Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Mein Notebook ist seeeeeeehhhhhhhhhhhhhr langsam geworden. (https://www.trojaner-board.de/159857-notebook-seeeeeeehhhhhhhhhhhhhr-langsam-geworden.html)

FredPerrylol 17.10.2014 21:31
Mein Notebook ist seeeeeeehhhhhhhhhhhhhr langsam geworden.
 
Hallo,

Mein Laptop ist unwahrscheinlich langsam geworden i letzter Zeit. Es gab zwar auch ein neues, großes Update der Grafikkarte, aber soweit ich weiß, war das Problem schon ein paar Tage länger vorhanden.

Es dauert sehr lange, bis sich einen browser öffnen kann und der browser an sich (jetzt chrome, vorher opera) läd auch unheimlich lange.

Vor zwei Tagen gab es beim downloaden vom filehippo update service eine warnung ein trojaner sei entdeckt und isoliert worden.

Habe McAffee (im Abo).

Danke
Viele Grüße
Tim

#
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by beTheFellowBee (ATTENTION: The logged in user is not administrator) on SCHEER-PC on 17-10-2014 22:14:19
Running from C:\Users\beTheFellowBee\Downloads
Loaded Profiles: Scheer & beTheFellowBee (Available profiles: Scheer & beTheFellowBee)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\ExpressGateUtil\VAWinAgent.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(APN LLC.) C:\Users\beTheFellowBee\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
(APN LLC.) C:\Users\beTheFellowBee\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2185032 2009-10-19] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-11-13] ()
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-04] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-09-22] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1560831024-780671805-4130521857-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5EDE&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=launcher.exe_0_24.0.1558.53&apn_uid=888A9DBA-B531-422B-90E9-76DA63E5B12A&itbv=12.16.2.53&doi=2014-09-17&psv=&pt=tb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {43E97C7C-1B2C-4CDF-848F-CD608BD0BCEC} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^DE&gct=&itbv=12.16.2.53&apn_uid=888A9DBA-B531-422B-90E9-76DA63E5B12A&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^DE&apn_dbr=launcher.exe_0_24.0.1558.53&doi=2014-09-17&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-05-29]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\beTheFellowBee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\beTheFellowBee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-16]
CHR Extension: (Google Drive) - C:\Users\beTheFellowBee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\beTheFellowBee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\beTheFellowBee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-16]
CHR Extension: (Google-Suche) - C:\Users\beTheFellowBee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-16]
CHR Extension: (Google Wallet) - C:\Users\beTheFellowBee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (Google Mail) - C:\Users\beTheFellowBee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-22] (APN LLC.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-25] (Fresco Logic)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 22:08 - 2014-10-17 22:08 - 00030266 _____ () C:\Users\beTheFellowBee\Downloads\Addition.txt
2014-10-17 22:04 - 2014-10-17 22:14 - 00021701 _____ () C:\Users\beTheFellowBee\Downloads\FRST.txt
2014-10-17 22:04 - 2014-10-17 22:14 - 00000000 ____D () C:\FRST
2014-10-17 22:04 - 2014-10-17 22:04 - 02112000 _____ (Farbar) C:\Users\beTheFellowBee\Downloads\FRST64.exe
2014-10-17 22:03 - 2014-10-17 22:03 - 00000474 _____ () C:\Users\beTheFellowBee\Downloads\defogger_disable.log
2014-10-17 22:03 - 2014-10-17 22:03 - 00000000 _____ () C:\Users\Scheer\defogger_reenable
2014-10-17 22:02 - 2014-10-17 22:02 - 00050477 _____ () C:\Users\beTheFellowBee\Downloads\Defogger.exe
2014-10-17 21:14 - 2014-10-17 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-17 13:38 - 2014-10-17 13:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-16 19:20 - 2014-10-16 19:20 - 31555072 _____ (Secunia) C:\Users\Scheer\Downloads\Opera_25.0.1614.50_SPS.exe
2014-10-16 19:19 - 2014-10-16 19:19 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (6).msi
2014-10-16 18:18 - 2014-10-16 18:18 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (5).msi
2014-10-16 16:50 - 2014-10-16 16:50 - 17703272 _____ (Adobe Systems Inc.) C:\Users\Scheer\Downloads\AdobeAIRInstaller (1).exe
2014-10-16 16:50 - 2014-10-16 16:50 - 00880272 _____ (Google Inc.) C:\Users\Scheer\Downloads\ChromeSetup (4).exe
2014-10-16 16:48 - 2014-10-16 16:48 - 17703272 _____ (Adobe Systems Inc.) C:\Users\Scheer\Downloads\AdobeAIRInstaller.exe
2014-10-16 16:48 - 2014-10-16 16:48 - 00000000 ____D () C:\Users\Scheer\Documents\PC Speed Maximizer
2014-10-16 16:47 - 2014-10-16 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-16 16:46 - 2014-10-16 16:46 - 00771792 _____ ( ) C:\Users\Scheer\Downloads\SandboxieInstall_inst (1).exe
2014-10-16 16:45 - 2014-10-16 16:45 - 00002050 _____ () C:\Users\Scheer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2014-10-16 16:45 - 2014-10-16 16:45 - 00002020 _____ () C:\Users\Scheer\Desktop\FileHippo App Manager.lnk
2014-10-16 16:45 - 2014-10-16 16:45 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-10-16 16:43 - 2014-10-16 16:47 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Scheer\Downloads\SandboxieInstall.exe
2014-10-16 16:41 - 2014-10-16 16:41 - 00000000 ____D () C:\ProgramData\Sun
2014-10-16 16:29 - 2014-10-16 16:31 - 92658088 _____ (Oracle Corporation) C:\Users\Scheer\Downloads\jre-8u25-windows-x64.exe
2014-10-16 16:29 - 2014-10-16 16:30 - 31897256 _____ (Opera Software) C:\Users\Scheer\Downloads\Opera_25.0.1614.50_Setup.exe
2014-10-16 16:29 - 2014-10-16 16:29 - 00771792 _____ ( ) C:\Users\Scheer\Downloads\SandboxieInstall_inst.exe
2014-10-16 16:29 - 2014-10-16 16:29 - 00499976 _____ () C:\Users\Scheer\Downloads\AppManagerSetup_1.44.exe
2014-10-16 16:28 - 2014-10-16 16:28 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (4).msi
