Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt.

Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt.


Plagegeister aller Art und deren Bekämpfung: Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.02.2015, 21:32   #1
Taba
 
Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt. - Standard

Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt.


Hallo!
Der aktuelle Scan mit Malwarebytes free hat unerwartet obigen Fund angezeigt.
Ist das was ernsteres oder reicht die Verschiebung in die Quarantäne aus?
Hab auch ein Frst angefügt.





Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.02.2015
Suchlauf-Zeit: 18:33:19
Logdatei: 
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.16.06
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Tanja

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333577
Verstrichene Zeit: 28 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 1
PUP.Optional.DownloadSponsor, C:\Users\Tanja\Downloads\OpenOffice - CHIP-Installer.exe, In Quarantäne, [ca482eec4446a78f83c639e94db5f808], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Tanja (administrator) on KLEINER-BRAUNER on 16-02-2015 20:59:46
Running from C:\Users\Tanja\Desktop
Loaded Profiles: Tanja (Available profiles: Tanja)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Pokki) C:\Users\Tanja\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Pokki) C:\Users\Tanja\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Tanja\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Tanja\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-10-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-31] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-3675281207-1986036961-921149586-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3675281207-1986036961-921149586-1002\...\Run: [Google Update] => C:\Users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-10-10] (Google Inc.)
HKU\S-1-5-21-3675281207-1986036961-921149586-1002\...\Run: [Google+ Auto Backup] => C:\Users\Tanja\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
HKU\S-1-5-21-3675281207-1986036961-921149586-1002\...\MountPoints2: {02cfff4a-8562-11e4-8277-0071cc6651fe} - "F:\Menu.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-3675281207-1986036961-921149586-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-3675281207-1986036961-921149586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> {C2A773DB-72E7-4647-B45D-3F161F206DFC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {C2A773DB-72E7-4647-B45D-3F161F206DFC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3675281207-1986036961-921149586-1002 -> {C2A773DB-72E7-4647-B45D-3F161F206DFC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3675281207-1986036961-921149586-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Tanja\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3675281207-1986036961-921149586-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Tanja\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-03]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.searchnu.com/413
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=1I7GPEA_deDE320
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google*Übersetzer) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-10-10]
CHR Extension: (Google Präsentationen) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-10]
CHR Extension: (Google Docs) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-10]
CHR Extension: (Google Drive) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-10]
CHR Extension: (WOT) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-10]
CHR Extension: (YouTube) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-10]
CHR Extension: (Google-Suche) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-10]
CHR Extension: (Google Tabellen) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-10]
CHR Extension: (Avast Online Security) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-03]
CHR Extension: (Erweiterung \) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR Extension: (Google Mail) - C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-15] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-03] (AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-01] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-10-15] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-25] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-25] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-21] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
U0 kffoi; C:\Windows\System32\drivers\roku.sys [79064 2015-02-16] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-16] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-06] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3379416 2014-03-22] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-10-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\swsetup\sp69846\amifldrv64.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 20:59 - 2015-02-16 21:00 - 00018334 _____ () C:\Users\Tanja\Desktop\FRST.txt
2015-02-16 20:58 - 2015-02-16 20:59 - 00000000 ____D () C:\FRST
2015-02-16 19:22 - 2015-02-16 19:22 - 02085888 _____ (Farbar) C:\Users\Tanja\Desktop\FRST64.exe
2015-02-16 19:14 - 2015-02-16 19:14 - 00001432 _____ () C:\malware.Xml
2015-02-16 19:05 - 2015-02-16 19:05 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\roku.sys
2015-02-16 19:05 - 2015-02-16 19:05 - 00000049 _____ () C:\malware.txt
2015-02-13 17:36 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-13 17:36 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-13 17:36 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-13 17:36 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-13 17:36 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-13 17:36 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-13 17:36 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 17:36 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-13 17:36 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-13 17:35 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-13 17:35 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-13 17:35 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-13 17:35 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-13 17:35 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 17:35 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-13 17:35 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-13 17:35 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-13 17:35 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-13 17:35 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-13 17:35 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-13 17:35 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 17:35 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-13 17:35 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-13 17:35 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-13 17:35 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-13 17:35 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-13 17:35 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-13 17:35 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-13 17:35 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-13 17:35 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-13 17:35 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-13 17:35 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-13 17:35 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-13 17:35 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-13 17:35 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-13 17:35 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-13 17:35 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-13 17:35 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-13 17:35 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 17:35 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-13 17:35 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-13 17:35 