MinhKhoi\Desktop\Counter-Strike Nexon Zombies.url
2015-07-03 22:04 - 2015-07-04 17:09 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner (4)
2015-07-02 17:43 - 2015-07-02 17:43 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\UE BOOM
2015-07-02 17:43 - 2015-07-02 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Ears
2015-07-02 17:43 - 2015-07-02 17:43 - 00000000 ____D C:\Program Files (x86)\UE BOOM Update-Assistent 1.4.52
2015-07-02 17:36 - 2015-07-02 17:36 - 11275208 _____ (Logitech, Inc.) C:\Users\MinhKhoi\Downloads\UEFWUpdate_1.4.52.exe
2015-07-01 20:56 - 2015-07-01 20:56 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-01 20:56 - 2015-07-01 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-01 20:55 - 2015-07-01 20:55 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-07-01 20:55 - 2015-07-01 20:55 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-29 18:34 - 2015-06-29 18:34 - 00000222 _____ C:\Users\MinhKhoi\Desktop\Clicker Heroes.url
2015-06-29 18:34 - 2015-06-29 18:34 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\com.playsaurus.heroclicker
2015-06-28 10:27 - 2015-06-28 10:29 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Minh Khoi
2015-06-24 20:37 - 2015-06-24 20:37 - 04053824 _____ (SEC) C:\Users\MinhKhoi\Downloads\EWS_V3.70.5.0.exe
2015-06-23 19:53 - 2015-06-23 19:53 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Aufgabe 1
2015-06-20 15:20 - 2015-06-20 15:20 - 00000000 ____D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2015-06-20 15:19 - 2015-06-20 15:19 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\hpqLog
2015-06-17 19:49 - 2015-06-17 20:02 - 1073595164 _____ C:\Users\MinhKhoi\Downloads\Spiele_usbstick.zip
2015-06-16 13:35 - 2015-06-16 13:36 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner (3)
2015-06-16 13:35 - 2015-06-16 13:35 - 00000000 ____D C:\Users\MinhKhoi\Desktop\Neuer Ordner (2)
2015-06-16 12:27 - 2015-06-16 12:27 - 00000000 ____D C:\Users\MinhKhoi\Documents\My Games
2015-06-15 19:23 - 2015-06-15 19:23 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2015-06-15 19:22 - 2015-06-15 19:22 - 00002291 _____ C:\Users\Public\Desktop\Samsung Drucker-Diagnose.lnk
2015-06-15 19:16 - 2015-06-15 19:16 - 03439936 _____ C:\Users\MinhKhoi\Downloads\SamsungPrinterInstaller.exe
2015-06-15 18:15 - 2015-06-15 18:15 - 00000222 _____ C:\Users\MinhKhoi\Desktop\Chivalry Medieval Warfare.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 23:41 - 2014-10-22 23:32 - 01390946 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-15 23:41 - 2014-06-02 19:21 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Skype
2015-07-15 23:41 - 2014-06-02 18:46 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\uTorrent
2015-07-15 23:39 - 2015-05-24 13:14 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-07-15 23:39 - 2014-06-02 19:27 - 01474560 ___SH C:\Users\MinhKhoi\Desktop\Thumbs.db
2015-07-15 23:37 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-15 23:36 - 2014-06-02 07:13 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-223650244-726234444-1137304623-1001
2015-07-15 23:26 - 2014-06-02 19:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-15 23:25 - 2014-06-02 19:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 23:09 - 2014-11-08 12:43 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{82CBEA4B-27EC-4DAD-8ED4-3FA6ACCF9DC7}
2015-07-15 23:08 - 2014-06-02 18:33 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-15 23:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-15 22:53 - 2015-01-12 18:53 - 00003860 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-07-15 22:53 - 2015-01-12 18:53 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-15 22:53 - 2015-01-12 18:53 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-15 22:53 - 2015-01-12 18:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-15 22:48 - 2012-07-26 07:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-07-15 22:47 - 2014-06-05 16:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 22:14 - 2014-06-02 18:33 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-15 22:11 - 2014-12-04 22:33 - 00002199 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-07-15 22:10 - 2015-03-11 19:30 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-15 22:08 - 2014-06-02 18:33 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 22:05 - 2015-01-11 19:24 - 00005078 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MINH-PC-MinhKhoi Minh-PC
2015-07-15 22:03 - 2014-06-02 18:33 - 00004106 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 22:03 - 2014-06-02 18:33 - 00003870 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 21:50 - 2014-06-06 22:21 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\TS3Client
2015-07-15 21:50 - 2014-06-02 20:11 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Spotify
2015-07-15 21:45 - 2014-10-23 12:01 - 00000000 ____D C:\Users\MinhKhoi\OneDrive