2014-10-16 16:06 - 2014-10-16 16:06 - 17882112 _____ (Secunia) C:\Users\Scheer\Downloads\AdobeAir_15.0.0.293_SPS (1).exe
2014-10-16 16:06 - 2014-10-16 16:06 - 03707392 _____ () C:\Users\Scheer\Downloads\msxml6_ia64 (1).msi
2014-10-16 16:06 - 2014-10-16 16:06 - 02617344 _____ () C:\Users\Scheer\Downloads\msxml6_x64 (1).msi
2014-10-16 16:06 - 2014-10-16 16:06 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (3).msi
2014-10-16 15:59 - 2014-10-16 15:59 - 17882112 _____ (Secunia) C:\Users\Scheer\Downloads\AdobeAir_15.0.0.293_SPS.exe
2014-10-15 17:55 - 2014-10-15 17:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-15 11:48 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 11:48 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 11:47 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 11:47 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 11:47 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 11:47 - 2014-08-19 05:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 11:47 - 2014-08-19 05:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 11:47 - 2014-08-19 05:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 11:47 - 2014-08-19 05:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 11:47 - 2014-08-19 05:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 11:47 - 2014-08-19 05:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 11:47 - 2014-08-19 05:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 11:47 - 2014-08-19 05:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 11:47 - 2014-08-19 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 11:47 - 2014-08-19 05:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 11:47 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 11:47 - 2014-08-19 04:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 11:47 - 2014-08-19 04:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 11:47 - 2014-07-07 04:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 11:47 - 2014-07-07 04:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 11:47 - 2014-07-07 04:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 11:47 - 2014-07-07 04:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 11:47 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 11:47 - 2014-07-07 04:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 11:47 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 11:47 - 2014-07-07 04:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 11:47 - 2014-07-07 04:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 11:47 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 11:47 - 2014-07-07 03:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 11:47 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 11:47 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 11:47 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 11:47 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 11:47 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 11:47 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 11:47 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 11:47 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 11:47 - 2014-06-28 02:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 11:47 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 11:47 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 11:46 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 11:46 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 11:46 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 11:46 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 11:46 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 11:46 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 11:46 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 11:46 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 11:46 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 11:46 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 11:46 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 11:46 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 11:46 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 11:46 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 11:46 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 11:46 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 11:46 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 11:46 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 11:46 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 11:46 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 11:46 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 11:46 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 11:46 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 11:46 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 11:46 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 11:46 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 11:46 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 11:46 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 11:46 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 11:46 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 11:46 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 11:46 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 11:46 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 11:46 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 11:46 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 11:46 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 11:46 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 11:46 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 11:46 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 11:46 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 11:46 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 11:46 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 11:46 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 11:46 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 11:46 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 11:46 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 11:46 