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-13 17:35 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-13 17:35 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-13 17:35 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-13 17:35 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-13 17:35 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-13 17:35 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-13 17:35 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-13 17:35 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-13 17:35 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-13 17:35 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-13 17:35 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-13 17:35 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-13 17:35 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-13 17:35 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-13 17:35 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-13 17:35 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-13 17:35 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-13 17:35 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-13 17:35 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-13 17:35 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-13 17:34 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-04 17:41 - 2015-02-13 17:41 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTanja
2015-02-04 17:41 - 2015-02-13 17:41 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForTanja.job
2015-02-01 15:17 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-02-01 15:17 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-02-01 14:10 - 2015-02-01 14:10 - 13087456 _____ (Microsoft Corporation) C:\Users\Tanja\Downloads\Silverlight_x64.exe
2015-02-01 14:10 - 2015-02-01 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-01 14:10 - 2015-02-01 14:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-01 14:10 - 2015-02-01 14:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-01 00:14 - 2015-02-01 00:14 - 00000000 __SHD () C:\Users\Tanja\AppData\Local\EmieBrowserModeList
2015-01-31 22:12 - 2015-01-31 22:12 - 00000017 _____ () C:\Users\Tanja\AppData\Local\resmon.resmoncfg
2015-01-25 03:10 - 2015-01-25 03:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-25 03:10 - 2015-01-25 03:10 - 00000000 ____D () C:\Program Files\7-Zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-16 20:39 - 2014-10-10 16:16 - 01138971 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 20:22 - 2014-10-10 17:57 - 00001152 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675281207-1986036961-921149586-1002UA.job
2015-02-16 20:21 - 2014-10-10 17:00 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 19:22 - 2014-10-10 17:57 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675281207-1986036961-921149586-1002Core.job
2015-02-16 19:21 - 2014-10-10 17:00 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 19:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
2015-02-16 18:58 - 2014-10-10 16:37 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3675281207-1986036961-921149586-1002
2015-02-16 18:31 - 2014-10-10 17:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 17:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-16 17:53 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-16 17:47 - 2014-10-10 16:33 - 00000000 ____D () C:\Users\Tanja\Documents\Youcam
2015-02-16 17:47 - 2014-10-10 16:30 - 00000000 ____D () C:\Users\Tanja\AppData\Local\Pokki
2015-02-16 17:46 - 2014-10-10 16:35 - 00000000 ___DO () C:\Users\Tanja\OneDrive
2015-02-13 21:05 - 2014-10-11 21:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-13 21:04 - 2014-10-10 16:33 - 00000000 ____D () C:\Users\Tanja\AppData\Local\CyberLink
2015-02-13 21:04 - 2014-05-12 12:20 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-13 21:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-13 21:02 - 2014-05-12 12:10 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-02-13 21:01 - 2014-05-12 12:10 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-13 20:58 - 2013-09-01 04:49 - 00000000 ____D () C:\SWSetup
2015-02-13 20:14 - 2014-04-22 00:14 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2015-02-13 20:14 - 2014-04-22 00:14 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2015-02-13 20:14 - 2013-08-26 07:09 - 01921090 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 20:09 - 2014-05-12 12:05 - 01589438 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-02-13 20:08 - 2013-08-22 15:46 - 00031695 _____ () C:\Windows\setupact.log
2015-02-13 20:08 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 20:08 - 2013-08-22 15:44 - 00377488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 20:06 - 2014-05-12 11:50 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-13 20:06 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-13 20:04 - 2014-05-12 11:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 20:14 - 2014-11-04 11:47 - 00000000 ____D () C:\Users\Tanja\Documents\Renate
2015-02-09 19:24 - 2014-10-10 17:03 - 00002162 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-09 19:17 - 2014-10-10 17:57 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3675281207-1986036961-921149586-1002UA
2015-02-09 19:17 - 2014-10-10 17:57 - 00003718 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3675281207-1986036961-921149586-1002Core
2015-02-09 19:16 - 2014-10-10 17:00 - 00004122 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 19:16 - 2014-10-10 17:00 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-09 19:08 - 2014-10-11 21:17 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-09 19:01 - 2014-10-10 18:46 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-03 20:31 - 2014-10-15 15:14 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-10-15 15:14 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 15:56 - 2013-08-26 07:01 - 00332020 _____ () C:\Windows\PFRO.log
2015-01-31 21:18 - 2014-12-31 02:00 - 00000000 ____D () C:\Users\Tanja\AppData\Roaming\Dropbox
2015-01-31 17:58 - 2014-12-31 02:45 - 00000000 ___RD () C:\Users\Tanja\Dropbox
2015-01-31 17:55 - 2014-10-10 16:30 - 00000000 ____D () C:\Users\Tanja
2015-01-31 17:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\WinMetadata
2015-01-31 17:52 - 2015-01-03 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-31 17:52 - 2014-10-10 16:32 - 00000000 ____D () C:\Users\Tanja\AppData\Local\Hewlett-Packard
2015-01-31 17:52 - 2014-04-21 16:37 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-01-31 17:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-31 17:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-31 17:52 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-01-31 17:38 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\registration
2015-01-31 15:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-27 15:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-20 17:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI(25)
2015-01-20 17:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI(17)
2015-01-20 17:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI(16)
2015-01-20 16:29 - 2014-10-15 13:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-20 16:19 - 2014-10-15 13:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-01-31 22:12 - 2015-01-31 22:12 - 0000017 _____ () C:\Users\Tanja\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Tanja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoffr1e.dll
C:\Users\Tanja\AppData\Local\Temp\Extract.exe
C:\Users\Tanja\AppData\Local\Temp\oct4062.tmp.exe
C:\Users\Tanja\AppData\Local\Temp\oct4CF2.tmp.exe
C:\Users\Tanja\AppData\Local\Temp\oct71DE.tmp.exe
C:\Users\Tanja\AppData\Local\Temp\oct93B9.tmp.exe
C:\Users\Tanja\AppData\Local\Temp\octE223.tmp.exe
C:\Users\Tanja\AppData\Local\Temp\SP67743.exe
C:\Users\Tanja\AppData\Local\Temp\SP68864.exe
C:\Users\Tanja\AppData\Local\Temp\SP69404.exe
C:\Users\Tanja\AppData\Local\Temp\SP69846.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 20:41

