Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:28 on 08/05/2015 (Eli)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-
         

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Eli (administrator) on STICHLING on 08-05-2015 23:36:59
Running from C:\Users\Eli\Desktop
Loaded Profiles: Eli (Available profiles: Eli & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-29] (Alcor Micro Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-29] (Synaptics)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [865088 2014-05-22] (Razer Inc)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452280-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452296-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-12-09]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58471;https=127.0.0.1:58471
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC1C80B5C-CC13-4CF4-94EC-0091DCE2EC00&SearchSource=58&CUI=&UM=2&UP=SP20A5FFEC-637D-4059-827A-E240577FFCFC&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D012715-AE3372CAF8274412FA2F&form=CONBDF&conlogo=CT3330942&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {7F40D5FC-8B38-4C2C-AC25-5E124CBCA051} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ac4bd0fa00000000000084a6c87778a7&r=62
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {94047CC2-4EEE-43CC-9C7C-710AA7989960} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default
FF DefaultSearchEngine: Google Default
FF SelectedSearchEngine: Bing
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF SearchPlugin: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\searchplugins\google-default.xml [2015-01-31]
FF Extension: Amazon-Icon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\amazon-icon@giga.de [2014-12-11]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\donottrackplus@abine.com [2014-12-06]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\sparpilot@sparpilot.com [2014-12-11]
FF Extension: Mozilla Firefox Hotfixer - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\veggy@veggyAddon.com [2015-03-25]
FF Extension: Zoom It - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5} [2015-05-08]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-03-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-03-01]
FF Extension: html updater - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{058146b7-3c81-4daf-8d37-cdf20fd9af4e}.xpi [2015-01-13]
FF Extension: NoScript - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-08]
FF Extension: {ab5696aa-439a-44e9-a82d-48c7ae8939ae} - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi [2014-12-12]
FF Extension: Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-01]
FF Extension: Adblock Edge - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-01]
FF HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Profile: C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-12-02]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Eli\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2527864 2015-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-02-20] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-08-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-07] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-04-01] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-04-01] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-04-01] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230400 2015-04-01] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-04-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-04-01] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-03-01] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [124928 2015-04-01] (G Data Software AG)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-08-13] (Intel Corporation)
R3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31400 2014-05-19] (Razer Inc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-02-12] (Duplex Secure Ltd.)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 23:33 - 2015-05-08 23:36 - 00046592 _____ () C:\Users\Eli\Desktop\Addition.txt
2015-05-08 23:31 - 2015-05-08 23:37 - 00026946 _____ () C:\Users\Eli\Desktop\FRST.txt
2015-05-08 23:30 - 2015-05-08 23:37 - 00000000 ____D () C:\FRST
2015-05-08 23:29 - 2015-05-08 23:29 - 02102272 _____ (Farbar) C:\Users\Eli\Desktop\FRST64.exe
2015-05-08 23:25 - 2015-05-08 23:28 - 00000520 _____ () C:\Users\Eli\Desktop\defogger_disable.log
2015-05-08 23:25 - 2015-05-08 23:25 - 00000020 _____ () C:\Users\Eli\defogger_reenable
2015-05-08 23:24 - 2015-05-08 23:24 - 00050477 _____ () C:\Users\Eli\Desktop\Defogger.exe