2015-07-15 21:45 - 2014-06-02 20:12 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Spotify
2015-07-15 21:45 - 2014-06-02 18:41 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-15 21:45 - 2014-06-02 07:09 - 00000000 ____D C:\ProgramData\Origin
2015-07-15 21:43 - 2014-10-22 23:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-15 21:43 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-15 21:41 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-14 16:00 - 2015-02-23 16:17 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Curse Client
2015-07-14 15:58 - 2014-11-12 16:19 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-07-14 15:35 - 2015-01-11 19:27 - 00003850 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1420997251
2015-07-14 15:35 - 2015-01-11 19:27 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-14 15:35 - 2015-01-11 19:27 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-14 15:29 - 2014-07-15 08:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-13 19:45 - 2014-06-01 23:33 - 00000000 _____ C:\Recovery.txt
2015-07-13 19:34 - 2014-09-24 08:17 - 00006740 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-13 19:34 - 2014-09-24 07:43 - 00871112 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-13 19:34 - 2014-09-24 07:43 - 00200794 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-13 19:17 - 2014-11-16 19:39 - 00007690 _____ C:\WINDOWS\system32\--traceoff
2015-07-13 19:17 - 2014-11-16 19:34 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Sony
2015-07-13 19:17 - 2014-09-18 17:18 - 00000000 ____D C:\ProgramData\Sony
2015-07-13 19:17 - 2014-09-18 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-07-13 19:17 - 2014-09-18 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2015-07-13 18:37 - 2014-10-22 23:36 - 00000000 ____D C:\Users\MinhKhoi
2015-07-13 18:36 - 2014-06-04 20:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-13 18:26 - 2015-05-25 10:46 - 00070144 _____ C:\WINDOWS\SysWOW64\tasks.dll
2015-07-10 21:21 - 2015-06-12 22:27 - 00003180 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMinhKhoi
2015-07-10 21:21 - 2015-06-12 22:27 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMinhKhoi.job
2015-07-10 17:28 - 2014-06-02 19:40 - 00228352 ___SH C:\Users\MinhKhoi\Downloads\Thumbs.db
2015-07-10 14:04 - 2014-06-02 07:09 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-09 23:05 - 2014-06-14 17:36 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-09 15:59 - 2014-06-05 18:40 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-09 15:56 - 2014-09-18 17:18 - 00002044 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-07-09 15:56 - 2012-12-06 21:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-06 23:24 - 2014-11-03 18:48 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2014-11-03 18:48 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 10:30 - 2015-01-12 18:52 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Adobe
2015-07-04 09:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-03 08:43 - 2014-06-05 16:19 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-02 22:44 - 2014-06-02 18:40 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-07-01 20:59 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-01 20:55 - 2014-06-02 18:40 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-01 20:55 - 2014-06-02 18:40 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-01 20:54 - 2014-06-02 18:40 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-29 22:41 - 2014-06-02 07:05 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\Packages
2015-06-28 10:36 - 2015-06-10 18:27 - 00000000 ____D C:\Users\MinhKhoi\AppData\Local\.filius
2015-06-24 20:37 - 2015-01-19 22:44 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-06-23 19:52 - 2015-02-16 19:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-20 15:21 - 2012-12-06 21:39 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-06-20 15:20 - 2012-12-06 21:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-06-20 15:20 - 2012-12-06 21:40 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-06-20 15:19 - 2012-08-02 05:15 - 00000000 ____D C:\SWSETUP
2015-06-19 22:28 - 2015-06-12 22:27 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-06-19 21:53 - 2014-06-03 18:40 - 00000099 _____ C:\Users\Public\LMDebug.log
2015-06-15 19:23 - 2015-01-19 22:45 - 00000000 ____D C:\Users\MinhKhoi\AppData\Roaming\Samsung
2015-06-15 19:23 - 2015-01-19 22:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-06-15 19:23 - 2014-06-02 07:09 - 00000000 ____D C:\ProgramData\Samsung
2015-06-15 19:15 - 2015-01-01 00:02 - 00000000 __SHD C:\Users\MinhKhoi\AppData\Local\EmieBrowserModeList
2015-06-15 19:15 - 2014-11-08 12:43 - 00000000 __SHD C:\Users\MinhKhoi\AppData\Local\EmieUserList
2015-06-15 19:15 - 2014-11-08 12:43 - 00000000 __SHD C:\Users\MinhKhoi\AppData\Local\EmieSiteList