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 11:46 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 11:46 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 11:46 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 11:46 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 11:46 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 11:46 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 11:46 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 11:46 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 11:46 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 11:43 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 11:43 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 11:43 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 11:43 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 11:43 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 11:43 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 11:43 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 11:43 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 11:43 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 11:43 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 11:43 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 11:43 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 09:39 - 2014-10-15 09:39 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-15 09:39 - 2014-09-13 22:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-15 09:38 - 2014-10-15 09:38 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-10-15 09:38 - 2014-10-15 09:38 - 00000000 ____D () C:\Windows\system32\NV
2014-10-15 09:35 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-10-15 09:35 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-15 09:35 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-10-15 03:07 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-10-15 03:07 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-10-15 03:03 - 2014-10-15 03:03 - 00000000 ____D () C:\Users\Scheer\AppData\Local\AskPartnerNetwork
2014-10-13 13:59 - 2014-10-13 13:59 - 00044962 _____ () C:\Users\beTheFellowBee\Downloads\eBayISAPI.gz
2014-10-13 03:01 - 2014-10-13 03:22 - 00000996 _____ () C:\Users\beTheFellowBee\Desktop\Neues Textdokument (2).txt
2014-10-09 21:08 - 2014-10-10 00:43 - 00002637 _____ () C:\Users\beTheFellowBee\Desktop\Neues Textdokument.txt
2014-10-09 21:08 - 2014-10-09 21:08 - 00000000 ____D () C:\Users\beTheFellowBee\Desktop\Neuer Ordner (2)
2014-10-09 16:03 - 2014-10-09 16:04 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-09 16:03 - 2014-10-09 16:03 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-10-09 15:54 - 2014-10-09 15:54 - 00895120 _____ (Google Inc.) C:\Users\Scheer\Downloads\ChromeSetup (3).exe
2014-10-09 15:53 - 2014-10-09 15:55 - 131105792 _____ (Secunia) C:\Users\Scheer\Downloads\OpenOffice_4.1.1_en-US_SPS.exe
2014-10-09 15:53 - 2014-10-09 15:54 - 01528320 _____ () C:\Users\Scheer\Downloads\msxml6 (2).msi
2014-10-09 15:38 - 2014-10-16 19:21 - 00000924 _____ () C:\Windows\SecuniaPackage.log
2014-10-09 15:38 - 2014-10-16 16:36 - 00000000 ____D () C:\Users\Scheer\AppData\Local\Adobe
2014-10-09 15:37 - 2014-10-09 15:37 - 00895120 _____ (Google Inc.) C:\Users\Scheer\Downloads\ChromeSetup (2).exe
2014-10-09 15:36 - 2014-10-09 15:37 - 17882624 _____ (Secunia) C:\Users\Scheer\Downloads\AdobeAir_15.0.0.249_SPS.exe
2014-10-09 15:36 - 2014-10-09 15:37 - 01528320 _____ () C:\Users\Scheer\Downloads\msxml6 (1).msi
2014-10-09 15:36 - 2014-10-09 15:36 - 04614144 _____ () C:\Users\Scheer\Downloads\msxml6_SDK.msi
2014-10-09 15:36 - 2014-10-09 15:36 - 03753472 _____ () C:\Users\Scheer\Downloads\msxml6_ia64.msi
2014-10-09 15:36 - 2014-10-09 15:36 - 02721280 _____ () C:\Users\Scheer\Downloads\msxml6_x64.msi
2014-10-09 15:36 - 2014-10-09 15:36 - 01528320 _____ () C:\Users\Scheer\Downloads\msxml6.msi
2014-10-07 15:26 - 2014-10-07 15:26 - 00011833 _____ () C:\Users\beTheFellowBee\Downloads\Lands' End GmbH - Zur Erinnerung.html
2014-10-02 12:59 - 2014-10-02 13:00 - 00000000 ____D () C:\Users\beTheFellowBee\Desktop\Neuer Ordner (3)
2014-10-01 11:34 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 11:34 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 01:07 - 2014-09-28 01:07 - 00017659 _____ () C:\Users\beTheFellowBee\AppData\Local\recently-used.xbel
2014-09-24 10:38 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 10:38 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 23:23 - 2014-09-23 23:23 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-23 01:01 - 2014-09-23 01:01 - 00000000 ____D () C:\Users\Scheer\AppData\Roaming\OpenOffice
2014-09-23 00:44 - 2014-09-23 00:44 - 00000000 ____D () C:\Users\Scheer\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2014-09-23 00:37 - 2014-09-23 00:41 - 140852175 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US (1).exe
2014-09-23 00:37 - 2014-09-23 00:40 - 140852175 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-23 00:34 - 2014-09-23 00:37 - 164858324 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de (1).exe
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-22 11:00 - 2014-09-22 11:00 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-22 11:00 - 2014-09-22 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-22 11:00 - 2014-09-22 11:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-19 22:35 - 2014-09-22 01:34 - 00019539 _____ () C:\Users\beTheFellowBee\Desktop\Untitled 1.odt
2014-09-19 22:35 - 2014-09-19 22:35 - 00000000 ____D () C:\Users\Scheer\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-09-19 22:32 - 2014-09-19 22:34 - 164858324 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2014-09-17 16:50 - 2014-09-17 16:50 - 00000000 ____D () C:\Users\beTheFellowBee\AppData\Local\AskPartnerNetwork
2014-09-17 16:50 - 2014-09-17 16:50 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-09-17 16:50 - 2014-09-17 16:50 - 00000000 ____D () C:\ProgramData\APN
2014-09-17 16:50 - 2014-09-17 16:50 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-09-17 16:43 - 2014-09-17 16:43 - 00000000 ____D () C:\ProgramData\Oracle