2015-05-07 18:18 - 2015-05-07 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 22:04 - 2015-04-14 22:04 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 23:34 - 2012-10-12 03:48 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-08 23:34 - 2012-10-12 03:48 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-08 23:34 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-08 23:32 - 2013-12-02 18:26 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002
2015-05-08 23:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-08 23:26 - 2013-12-02 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-08 23:26 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-08 23:25 - 2013-12-02 17:53 - 00000000 ____D () C:\Users\Eli
2015-05-08 23:25 - 2012-10-11 18:53 - 01944346 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-08 23:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-08 22:41 - 2013-12-17 11:24 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-08 18:28 - 2014-10-14 16:12 - 00000000 ____D () C:\Users\Eli\AppData\Local\Adobe
2015-04-22 12:35 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-15 14:37 - 2013-12-03 16:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 14:33 - 2013-12-06 12:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 14:33 - 2013-12-03 16:57 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 22:04 - 2013-12-17 11:24 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2013-12-02 18:15 - 2013-12-04 14:32 - 0003011 _____ () C:\Users\Eli\AppData\Roaming\AbsoluteReminder.xml
2014-10-16 13:37 - 2015-01-27 12:56 - 0000034 _____ () C:\Users\Eli\AppData\Roaming\AdobeWLCMCache.dat
2015-02-16 14:59 - 2015-02-16 14:59 - 0000000 _____ () C:\Users\Eli\AppData\Roaming\gdfw.log
2015-02-16 14:59 - 2015-02-16 14:59 - 0000779 _____ () C:\Users\Eli\AppData\Roaming\gdscan.log
2014-02-06 00:25 - 2014-02-06 00:25 - 0000784 _____ () C:\Users\Eli\AppData\Local\recently-used.xbel
2012-10-11 18:24 - 2012-10-11 18:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Eli\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Eli\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Eli\AppData\Local\Temp\BackupSetup.exe
C:\Users\Eli\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Eli\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Eli\AppData\Local\Temp\Gw2.exe
C:\Users\Eli\AppData\Local\Temp\hcuninstaller_20141209_122126_4784.exe
C:\Users\Eli\AppData\Local\Temp\installerdll354018595.dll
C:\Users\Eli\AppData\Local\Temp\InstStub.exe
C:\Users\Eli\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Eli\AppData\Local\Temp\mailcheck_ff_2014_12_02.exe
C:\Users\Eli\AppData\Local\Temp\mpa04268.exe
C:\Users\Eli\AppData\Local\Temp\MultisineV1.74.exe
C:\Users\Eli\AppData\Local\Temp\nsa683D.exe
C:\Users\Eli\AppData\Local\Temp\nsfD03.exe
C:\Users\Eli\AppData\Local\Temp\nsg1D66.exe
C:\Users\Eli\AppData\Local\Temp\nsi7DA8.exe
C:\Users\Eli\AppData\Local\Temp\nsj6FD7.exe
C:\Users\Eli\AppData\Local\Temp\nsmC563.exe
C:\Users\Eli\AppData\Local\Temp\nso62CE.exe
C:\Users\Eli\AppData\Local\Temp\nso7FEB.exe
C:\Users\Eli\AppData\Local\Temp\nsp2528.exe
C:\Users\Eli\AppData\Local\Temp\nsvC37D.exe
C:\Users\Eli\AppData\Local\Temp\ose00000.exe
C:\Users\Eli\AppData\Local\Temp\sdan.exe
C:\Users\Eli\AppData\Local\Temp\sdapk.exe
C:\Users\Eli\AppData\Local\Temp\sdaspwn.exe
C:\Users\Eli\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Eli\AppData\Local\Temp\SpOrder.dll
C:\Users\Eli\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Eli\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Eli\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-02 15:02

==================== End Of Log ============================
         

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Eli at 2015-05-08 23:37:32
Running from C:\Users\Eli\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2344629883-704184612-3672562925-500 - Administrator - Disabled) => C:\Users\Administrator
Eli (S-1-5-21-2344629883-704184612-3672562925-1002 - Administrator - Enabled) => C:\Users\Eli
Gast (S-1-5-21-2344629883-704184612-3672562925-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Enabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Enabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.2.3042.61510 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.2.3042.61510 - Alcor Micro Corp.) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.0 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.2 - G DATA Software AG)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo MediaShow6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.4019 - CyberLink Corp.)