==================== Files in the root of some directories =======

2014-06-02 07:07 - 2014-06-02 07:07 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-15 22:36

==================== End of log ============================

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by MinhKhoi at 2015-07-15 23:44:22
Running from C:\Users\MinhKhoi\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-223650244-726234444-1137304623-500 - Administrator - Disabled)
Gast (S-1-5-21-223650244-726234444-1137304623-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-223650244-726234444-1137304623-1003 - Limited - Enabled)
MinhKhoi (S-1-5-21-223650244-726234444-1137304623-1001 - Administrator - Enabled) => C:\Users\MinhKhoi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield™ Hardline-Beta (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Becker Content Manager (HKLM-x32\...\Becker Content Manager) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version:  - )
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
i@Sky WIC (HKLM-x32\...\i@Sky WIC) (Version: 1.1 - iatsky)
i@Sky WIC (x32 Version: 1.1 - iatsky) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.31 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{d1a77557-43bc-4f85-940a-0dcfe57b885a}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.16 - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.51.00(19.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.5.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.31 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Sniper Elite 3 Update 1 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Sniper Elite 3, âåðñèÿ 1.0 (HKLM-x32\...\Sniper Elite 3_is1) (Version: 1.0 - )
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.275 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.275 - Sony)
Spotify (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{5BF68D14-5E8F-4178-9DCC-34194C27DB64}) (Version: 6.1.4.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
UE BOOM Update-Assistent (HKLM-x32\...\{AABC2E40-7BF0-4E24-BB20-DED8905BDFBB}) (Version: 1.4.52 - Logitech, Inc.)
Unity Web Player (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Vivaldi (HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\Vivaldi) (Version: 1.0.94.2 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
XSplit Broadcaster (HKLM-x32\...\{31D17C3E-3D43-4C0E-B816-6730706AC390}) (Version: 2.1.1501.0626 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-07-2015 19:16:17 Removed Vegas Pro 13.0 (64-bit)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13FC0A5E-77AF-4A14-99CC-2E21119F318E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2BEE2B7F-82D3-4E0B-8D69-3642985BDAFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2F5DDD9F-2578-442C-9874-4C0283EC9987} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {5F84FCB5-AA94-432B-BAA8-055E8EFD45E8} - System32\Tasks\Opera scheduled Autoupdate 1420997251 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {6436E179-19C9-4FF9-9453-9B19FD9C7585} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {678C23DD-26CB-4810-8113-BD5795C0B40C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {86D17DFD-61A6-4DDE-82FC-81C4DD03945E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MINH-PC-MinhKhoi Minh-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {924B4A54-6FC2-4332-8B76-444857BA672B} - System32\Tasks\HPCeeScheduleForMinhKhoi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {96C1A14E-417C-488A-A262-CD2E7CEA58DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {9A87B413-7AEA-4555-9064-0251D9E99FC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: {9CC51698-5446-4271-BDB1-78410B510B99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE5FB5AE-CC24-42CF-98D5-E0B666E02B2D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B224E761-10D3-4216-8AD6-1E4F10D36700} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {B8B7402A-5EEE-45BA-B602-F2821FE80774} - System32\Tasks\ASC8_SkipUac_MinhKhoi => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit)
Task: {CF3B0B99-A334-4842-9FA3-95EB91E1D657} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {CFDCBE09-532A-4ECF-B6B6-6B4702DBE003} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {DA3A5AC1-8096-4D77-95C2-EEF0C489BA5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: {E734DBE6-1A39-4352-A695-E649BE7D0FEA} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-10] (IObit)
Task: {EB51E74A-9A8E-496B-9897-B3D56572726B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {EDD3644B-F3D2-4A72-9293-48CAE43E0D6C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_MinhKhoi.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMinhKhoi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-10-22 23:32 - 2014-12-13 10:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2015-01-19 22:44 - 2014-04-16 10:22 - 00029184 _____ () C:\WINDOWS\System32\usp01l.dll
2014-06-02 17:23 - 2015-02-03 12:54 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-12-04 22:33 - 2014-07-11 17:04 - 01106720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-09-18 17:18 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2011-07-26 00:25 - 2011-07-26 00:25 - 00335872 _____ () C:\Program Files (x86)\i@Sky WIC\iatsky.exe
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-23 11:58 - 2014-10-23 11:58 - 00120224 _____ () C:\Users\MinhKhoi\AppData\Local\assembly\dl3\JNBN5L2Y.8X8\HOMPJTMT.3KQ\0b0d9b97\0017145d_cd85cd01\HPItunesModule.DLL
2014-12-04 22:33 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-07-01 20:55 - 2015-07-01 20:55 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 20:55 - 2015-07-01 20:55 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-14 15:29 - 2015-07-14 15:29 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071400\algo.dll