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 22:03 - 2012-05-29 15:47 - 00000000 ____D () C:\Users\Scheer
2014-10-17 21:55 - 2010-11-13 17:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 21:33 - 2014-03-24 12:31 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job
2014-10-17 21:23 - 2012-08-16 22:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 21:15 - 2009-07-14 06:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 21:15 - 2009-07-14 06:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 21:11 - 2010-11-13 17:04 - 01254571 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 21:08 - 2010-11-13 17:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 21:06 - 2010-11-13 17:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-17 21:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 21:06 - 2009-07-14 06:51 - 00376954 _____ () C:\Windows\setupact.log
2014-10-17 16:04 - 2009-08-04 11:51 - 00711546 _____ () C:\Windows\system32\perfh007.dat
2014-10-17 16:04 - 2009-08-04 11:51 - 00153736 _____ () C:\Windows\system32\perfc007.dat
2014-10-17 16:04 - 2009-07-14 07:13 - 01653060 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 19:21 - 2012-05-29 16:25 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-16 19:02 - 2014-05-31 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 17:59 - 2010-11-13 18:05 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-10-16 17:59 - 2010-11-13 18:00 - 00000000 ____D () C:\Program Files\P4G
2014-10-16 17:06 - 2012-06-08 10:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-16 17:06 - 2012-05-29 16:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-16 16:45 - 2012-05-29 16:29 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-10-16 16:40 - 2014-06-04 17:23 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-16 16:40 - 2014-06-04 17:22 - 00000000 ____D () C:\Program Files\Java
2014-10-15 19:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 18:58 - 2010-11-13 18:00 - 00002306 _____ () C:\Windows\system32\ServiceFilter.ini
2014-10-15 18:34 - 2012-05-29 16:22 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-15 18:34 - 2009-07-14 06:45 - 00305568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 18:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 18:30 - 2014-05-07 16:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 18:30 - 2010-11-13 17:40 - 00527964 _____ () C:\Windows\PFRO.log
2014-10-15 18:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 17:54 - 2013-08-14 23:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 17:47 - 2012-05-29 17:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 17:46 - 2012-05-30 14:58 - 00004346 _____ () C:\Windows\Sandboxie.ini
2014-10-15 09:39 - 2014-07-29 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-15 09:39 - 2010-11-13 17:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-15 03:09 - 2010-11-13 17:50 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-15 03:03 - 2012-05-29 15:47 - 00069616 _____ () C:\Users\Scheer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-13 13:56 - 2014-07-29 20:08 - 00000000 ____D () C:\Users\beTheFellowBee\AppData\Local\NVIDIA Corporation
2014-10-13 13:56 - 2014-07-29 20:08 - 00000000 ____D () C:\Users\beTheFellowBee\AppData\Local\NVIDIA
2014-10-09 17:45 - 2012-05-30 11:49 - 00069616 _____ () C:\Users\beTheFellowBee\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-09 16:04 - 2013-07-29 19:13 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-28 01:08 - 2013-11-23 17:28 - 00000000 ____D () C:\Users\beTheFellowBee\.gimp-2.8
2014-09-23 00:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-22 11:16 - 2010-11-13 18:00 - 00002416 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-20 16:16 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-19 01:58 - 2014-07-01 11:52 - 00000000 ____D () C:\Users\beTheFellowBee\Desktop\Umbau Bumsenheim
2014-09-18 21:04 - 2013-05-18 21:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 14:43 - 2014-06-25 16:45 - 00000000 ____D () C:\Users\beTheFellowBee\Desktop\Neuer Ordner
2014-09-17 16:46 - 2014-06-04 17:23 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-17 16:46 - 2014-06-04 17:23 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-17 16:46 - 2014-06-04 17:23 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-17 16:44 - 2014-05-31 23:05 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-17 16:44 - 2014-05-31 23:04 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-17 16:44 - 2014-05-31 23:04 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-17 06:51 - 2013-09-05 03:36 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-09-17 04:13 - 2014-07-29 20:08 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-09-17 04:13 - 2014-07-29 20:08 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-09-17 04:12 - 2014-07-29 20:08 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-09-17 04:12 - 2014-07-29 20:08 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