Lenovo MediaShow6 (x32 Version: 6.0.4019 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.5.75 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MultisineV1.74 (HKLM-x32\...\MultisineV1.74_is1) (Version:  - SeDuTec)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.15 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wajam (HKLM-x32\...\WIntEnhance) (Version: 2.23.2.5 (i2.6) - WIntEnhance) <==== ATTENTION
Windows Driver Package - Lenovo Corporation (LAD) System  (06/08/2012 1.0.0.3) (HKLM\...\C48768A2A32F4649238F7DCF737A260911895FDE) (Version: 06/08/2012 1.0.0.3 - Lenovo Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
World of Tanks (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-05-2015 15:15:31 Windows Update
05-05-2015 03:00:02 Windows Update
08-05-2015 18:28:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16FF2885-7253-4AA9-8852-2A473917C04A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {2E06458F-2C06-4D11-8917-ABBC1C4E85B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {335DCE13-5A9A-4E6E-9ADC-75723C6E2C88} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2344629883-704184612-3672562925-1002
Task: {468558C6-6142-46EE-AF56-C44F1020D56B} - System32\Tasks\AdobeAAMUpdater-1.0-Stichling-Eli => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {56EDCD0C-A3CB-4D5A-A17C-4CCFF289CDF6} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {66FB7458-2ABA-44B1-AEF0-139A3D9446F4} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {7B4EAAF4-BB23-4289-8328-E6270D2C1760} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {935F9D2C-4CA3-42C1-9252-4194A934B0DD} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-08-13] (Intel)
Task: {AB0E2CCF-033D-4012-929E-9A75683D82F6} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {BBF19BBA-B5BA-44C4-B597-00C9F440B7F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DA5BCC5E-97CB-4BB2-B334-C36524E5D9E3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {ED4716DB-CC6A-4917-ADBF-295CE4E9EF84} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-11 17:54 - 2014-11-04 02:04 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-10-11 18:08 - 2014-11-04 00:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-06-02 23:07 - 2014-06-07 00:49 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-06-01 03:37 - 2013-06-01 03:38 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-23 05:37 - 2012-08-20 18:58 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-11 18:22 - 2010-10-26 06:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-05-22 10:28 - 2014-05-22 10:28 - 00619328 _____ () C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenDevProps.dll
2012-10-11 18:40 - 2012-07-18 14:27 - 00021072 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
2012-10-11 18:08 - 2014-11-04 02:04 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-08 21:02 - 2013-12-08 21:02 - 00017920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\d4b49cde56288aa4c132208d7aba2a82\PSIClient.ni.dll
2012-10-11 18:02 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxp://aeriagames.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Updater"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FE411D01-488F-44D5-884E-5EE52559E311}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{36D5C3C9-1548-4F51-990F-0D36FA953832}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AEF317AC-8B64-4CF9-AADD-16D722298F32}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{6116444F-39A2-481F-B28B-3C1EB4AC825A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1A59A1C6-FFD0-412C-9967-F04508836AC6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9D5E01DB-721D-4D5D-9144-9BD6B23E059C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{16C1F45C-C07B-4138-A651-7A529A97E91D}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B63CCD4-1AB4-40D6-9BC0-AB1B6E0EE854}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0E82E8D3-14EB-4CBC-A93D-C754A6D75414}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D625238B-8BCD-4FEE-BCF4-6FDCDD75086F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3343CC8B-CC8B-417F-8660-1070B80E5D1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{6296C6F2-1A61-4098-9793-EBD77FB7498E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{B92E14C8-FE81-44E8-8CBD-18C5A30AB183}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{661054AE-A45C-4733-8F60-1E15E450B0C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{23AEFC51-BEB2-4422-91DD-ACBCCF2110DA}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{D68D57B4-3C61-43FB-AE82-0ED2D703490A}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe
FirewallRules: [{A4FDD966-9ADB-4744-9A41-A2AEEE0CB660}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C7E508E8-74E1-4749-B08C-E6C5D7E92042}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{86AFCA5B-8EE3-4409-9A48-00B737F50B0D}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{0A596237-E7FE-48EA-AE61-46CE6D25F34A}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0AF7BEAF-5D1D-41E5-A959-4D51AA40FC84}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{FA933674-7934-4A80-B8A1-8726B63FC074}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe
FirewallRules: [{00B4DBC3-4697-47A9-9906-CAB83DCAEE58}] => (Allow) E:\fsetup.exe
FirewallRules: [{13F753FB-88EE-4A13-9F1F-C4E1811B6C09}] => (Allow) E:\fsetup.exe