2015-07-15 21:43 - 2015-07-15 21:43 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071501\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-04 22:33 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2014-12-04 22:33 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2014-12-04 22:33 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-12-04 22:33 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
2015-05-25 12:29 - 2015-05-08 02:36 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-06-02 07:10 - 2015-07-10 14:03 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-06-02 07:10 - 2015-07-10 14:02 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-09-18 17:18 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-09-18 17:18 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2015-07-09 15:56 - 2015-06-18 10:42 - 00911360 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\deviceupdate_dll.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-09-18 17:18 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-09-18 17:18 - 2015-04-21 13:22 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2014-07-09 16:35 - 2014-07-09 16:35 - 00644096 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2014-12-04 22:33 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-03-12 17:34 - 2015-07-14 15:19 - 41287224 _____ () C:\Users\MinhKhoi\AppData\Roaming\Spotify\libcef.dll
2012-12-06 21:46 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-12 17:34 - 2015-07-14 15:19 - 01488440 _____ () C:\Users\MinhKhoi\AppData\Roaming\Spotify\libglesv2.dll
2015-03-12 17:34 - 2015-07-14 15:19 - 00079928 _____ () C:\Users\MinhKhoi\AppData\Roaming\Spotify\libegl.dll
2015-03-12 17:34 - 2015-03-21 13:00 - 09305656 _____ () C:\Users\MinhKhoi\AppData\Roaming\Spotify\pdf.dll
2015-07-01 20:55 - 2015-07-01 20:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-20 22:23 - 2015-06-23 19:57 - 00393608 _____ () C:\Users\MinhKhoi\AppData\Roaming\Curse Client\Bin\opus.dll
2015-01-20 22:23 - 2015-06-23 19:57 - 00443272 _____ () C:\Users\MinhKhoi\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2015-06-13 12:26 - 2015-06-13 12:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\MinhKhoi\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-223650244-726234444-1137304623-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-223650244-726234444-1137304623-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1680x1050.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{7A7D6ADD-900A-4A83-9E26-504A09BEDE48}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{773CB243-6C14-4237-8EA8-2061C580B8B4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{433E6DD7-29F6-4B36-A99D-543368CF22D6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{57F0425F-7B66-4949-92C8-767D90E5567F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{02250601-7341-463D-9439-EE7081CC85B1}C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DDF7BB31-62B2-4E81-A178-2200573CCD4A}C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\minhkhoi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E8559618-DDA3-48BD-8651-F1CBC747CFC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8805F573-0346-4BF5-BD5F-648CF773DFAE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{1886400D-18D5-4EAB-A31F-626C96116FFE}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{F981EF4D-8660-4EA0-A78F-6BAD51E480D0}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{BFCAA31A-CDEC-4834-8128-C416960EA199}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{81DFEA9E-BFCA-4BFF-8AD1-F5075383C508}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4049ED6C-DE36-4DBC-AA25-7BA96D4E1876}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5D325734-8A3F-4BD1-8CF7-DD54BFDB43B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{3F65BB43-B56D-4FDB-8415-C4A8A2822C1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{28F20239-B6C9-46EE-BA48-9A8A50A63A57}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{516D568E-3FFC-4EC3-AB8D-9D7029B83377}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DF03D1EF-4EA1-48CC-875B-5E02376FF8BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CD1FC98B-0B99-4735-BA5B-C53F39BE4CC3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{62844338-5B34-42FD-B36A-E6A5443474E4}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta 2\bfh.exe
FirewallRules: [{CCB44AC7-675A-4DEF-8B1B-E1F0485EA4AA}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta 2\bfh.exe
FirewallRules: [{B7A47422-9BB4-4EBC-958F-B5A27A20C562}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{003E2F54-A7A9-490B-A6C5-DB166FABF59D}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{DA7E3E18-F917-495D-857D-CA8DF668B9A6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{14B616F0-3478-4B12-A599-FC6E03438BA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F2A41379-1B4B-4A79-B357-0698CEE0B608}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{591E0038-3FAB-4582-8425-BABB55FBFAEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0A9731EF-C5AC-4098-81BB-424567CED144}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{8642CBE5-6545-4C34-851E-A83B89CAB5DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [TCP Query