Some content of TEMP:
====================
C:\Users\Scheer\AppData\Local\temp\APNSetup.exe
C:\Users\Scheer\AppData\Local\temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Scheer\AppData\Local\temp\jre-8u20-windows-au.exe
C:\Users\Scheer\AppData\Local\temp\nvSCPAPI.dll
C:\Users\Scheer\AppData\Local\temp\nvSCPAPI64.dll
C:\Users\Scheer\AppData\Local\temp\nvSCPAPISvr.exe
C:\Users\Scheer\AppData\Local\temp\nvStInst.exe
C:\Users\Scheer\AppData\Local\temp\pcspeedmaxsetup.exe
C:\Users\Scheer\AppData\Local\temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---
#


#FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by beTheFellowBee at 2014-10-17 22:15:17
Running from C:\Users\beTheFellowBee\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D-Viewer-innoplus (HKLM-x32\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.302 - INNOVA-engineering GmbH)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.293 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.40 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4015 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4015 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_N3_Series (HKLM-x32\...\ASUS_N3_Series) (Version: 1.0.0002 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0006 - ASUS)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP250 series Benutzerregistrierung (HKLM-x32\...\Canon MP250 series Benutzerregistrierung) (Version:  - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2609a - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.2609a - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.76.380 - Asus)
ExpressGate Cloud (x32 Version: 2.1.76.380 - Asus) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.6 - ASUS)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fresco Logic USB3.0 Host Controller (HKLM\...\{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}) (Version: 3.0.105.11 - Fresco Logic Inc.)
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKLM-x32\...\{69BDE82E-C14F-3309-9813-E5F4E6111920}) (Version: 65.61.49247 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version:  - Oberon Media Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version:  - Oberon Media Inc.)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel(R) Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Jewel Quest 3 (HKLM-x32\...\Jewel Quest 3) (Version:  - Oberon Media Inc.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Luxor 3 (HKLM-x32\...\Luxor 3) (Version:  - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version:  - Oberon Media Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5942 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 24.0.1558.61 (HKCU\...\Opera 24.0.1558.61) (Version: 24.0.1558.61 - Opera Software ASA)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version:  - Oberon Media Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6210 - Realtek Semiconductor Corp.)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1101}) (Version: 12.17.1.65 - APN, LLC) <==== ATTENTION
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Update for Image Editor (HKCU\...\DSite) (Version:  - ) <==== ATTENTION
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.54000.206 - Sonix)
VA HausDesigner Premium (HKLM-x32\...\VAHausDesignerPremium.Exe) (Version: VA HausDesigner Premium - TRICAD GmbH)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version:  - Oberon Media Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-07-09 23:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\Digital Sites.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-11-13 17:34 - 2010-11-13 17:34 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-11-13 17:34 - 2010-11-13 17:34 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-03-05 19:21 - 2010-03-05 19:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-04-10 17:40 - 2011-04-10 17:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-08-13 03:52 - 2010-08-13 03:52 - 00021504 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2010-09-23 17:53 - 2010-09-23 17:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-1560831024-780671805-4130521857-500 - Administrator - Disabled)
beTheFellowBee (S-1-5-21-1560831024-780671805-4130521857-1002 - Limited - Enabled) => C:\Users\beTheFellowBee
Gast (S-1-5-21-1560831024-780671805-4130521857-501 - Limited - Disabled)
Scheer (S-1-5-21-1560831024-780671805-4130521857-1001 - Administrator - Enabled) => C:\Users\Scheer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2014 09:25:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: BITS connection error Type: 150::InternetConnectionFailure.