FirewallRules: [TCP Query User{26722D95-8E5D-425F-BB66-EF46D1D4B292}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{257EF4E8-F646-440D-BAE7-2FD915BF4AED}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe
FirewallRules: [{BF20EADA-FEC5-43B2-8EF2-7EEE04AF104C}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe
FirewallRules: [{BA9EE5F1-2565-4315-A71B-CFACAB374097}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe
FirewallRules: [TCP Query User{D896DF0C-87E7-45B2-8F8F-18D29C7557EB}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FBAE6EDA-2ECE-497A-AEEF-7E04FFB9F5D7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{83912FFF-3BCC-457A-B433-1D650BFE1201}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{56F1213B-665E-453A-B957-B15E742D7137}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D4C394AF-CEA4-4787-A1B0-FE92195BC91B}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C27B5D62-4D23-45B8-831A-56CABA6352F7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D1EF3745-EF41-4BFC-8458-1DF98EC0866D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FE281D1A-F13B-46FE-8D75-844F84019C34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{6B3C3F2D-A0AF-403E-89F9-F82D97F7936B}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{514C6518-DE3F-433D-B824-03D5988CC5CD}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{AB5B0666-867F-4225-8921-C07822FD5F2C}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{66EB7665-7D66-476F-8696-73B1659C9424}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{7B144272-3233-4A58-A5E2-BD2985EC7DC9}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{1556DDB9-D2F6-4AE4-9CB7-7431929F01A0}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [TCP Query User{2187DA8C-E595-4CE4-BF6D-56B5C9E7C596}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [UDP Query User{7CBA81A5-A638-4CF8-B071-98F871B357C3}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [TCP Query User{496CF561-D54C-49E8-82B3-1E6B99FA45E0}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [UDP Query User{F089B531-CED1-4A9F-B5FC-807F1872D5FA}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [TCP Query User{7484905A-547D-4BC9-BBEC-A86A7C6E46C0}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{5A98C1FB-37B3-455D-BF16-09851618DF36}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe
FirewallRules: [{0AFE21E2-9EC6-46A0-9C96-31AD30B5459B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{84F37044-DB78-401C-B848-D3F6ACAA92C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{06400E3E-1A60-4F8A-BF4F-DA79350980E9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6773F3DE-36A9-4D3B-AB23-91D16F48EBAD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{682AB1D3-1F34-4D87-80B8-C4F8C45A7AD1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{40A9BB0C-8A74-4402-A7C1-E061234C2593}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{EAB95CBF-A945-4C20-80FF-8CD75EB87DA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{428888B3-34AF-481D-A128-DB2557E4B123}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{D6A55DF9-C885-4BFC-B076-81F14BA5232E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C97B8697-EDE1-4C9F-B2D9-64F18BC2BF7E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{18B66FF3-C5DC-4FDE-A4A8-64C9AA96171F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E508085F-2BE0-4E7B-A226-FFC95FCB3C6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D394A1CD-0698-4949-A90D-C98B1DD36E0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{52F98722-C635-4E81-ADA8-70ED6FF5F6E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E798E883-53B4-459D-812E-91997BA07996}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe
FirewallRules: [UDP Query User{83665DEE-D6AE-49F2-A378-7093E023F5D9}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe
FirewallRules: [{698B3957-6CC3-41CF-A021-3C78009DFE3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{3ABD6377-71A1-435D-AFB3-2F11F84D2322}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F8566532-E41F-49DF-85B3-568CFEC07AFF}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{C2D39783-211D-4EA4-B98A-3AAB6BFFC014}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{31C5EA3D-1BD5-43E8-9181-35543B3BBF69}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{88745C92-B63F-4347-BA8B-9CDD9C44A776}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{EFF43167-5DA6-464A-B786-9274BBEB3DB2}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{22840350-FF81-4BC5-9816-199C39A1EF20}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{7453EB02-9626-4B99-BA59-5234F5AA9ACA}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{27E4C84F-6251-4C72-9CAF-60C52179FE9E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{B65B71E3-0387-4F5D-ADAA-635F2351E05A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{21ABDC7C-1243-45BA-84F1-A1017F798BA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{43C24E91-C2F4-4BB8-94F5-C58C878E927D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5578416F-51B9-4F43-A52A-CE71B608ED78}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{93199FA7-EC52-4372-A19B-12052066419B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E436FFDA-7958-462B-BC91-CD5E56A852B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{42CFDA77-27C2-4439-A97E-5A95E731FFD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{23964328-54B5-419C-8E8C-F91ED45CF60C