User{98B1F03D-DF40-4D3C-8D5B-4E990218407C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FD540336-BAB4-47A8-B8FA-BD7D976D71C5}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8DBF38E5-3BA9-4E4B-AFEA-830678BF59FF}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{076642CF-4833-4CBC-ACAC-8767D462F064}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{363F5705-411A-44C6-BDC5-342311776355}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0922780B-238A-44FC-A655-E6E1DD7A64F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{28EBE219-6C31-4BF1-BC1A-85DAC47B4672}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{588BDD01-5B63-413C-8817-79581C5FFC32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4BBE19D7-5F83-41B7-8782-6E9B4D607AE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EE8159B6-42A5-4B18-81A0-659A57325746}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9D89B260-7381-43BB-BCA5-051D08978CC7}] => (Allow) C:\Users\MinhKhoi\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{B1C3ECEC-D176-4B4B-84A6-997B96E8414A}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{67A4BF5B-9E4A-417F-A072-8CB4935CF3CA}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{1130CE51-8083-4267-88FD-69392BCFDF08}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0984A374-9A6B-46BD-9B69-B72FAB6802B6}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CA8E481F-2A6A-44F2-880C-4CF0120969F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF978C71-5257-4338-BCEA-36DBF01359BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BA64512D-51DD-4098-A425-CE87219F95FA}C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EA8B88BE-370B-4F18-A9F5-582357B26949}C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\minhkhoi\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{19747B52-B76F-4E12-975C-B71A49CDBD38}] => (Allow) C:\Users\MinhKhoi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39B2900E-1017-4F20-A557-BE1CF125BD72}] => (Allow) C:\Users\MinhKhoi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{79AD3780-D016-4DE3-BCA9-4A201A9DFE1E}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CED9E320-09E7-43EB-B161-BF71DC537E3B}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{19CDE7AD-EABF-4CAF-9CC5-9010E1D35037}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{17D7B367-B84E-404B-98FD-DCF9D92FB9DC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{C0C41909-9CE3-4E87-8EA9-C10E603A8D15}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{863B2E4B-6962-4557-8AD2-8C9708722756}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{CC32ABBA-00DA-49A0-9906-CB34F043D0EB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{7303E58F-FFE2-49F6-A3CE-5E47D002BB0A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{F4910809-D151-4EDE-A42D-238B02472087}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{FD5FD801-B03D-4134-905A-CE9DF6EB97E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{FDEBC6CA-7F52-4B22-BDF7-AA4E99B66C82}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{ADCE0AD2-2B61-4B39-8137-F314B91519DA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{FC0427FC-6017-41ED-96C7-0B7A78F0521F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{776C66B7-6C7B-4CC6-83D0-AE12738104A2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{87E4C87D-C252-4A99-AF08-1EA071006708}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{F7A6C1BB-A0C2-4673-BA43-F2BD7316C10C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{D66E9D1A-04F5-4B38-9B9D-0DAC13EA607E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{E7E9E9E9-B05F-4852-B6CF-615B1B7C0E9C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{80630561-C02A-4DEC-96D9-62B74BEC293E}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{190A0855-4BA7-42DA-8523-4994FD7A2382}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{BF22EA54-50F7-4C9F-BB72-B94FF29F7966}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{DC27268D-BAB9-4618-B078-B262E5BEFA3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{3712F910-E454-4D15-A9A7-1A0F60046788}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{3913369C-C9ED-4E1B-8ECC-712D3A0A245B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{3A8C2991-0935-4068-9DFF-55EB585DBF80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{53B65118-F224-487C-B25C-47839D9349C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{159AD28B-BE4F-433B-A8C3-7341F7CFAC67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{D6605F0A-B7AD-4F0D-8AC6-C5784F83E3C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{4A124292-B503-483A-80BC-49F9E632472B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{5FED9969-6B47-4D55-B4AC-74D361C73E6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{63B4948E-55DC-4082-BF52-26D944DB6CB3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A9A1D139-D900-4AFB-8356-7D306407FC9F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5FD86DAA-5085-4B3A-91C4-ACFE0B4B284C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{ABD6E88E-CF03-4E4C-8298-5D764C2C1A90}] => (Allow) LPort=53000
FirewallRules: [{CDFEE538-56D5-4D18-BCD9-6159BD56C664}] => (Allow) LPort=52000
FirewallRules: [{506B5FDA-D660-417F-8E45-33C52997CE74}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2015 11:43:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/15/2015 11:43:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/15/2015 11:43:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/15/2015 11:43:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/15/2015 11:42:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/15/2015 11:42:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/15/2015 11:42:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/15/2015 11:42:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/15/2015 11:39:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/15/2015 11:39:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat


System errors:
=============
Error: (07/15/2015 11:32:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: microsoft.windowscommunicationsapps

Error: (07/15/2015 11:32:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.BingFinance

Error: (07/15/2015 11:32:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: AD2F1837.GettingStartedwithWindows8

Error: (07/15/2015 11:32:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8000000e fehlgeschlagen: Microsoft.WindowsScan

Error: (07/15/2015 11:31:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8000000e fehlgeschlagen: eBayInc.eBay

Error: (07/15/2015 11:31:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8000000e fehlgeschlagen: Microsoft.HelpAndTips

Error: (07/15/2015 11:31:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8000000e fehlgeschlagen: Microsoft.WindowsSoundRecorder

Error: (07/15/2015 11:31:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8000000e fehlgeschlagen: Microsoft.Reader

Error: (07/15/2015 11:31:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: AMZNMobileLLC.KindleforWindows8

Error: (07/15/2015 11:31:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.BingSports


Microsoft Office:
=========================
Error: (07/15/2015 11:43:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/15/2015 11:43:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/15/2015 11:43:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/15/2015 11:43:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/15/2015 11:42:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/15/2015 11:42:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/15/2015 11:42:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/15/2015 11:42:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (07/15/2015 11:39:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (07/15/2015 11:39:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\MinhKhoi\AppData\Local\Microsoft\Windows\\UsrClass.dat


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 12227.56 MB
Available physical RAM: 8594.32 MB
Total Virtual: 12851.56 MB
Available Virtual: 8122.53 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.01 GB) (Free:633.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.25 GB) (Free:1.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 93A3E1D4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: FF9F03C9)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

==================== End of log ============================

--- --- ---

Der Chrome Fehler scheint behoben worden zu sein. Dafür bedanke ich mich sehr herzlich !

Was kann ich tun um zukünftig solche Infenktionen zu verhindern? Wer weiß, vielleicht sind momentan noch andere Viren auf dem Computer.

Mfg

Pretok

M-K-D-B · 16.07.2015, 14:32

Zitat:

CHIP-Installer.exe

Bitte keinen Chip-Installer mehr verwenden! Bitte lesen: CHIP-Installer – was ist das?

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Users\MinhKhoi\AppData\Roaming\uTorrent\updates\3.4.2_31515.exe
C:\Users\MinhKhoi\Downloads\*CHIP-Installer*.exe
C:\Users\MinhKhoi\Downloads\uTorrent_v.3.4.2_31515.exe
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Avast	MSE

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Pretok · 16.07.2015, 15:45

Hallo

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by MinhKhoi at 2015-07-16 16:38:59 Run:2
Running from C:\Users\MinhKhoi\Desktop
Loaded Profiles: MinhKhoi (Available Profiles: MinhKhoi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
C:\Users\MinhKhoi\AppData\Roaming\uTorrent\updates\3.4.2_31515.exe
C:\Users\MinhKhoi\Downloads\*CHIP-Installer*.exe
C:\Users\MinhKhoi\Downloads\uTorrent_v.3.4.2_31515.exe
EmptyTemp:
end
        
*****************

Processes closed successfully.
C:\Users\MinhKhoi\AppData\Roaming\uTorrent\updates\3.4.2_31515.exe => moved successfully.
C:\Users\MinhKhoi\Downloads\*CHIP-Installer*.exe => moved successfully.
C:\Users\MinhKhoi\Downloads\uTorrent_v.3.4.2_31515.exe => moved successfully.
EmptyTemp: => 434.3 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 16:39:13 ====

Ich bedanke mich sehr für Ihre Hilfe! Ohne Sie hätte ich die Bereinigung nicht durchführen können. Eine kleine Spende ist unterwegs

Mfg

Pretok

Chrome öffnet sich automatisch, kommt Werbung (adnxs)

Plagegeister aller Art und deren Bekämpfung: Chrome öffnet sich automatisch, kommt Werbung (adnxs)