Error: (10/17/2014 09:11:11 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (10/17/2014 09:10:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (10/17/2014 02:44:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: BITS connection error Type: 150::InternetConnectionFailure.

Error: (10/17/2014 02:37:25 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (10/17/2014 02:35:40 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (10/16/2014 11:34:40 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: BITS connection error Type: 150::InternetConnectionFailure.

Error: (10/16/2014 11:27:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (10/16/2014 11:25:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (10/16/2014 10:14:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: BITS connection error Type: 150::InternetConnectionFailure.


System errors:
=============
Error: (10/17/2014 04:18:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst cvhsvc erreicht.

Error: (10/17/2014 04:15:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎17.‎10.‎2014 um 16:03:46 unerwartet heruntergefahren.

Error: (10/16/2014 10:30:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (10/16/2014 06:00:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (10/16/2014 05:08:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}

Error: (10/16/2014 04:27:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/16/2014 02:48:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/15/2014 10:40:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (10/15/2014 06:58:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (10/15/2014 06:39:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2952664)


Microsoft Office Sessions:
=========================
Error: (10/17/2014 09:25:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: BITS connection error Type: 150::InternetConnectionFailure.

Error: (10/17/2014 09:11:11 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (10/17/2014 09:10:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (10/17/2014 02:44:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: BITS connection error Type: 150::InternetConnectionFailure.

Error: (10/17/2014 02:37:25 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (10/17/2014 02:35:40 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (10/16/2014 11:34:40 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: BITS connection error Type: 150::InternetConnectionFailure.

Error: (10/16/2014 11:27:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (10/16/2014 11:25:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (10/16/2014 10:14:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: BITS connection error Type: 150::InternetConnectionFailure.


CodeIntegrity Errors:
===================================
  Date: 2013-07-10 19:51:38.769
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-10 19:51:38.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-10 19:51:38.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-09 23:32:53.928
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-09 23:32:53.819
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 3884.48 MB
Available physical RAM: 2125.63 MB
Total Pagefile: 7767.14 MB
Available Pagefile: 5562.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:23.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:327.83 GB) (Free:202.69 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
--- --- ---
#

schrauber 17.10.2014 23:09
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Search App by Ask

    Update for Image Editor


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

FredPerrylol 18.10.2014 03:13
Hallo,
Danke,
hier noch die gmer logfile nach d Anleitung von TB
und als Anhang die logfile von combifix.
Bei "Revo Unistaller" konnte ich allerdings nicht das Programm

"Update für Image Editor"