==================== End Of Log ============================
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Tanja at 2015-02-16 21:01:12
Running from C:\Users\Tanja\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C3E5B3AF-12F2-9E42-B493-9490DC745953}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP630 series Benutzerregistrierung (HKLM-x32\...\Canon MP630 series Benutzerregistrierung) (Version:  - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3906 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes de-DE (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF07-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-3675281207-1986036961-921149586-1002\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Host App Service (HKU\S-1-5-21-3675281207-1986036961-921149586-1002\...\Pokki) (Version: 0.269.5.375 - Pokki)
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.08 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Inst5675 (Version: 8.01.08 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.08 - Softex Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.6 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Start Menu (HKU\S-1-5-21-3675281207-1986036961-921149586-1002\...\Pokki_Start_Menu) (Version: 0.269.5.375 - Pokki)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3675281207-1986036961-921149586-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tanja\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3675281207-1986036961-921149586-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tanja\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3675281207-1986036961-921149586-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tanja\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3675281207-1986036961-921149586-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tanja\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3675281207-1986036961-921149586-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tanja\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3675281207-1986036961-921149586-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tanja\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

30-01-2015 18:18:10 Windows Update
31-01-2015 16:11:19 Removed Microsoft Silverlight
31-01-2015 16:18:47 Removed Microsoft Silverlight
31-01-2015 16:29:22 Wiederherstellungsvorgang
13-02-2015 18:32:35 Windows Update
13-02-2015 20:32:13 HPSF Applying updates