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FA125EB3-6A25-45C6-9C81-DAE143991C42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6EC81A98-3078-440D-B8A5-D5DD12BA54C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{F06BB976-5FFA-468B-AF69-AB09DAFE94C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{807FFE94-35C9-430E-BFC5-459E3BEF7FE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{ADF4A11C-3766-40EE-B6D3-AF7B8C50ECAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{26D12EFE-6D2F-4261-917A-B3D5CCDFCF69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{164102D1-6D64-49FB-ACD5-500B64E5C41C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{BFCC7624-EE53-42D8-AFD6-61483A15C9F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{5B721E22-3416-477C-9E7C-D00EE1FBA868}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{DEC44613-54DC-4AF9-A1FD-612608EBDB4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [TCP Query User{C31B1623-7B06-499A-9472-794F28657C18}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{12F8740B-A9DE-4C6C-921F-D29DA39927DD}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7C585868-E860-4637-993B-00C3D39B8514}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [UDP Query User{0ACF76D8-F51D-41F1-8690-05C9B45272D8}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [TCP Query User{1853108B-2A2D-4265-81FB-11E4480BFDAF}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [UDP Query User{6C16FCF9-C7F1-4BFA-AE82-C601C1714F56}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [TCP Query User{AA7ECD86-2D59-47D8-A6A9-7A3382DB3930}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe
FirewallRules: [UDP Query User{E1F55399-4AB8-4183-B065-18EC09B89A4B}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe
FirewallRules: [{E0C220EB-1DE4-463B-83A5-C326BF8E2ED8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C0F9D5DC-3336-40CA-B1E5-1CD8006AE313}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E613D5A4-C260-41F3-8243-471CFEC06721}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{35C017BE-675C-4396-9D1E-9123EC2A7569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{DD7D7D1F-3372-4E19-8109-394A0486D174}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{CB635730-436E-4A48-9AA0-9A5F211EE047}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{48E1F13C-1635-4E41-8448-39853E6476EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B49DEEB6-AE93-4911-8655-13AA917B846E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{16789348-B2F0-436C-B0E7-FAE827AFEE39}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{918A09DD-7E75-43D1-AE4C-1BA032F5B084}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{75E50E1D-EC04-4BF2-AABF-FE36297B9D93}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{A6D3D9AA-BC28-46E0-929C-F765E6A561A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{D9393403-52E2-444E-8C1D-86C282B95F3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{64E61C68-111F-4EEA-930B-D3053C29889E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{59999FBA-2AC3-475A-BF91-E1EF1E7247B2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [UDP Query User{9A015A14-72EE-456F-980A-60A303DA91C2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [TCP Query User{85690F6D-B45A-4B8B-8DE3-4684C45740DC}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{82457885-B5E3-461C-9EBC-EF0DD33D6920}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{68834CFE-5C93-41BB-9341-3DDA1AE12CD8}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7A457934-AEB7-4F11-A04B-0F47B82DE927}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{75D3ACB4-BA02-4E8A-85B8-CA9617DE3804}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A10AA34C-5023-472F-A325-CC0254B2E438}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E0EF15E-E13C-46AE-8F2E-956CC04A033B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD510CB2-E8CD-49B0-A2A7-C0DC245A2607}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C805CD0-8D14-4BE1-ABDC-8DC5432E3542}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4C5F175-A71D-460B-9786-09AFDCC41CF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DAA907E0-5157-484A-86E7-45A5C5F74132}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2015 11:37:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:37:23Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:36:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:36:53Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:36:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:36:23Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:35:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:35:53Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:35:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:35:23Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:34:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:34:53Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:34:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:34:23Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:33:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:33:53Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:33:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:33:23Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:32:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:32:53Z. Fehlercode: 0x80041316.