finden und dementsprechend auch nicht deinstallieren.
LG

#
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-18 01:11:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Scheer\AppData\Local\Temp\ufdiqpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                fffff80003602000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                fffff8000360202f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                              00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\csrss.exe[608] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                              0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\csrss.exe[608] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                              0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                              00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\lsass.exe[764] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                    000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\system32\lsass.exe[764] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                            000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\system32\lsass.exe[764] C:\Windows\system32\lsasrv.dll!LsarLookupSids                                                                  000007fefccbfdf0 7 bytes JMP 000007fefe4f0273
.text    C:\Windows\system32\lsass.exe[764] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                              0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\lsass.exe[764] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                              0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                            00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\svchost.exe[892] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                  000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\system32\svchost.exe[892] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\system32\svchost.exe[892] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\svchost.exe[892] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                            00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\svchost.exe[260] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                  000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\system32\svchost.exe[260] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\system32\svchost.exe[260] C:\Windows\system32\user32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\svchost.exe[260] C:\Windows\system32\user32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                            00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\System32\svchost.exe[616] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                  000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\System32\svchost.exe[616] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\System32\svchost.exe[616] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\System32\svchost.exe[616] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                            00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\System32\svchost.exe[360] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                  000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\System32\svchost.exe[360] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\System32\svchost.exe[360] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\System32\svchost.exe[360] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\svchost.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                            00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\svchost.exe[704] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                  000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\system32\svchost.exe[704] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\system32\svchost.exe[704] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\svchost.exe[704] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                            00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\svchost.exe[468] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                  000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\system32\svchost.exe[468] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\system32\svchost.exe[468] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\svchost.exe[468] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                          00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\svchost.exe[1324] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\system32\svchost.exe[1324] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\system32\svchost.exe[1324] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\svchost.exe[1324] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\System32\spoolsv.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                          00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\System32\spoolsv.exe[1980] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\System32\spoolsv.exe[1980] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\System32\spoolsv.exe[1980] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\System32\spoolsv.exe[1980] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                          00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\svchost.exe[2008] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\system32\svchost.exe[2008] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\system32\svchost.exe[2008] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\svchost.exe[2008] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                          00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\svchost.exe[4484] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\system32\svchost.exe[4484] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                          000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\system32\svchost.exe[4484] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                            0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\svchost.exe[4484] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                            0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000075e81401 2 bytes JMP 76beb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000075e81419 2 bytes JMP 76beb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000075e81431 2 bytes JMP 76c68ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          0000000075e8144a 2 bytes CALL 76bc48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                              * 9
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                            0000000075e814dd 2 bytes JMP 76c687a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      0000000075e814f5 2 bytes JMP 76c68978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                            0000000075e8150d 2 bytes JMP 76c68698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000075e81525 2 bytes JMP 76c68a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            0000000075e8153d 2 bytes JMP 76bdfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                0000000075e81555 2 bytes JMP 76be68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          0000000075e8156d 2 bytes JMP 76c68f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000075e81585 2 bytes JMP 76c68ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                              0000000075e8159d 2 bytes JMP 76c6865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            0000000075e815b5 2 bytes JMP 76bdfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          0000000075e815cd 2 bytes JMP 76beb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      0000000075e816b2 2 bytes JMP 76c68e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      0000000075e816bd 2 bytes JMP 76c685f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075e81401 2 bytes JMP 76beb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075e81419 2 bytes JMP 76beb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075e81431 2 bytes JMP 76c68ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075e8144a 2 bytes CALL 76bc48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                              * 9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17        0000000075e814dd 2 bytes JMP 76c687a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075e814f5 2 bytes JMP 76c68978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17        0000000075e8150d 2 bytes JMP 76c68698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075e81525 2 bytes JMP 76c68a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075e8153d 2 bytes JMP 76bdfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17            0000000075e81555 2 bytes JMP 76be68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075e8156d 2 bytes JMP 76c68f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075e81585 2 bytes JMP 76c68ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17          0000000075e8159d 2 bytes JMP 76c6865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075e815b5 2 bytes JMP 76bdfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075e815cd 2 bytes JMP 76beb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075e816b2 2 bytes JMP 76c68e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075e816bd 2 bytes JMP 76c685f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\system32\csrss.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\csrss.exe[7068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                            00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\csrss.exe[7068] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                              0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\csrss.exe[7068] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                              0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\winlogon.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                  0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\system32\winlogon.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                          00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\system32\winlogon.exe[8512] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                          0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\system32\winlogon.exe[8512] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                          0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Windows\system32\winlogon.exe[8512] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\system32\winlogon.exe[8512] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                        000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\Explorer.EXE[6104] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                            0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Windows\Explorer.EXE[6104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                                  00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Windows\Explorer.EXE[6104] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                                        000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Windows\Explorer.EXE[6104] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                                  000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Windows\Explorer.EXE[6104] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                                    0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Windows\Explorer.EXE[6104] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                                    0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                      0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                        0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                        0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                        0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                  0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                    0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                  0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                      0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                          0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\USER32.dll!CreateWindowExW                          0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                      0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                      0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo              0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                  0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                    0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                        0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\ole32.dll!CoCreateInstance                          0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                0000000075e81401 2 bytes JMP 76beb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                  0000000075e81419 2 bytes JMP 