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2595D899-3540-46DF-9B78-8F72E3C1BB4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {27CE92B6-DDAD-4784-905E-A7E067E91A8C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {3C19B21A-CF9E-4DB6-99E3-D9FBDD193633} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {42717073-F128-4676-A7ED-B1CE8072EF46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4D56E076-34C7-4D1F-887D-C31F86C81B48} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-03] (AVAST Software)
Task: {5F803A8A-105C-4A00-9A06-26F7271C8ECF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {736C460B-8ED4-4744-98E1-0F8A2F873BBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2014-01-13] (Hewlett-Packard Company)
Task: {77447F39-7701-4128-853B-036E9DCD8501} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {895C3495-4384-46AF-B203-BB8115A72F60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3675281207-1986036961-921149586-1002UA => C:\Users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {9B72570B-018C-46A4-88FF-D68E9BF064DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {C41B192C-9FAD-4DCA-AF36-B7CF80D9CE59} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {CF66F586-3B19-4D54-B583-D7F1EC123BA4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3675281207-1986036961-921149586-1002Core => C:\Users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {DB521133-489B-4A99-A410-5B9C9742ED2E} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {F8F9B3EE-B3F6-4509-BEE7-78A18EDF7682} - System32\Tasks\HPCeeScheduleForTanja => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {FC7699EF-AC89-4BE6-BCF6-757E97EF8EB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {FFF67451-CD33-44AE-A019-49AE0A1C1A0D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675281207-1986036961-921149586-1002Core.job => C:\Users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675281207-1986036961-921149586-1002UA.job => C:\Users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTanja.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-01 17:38 - 2014-03-01 17:38 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-01 17:34 - 2014-03-01 17:34 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-01 17:34 - 2014-03-01 17:34 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-01 17:34 - 2014-03-01 17:34 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-01 17:52 - 2014-03-01 17:52 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-01 17:52 - 2014-03-01 17:52 - 00712592 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-03-15 01:21 - 2014-03-15 01:21 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-03-15 01:20 - 2014-03-15 01:20 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-05-12 11:59 - 2014-03-05 17:09 - 00088064 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-10-10 18:46 - 2008-01-22 09:35 - 00103808 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-03-01 17:41 - 2014-03-01 17:41 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-02-13 17:12 - 2015-02-13 17:12 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021300\algo.dll
2015-02-13 20:09 - 2015-02-13 20:09 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021301\algo.dll
2015-02-16 20:41 - 2015-02-16 20:41 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021600\algo.dll
2014-05-12 12:26 - 2013-02-01 10:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2014-05-12 12:26 - 2013-02-01 10:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2014-05-12 12:27 - 2013-02-01 10:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2014-05-12 12:27 - 2013-02-01 10:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2014-05-12 12:27 - 2013-02-01 10:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2014-05-12 12:26 - 2013-02-01 10:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2014-05-12 12:27 - 2013-02-01 10:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2015-01-03 21:29 - 2015-01-03 21:29 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 00569856 _____ () C:\Users\Tanja\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 01400846 _____ () C:\Users\Tanja\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 00151054 _____ () C:\Users\Tanja\AppData\Local\Pokki\Engine\avutil-51.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 00222734 _____ () C:\Users\Tanja\AppData\Local\Pokki\Engine\avformat-54.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:10894A2E
AlternateDataStreams: C:\Users\Tanja\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Tanja\Documents\schreiben an vinnen 6.1.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3675281207-1986036961-921149586-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"
HKU\S-1-5-21-3675281207-1986036961-921149586-1002\...\StartupApproved\Run: => "Google+ Auto Backup"

==================== Accounts: =============================

Administrator (S-1-5-21-3675281207-1986036961-921149586-500 - Administrator - Disabled)
Gast (S-1-5-21-3675281207-1986036961-921149586-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3675281207-1986036961-921149586-1004 - Limited - Enabled)
Tanja (S-1-5-21-3675281207-1986036961-921149586-1002 - Administrator - Enabled) => C:\Users\Tanja

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2015 09:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12796