System errors:
=============
Error: (05/07/2015 05:55:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)

Error: (05/07/2015 05:55:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872)

Error: (05/06/2015 02:40:48 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (05/04/2015 02:03:15 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (05/02/2015 03:51:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)

Error: (05/02/2015 03:51:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872)

Error: (05/01/2015 04:44:16 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (04/30/2015 07:24:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)

Error: (04/30/2015 07:24:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872)

Error: (04/26/2015 04:54:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 40%
Total physical RAM: 8050.48 MB
Available physical RAM: 4776.98 MB
Total Pagefile: 10610.48 MB
Available Pagefile: 6923.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:540.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: C1CDA268)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: C1CDA275)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-08 23:45:03
Windows 6.2.9200  x64 \Device\Harddisk1\DR1 -> \Device\00000044 WDC_WD7500BPVT-24HXZT3 rev.03.01A03 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Eli\AppData\Local\Temp\uwloipog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306          000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314          000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                    000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                    000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                  000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                             000007fcd541257c 8 bytes JMP 000007fdd5090340
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                           000007fcd5416b10 1 byte JMP 000007fdd5090298
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW + 2                                                       000007fcd5416b12 7 bytes {JMP 0xffffffffffc79788}
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                    000007fcd5495778 7 bytes JMP 000007fdd5090260
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                            000007fcd54b1564 7 bytes JMP 000007fdd50902d0
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                      000007fcd54c40e4 7 bytes JMP 000007fdd5090228
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                    000007fcd54c4178 8 bytes JMP 000007fdd50901f0
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                             000007fcd54c479c 8 bytes JMP 000007fdd5090308
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                         000007fcd50a28a0 7 bytes JMP 000007fdd50900d8
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                              000007fcd50a28e8 5 bytes JMP 000007fdd5090180
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                           000007fcd50bf590 6 bytes JMP 000007fdd5090148
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                       000007fcd50bf8ac 5 bytes JMP 000007fdd5090110
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                                     000007fcd50eaa40 5 bytes JMP 000007fdd50901b8
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                              000007fcd7d6c5b0 7 bytes JMP 000007fdd5090420
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                   000007fcd7d731f0 1 byte JMP 000007fdd5090378
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2                                               000007fcd7d731f2 7 bytes {JMP 0xfffffffffd31d188}
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                          000007fcd7d733e0 5 bytes JMP 000007fdd50903e8
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                                     000007fcd7d745d0 5 bytes JMP 000007fdd5090458
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                          000007fcd7d77160 5 bytes JMP 000007fdd50903b0
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        000007fcd5ed1070 8 bytes JMP 000007fdd50904c8
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      000007fcd5ef0c10 8 bytes JMP 000007fdd5090490
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1                                                             000007fcd2e16d10 5 bytes JMP 000007fdd2a50110
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory                                                              000007fcd2e1d060 5 bytes JMP 000007fdd2a500d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                            000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                            000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                          000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690                                                      000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698                                                      000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246                                                    000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                            000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                            000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                           000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                           000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690                                                     000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698                                                     000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246                                                   000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1572] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742  000007fccb451b32 4 bytes [45, CB, FC, 07]
.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1572] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750  000007fccb451b3a 4 bytes [45, CB, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                             000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                             000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                           000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                   000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                   000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                              000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                              000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                            000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742                                              000007fccb451b32 4 bytes [45, CB, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750                                              000007fccb451b3a 4 bytes [45, CB, FC, 07]
.text   C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1664] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306      000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1664] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314      000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306            000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314            000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                      000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                      000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                    000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                               000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                               000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                             000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                     000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                     000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306    000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314    000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690              000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698              000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246            000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                     000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                     000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                               000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                               000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                             000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306          000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314          000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Windows\System32\igfxpers.exe[5956] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                          000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Windows\System32\igfxpers.exe[5956] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                          000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                    000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                    000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                  000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6300] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                             000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6300] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                             000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6612] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                          000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6612] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                          000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690               000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698               000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246             000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\iTunes\iTunesHelper.exe[4956] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                000007fccb451b32 4 bytes [45, CB, FC, 07]
.text   C:\Program Files\iTunes\iTunesHelper.exe[4956] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                000007fccb451b3a 4 bytes [45, CB, FC, 07]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [620:644]                                                                                                      fffff960008655e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk1\DR1                                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----