Error: (02/13/2015 09:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12796

Error: (02/13/2015 09:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/13/2015 09:00:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PowerDVD12.exe, Version: 12.0.4.4223, Zeitstempel: 0x53a7e1e8
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00041257
ID des fehlerhaften Prozesses: 0x928
Startzeit der fehlerhaften Anwendung: 0xPowerDVD12.exe0
Pfad der fehlerhaften Anwendung: PowerDVD12.exe1
Pfad des fehlerhaften Moduls: PowerDVD12.exe2
Berichtskennung: PowerDVD12.exe3
Vollständiger Name des fehlerhaften Pakets: PowerDVD12.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PowerDVD12.exe5

Error: (02/13/2015 08:04:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vcredist_x64.exe, Version: 11.0.61030.0, Zeitstempel: 0x5213face
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001d4f1
ID des fehlerhaften Prozesses: 0x1330
Startzeit der fehlerhaften Anwendung: 0xvcredist_x64.exe0
Pfad der fehlerhaften Anwendung: vcredist_x64.exe1
Pfad des fehlerhaften Moduls: vcredist_x64.exe2
Berichtskennung: vcredist_x64.exe3
Vollständiger Name des fehlerhaften Pakets: vcredist_x64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vcredist_x64.exe5

Error: (02/13/2015 08:04:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vcredist_x64.exe, Version: 11.0.61030.0, Zeitstempel: 0x5213face
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001d4f1
ID des fehlerhaften Prozesses: 0x15c0
Startzeit der fehlerhaften Anwendung: 0xvcredist_x64.exe0
Pfad der fehlerhaften Anwendung: vcredist_x64.exe1
Pfad des fehlerhaften Moduls: vcredist_x64.exe2
Berichtskennung: vcredist_x64.exe3
Vollständiger Name des fehlerhaften Pakets: vcredist_x64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vcredist_x64.exe5

Error: (02/06/2015 05:48:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm glcnd.exe, Version 6.3.9600.17499 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13d0

Startzeit: 01d0422c07435123

Endzeit: 15

Anwendungspfad: C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe

Berichts-ID: 000f0729-ae20-11e4-8286-0071cc6651fe

Vollständiger Name des fehlerhaften Pakets: Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Reader

Error: (01/31/2015 09:00:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (01/31/2015 09:00:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (01/31/2015 06:00:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1764) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -539 auf.


System errors:
=============
Error: (02/13/2015 09:15:35 PM) (Source: DCOM) (EventID: 10010) (User: KLEINER-BRAUNER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/13/2015 09:15:35 PM) (Source: DCOM) (EventID: 10010) (User: KLEINER-BRAUNER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/13/2015 08:04:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual C++ 2012 Update 4 Redistributable Package (KB3032622)

Error: (02/13/2015 05:17:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (02/13/2015 05:11:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎09.‎02.‎2015 um 20:58:08 unerwartet heruntergefahren.

Error: (02/13/2015 05:10:39 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841129744

Error: (02/09/2015 06:57:33 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841130432

Error: (02/09/2015 06:58:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎02.‎2015 um 17:47:00 unerwartet heruntergefahren.

Error: (02/01/2015 00:12:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (01/31/2015 04:32:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062


Microsoft Office Sessions:
=========================
Error: (02/13/2015 09:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12796

Error: (02/13/2015 09:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12796

Error: (02/13/2015 09:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/13/2015 09:00:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PowerDVD12.exe12.0.4.422353a7e1e8ntdll.dll6.3.9600.1763054b0d74fc00000050004125792801d047c7b7d25c9bc:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exeC:\Windows\SYSTEM32\ntdll.dllf7ead426-b3ba-11e4-8289-0071cc6651fe

Error: (02/13/2015 08:04:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vcredist_x64.exe11.0.61030.05213facentdll.dll6.3.9600.1727853eeb4a3c00000050001d4f1133001d047bfe5eb6d72C:\Windows\SoftwareDistribution\Download\Install\vcredist_x64.exeC:\Windows\SYSTEM32\ntdll.dll2fc4061a-b3b3-11e4-8288-0071cc6651fe

Error: (02/13/2015 08:04:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vcredist_x64.exe11.0.61030.05213facentdll.dll6.3.9600.1727853eeb4a3c00000050001d4f115c001d047bfe6676887C:\Windows\SoftwareDistribution\Download\Install\vcredist_x64.exeC:\Windows\SYSTEM32\ntdll.dll2f96ba01-b3b3-11e4-8288-0071cc6651fe

Error: (02/06/2015 05:48:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: glcnd.exe6.3.9600.1749913d001d0422c0743512315C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe000f0729-ae20-11e4-8286-0071cc6651feMicrosoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbweMicrosoft.Reader

Error: (01/31/2015 09:00:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Tanja\AppData\Local\Pokki\Engine\HostAppService.exe

Error: (01/31/2015 09:00:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Tanja\AppData\Local\Pokki\Engine\HostAppService.exe

Error: (01/31/2015 06:00:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost1764SRUJet: -539


==================== Memory info =========================== 

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 39%
Total physical RAM: 3519.55 MB
Available physical RAM: 2123.38 MB
Total Pagefile: 4159.55 MB
Available Pagefile: 2081.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:442.41 GB) (Free:398.44 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.33 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 55152BDD)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Themen zu Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt.
.dll, adware, antivirus, avast, bonjour, browser, canon, defender, explorer, google, homepage, malwarebytes, microsoft, programm, realtek, registry, scan, schutz, security, services.exe, software, svchost.exe, wallpaper, warnung, windows, windowsapps, winlogon.exe


« Bundespolizei Meldung | Internet auf einmal langsam, hohe Pingzeiten, Verbindungsabbrüche »


Ähnliche Themen: Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt.


  1. Avast Free Antivirus URL:Mal ständige Meldung beim Surfen
    Log-Analyse und Auswertung - 04.08.2015 (14)
  2. PUP.Optional.APNToolBar.Gen und PUP.Optional.AskAPN.Gen von Malwarebytes gefunden
    Log-Analyse und Auswertung - 01.08.2015 (9)
  3. Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen
    Log-Analyse und Auswertung - 15.07.2015 (7)
  4. PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden
    Log-Analyse und Auswertung - 25.03.2015 (15)
  5. Avast Free Antivirus URL:Mal Meldung beim Surfen
    Plagegeister aller Art und deren Bekämpfung - 23.11.2014 (8)
  6. Malwarebytes (free) findet Registerwerte von PUP.Optional.FrostwireTB.A
    Log-Analyse und Auswertung - 14.11.2014 (9)
  7. Malwarebytes meldet PUP.Optional.Bundle und PUP.Optional.DownloadSponsor
    Log-Analyse und Auswertung - 16.10.2014 (7)
  8. Malwarebytes (free) findet PuP.Optional.Frostwire TB.A auf laaaangsamen PC
    Plagegeister aller Art und deren Bekämpfung - 23.09.2014 (13)
  9. Spybot findet viele ERgebnisse, Avast, Malwarebytes und adwcleaner finden nichts
    Antiviren-, Firewall- und andere Schutzprogramme - 03.04.2014 (1)
  10. Win7 - 'PUP.Optional.Babylon.A' und 'PUP.Optional.DownloadSponsor.A' gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (7)
  11. Malwarebytes Pup.Optional.DownloadSponsor.A
    Log-Analyse und Auswertung - 26.10.2013 (13)
  12. Avast Free Antivirus hat eine Bedrohung gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (5)
  13. PUP.Optional.Sweetpacks, PUP.Optional.Conduit bei Scan mit Malwarebytes gefunden
    Log-Analyse und Auswertung - 04.09.2013 (27)
  14. pup.optional.opencandy von Malwarebytes gefunden
    Log-Analyse und Auswertung - 20.08.2013 (7)
  15. Avast Free Antivirus hat eine Bedrohung gefunden- Shadowbox
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (10)
  16. Bei vollständigem Suchlauf mit Malwarebytes' 4 mal Trojan.Banker gefunden
    Log-Analyse und Auswertung - 12.04.2012 (7)
  17. avast! Free Antivirus meldet Virus gefunden C:\Programme\Windows Desktop Search\mssmsg.dll
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (48)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt. - Hallo! Der aktuelle Scan mit Malwarebytes free hat unerwartet obigen Fund angezeigt. Ist das was ernsteres oder reicht die Verschiebung in die Quarantäne aus? Hab auch ein Frst angefügt. Code: - Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt....
Archiv
Du betrachtest: Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131