76beb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                0000000075e81431 2 bytes JMP 76c68ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                0000000075e8144a 2 bytes CALL 76bc48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                              * 9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                    0000000075e814dd 2 bytes JMP 76c687a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17            0000000075e814f5 2 bytes JMP 76c68978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                    0000000075e8150d 2 bytes JMP 76c68698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17            0000000075e81525 2 bytes JMP 76c68a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                  0000000075e8153d 2 bytes JMP 76bdfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                        0000000075e81555 2 bytes JMP 76be68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                0000000075e8156d 2 bytes JMP 76c68f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                  0000000075e81585 2 bytes JMP 76c68ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                      0000000075e8159d 2 bytes JMP 76c6865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                  0000000075e815b5 2 bytes JMP 76bdfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                0000000075e815cd 2 bytes JMP 76beb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20            0000000075e816b2 2 bytes JMP 76c68e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31            0000000075e816bd 2 bytes JMP 76c685f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                  0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                    0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                    0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                    0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                            0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                            0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                              0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                              0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                  0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                      0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                              0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                      0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                  0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                  0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                            0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                          0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                    0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                      0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                            0000000075e81401 2 bytes JMP 76beb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                              0000000075e81419 2 bytes JMP 76beb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                            0000000075e81431 2 bytes JMP 76c68ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                            0000000075e8144a 2 bytes CALL 76bc48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                              * 9
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                0000000075e814dd 2 bytes JMP 76c687a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                        0000000075e814f5 2 bytes JMP 76c68978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                0000000075e8150d 2 bytes JMP 76c68698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                        0000000075e81525 2 bytes JMP 76c68a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                              0000000075e8153d 2 bytes JMP 76bdfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                    0000000075e81555 2 bytes JMP 76be68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                            0000000075e8156d 2 bytes JMP 76c68f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                              0000000075e81585 2 bytes JMP 76c68ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                  0000000075e8159d 2 bytes JMP 76c6865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                              0000000075e815b5 2 bytes JMP 76bdfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                            0000000075e815cd 2 bytes JMP 76beb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                        0000000075e816b2 2 bytes JMP 76c68e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[9368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                        0000000075e816bd 2 bytes JMP 76c685f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                    0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                      0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                      0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                      0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                              0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                              0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                  0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                    0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                        0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                        0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                    0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                    0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                              0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                            0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                  0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                      0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[6364] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                        0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                      0000000077177ac0 5 bytes JMP 0000000176f20430
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                              00000000771a2970 8 bytes JMP 0000000176f20501
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5748] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                    000007fefe524a40 6 bytes JMP 000007fffe4f00d1
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5748] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                            000007fefe532150 6 bytes JMP 000007fffe4f0000
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5748] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                              0000000076f3f874 9 bytes JMP 0000000176f206a3
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5748] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                              0000000076f58c20 12 bytes JMP 0000000176f205d2
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW                            0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW                              0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                              0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW                              0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                      0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                      0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                        0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                          0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                        0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                            0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                        0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                          0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                            0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                            0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                      0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe[5988] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                    0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                          0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                            0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                            0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                            0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                    0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                    0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                      0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                        0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                      0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                          0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                              0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                    0000000075e81401 2 bytes JMP 76beb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                      0000000075e81419 2 bytes JMP 76beb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                    0000000075e81431 2 bytes JMP 76c68ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                    0000000075e8144a 2 bytes CALL 76bc48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                              * 9
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                        0000000075e814dd 2 bytes JMP 76c687a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                0000000075e814f5 2 bytes JMP 76c68978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                        0000000075e8150d 2 bytes JMP 76c68698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                0000000075e81525 2 bytes JMP 76c68a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                      0000000075e8153d 2 bytes JMP 76bdfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                            0000000075e81555 2 bytes JMP 76be68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                    0000000075e8156d 2 bytes JMP 76c68f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                      0000000075e81585 2 bytes JMP 76c68ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                          0000000075e8159d 2 bytes JMP 76c6865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                      0000000075e815b5 2 bytes JMP 76bdfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                    0000000075e815cd 2 bytes JMP 76beb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                0000000075e816b2 2 bytes JMP 76c68e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                0000000075e816bd 2 bytes JMP 76c685f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                              0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                          0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                          0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                    0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                  0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                      0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                        0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                            0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3824] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                              0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                              0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                        0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                        0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                          0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                            0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                          0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                              0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                  0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                  0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                              0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                              0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                        0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                      0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                          0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                            0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1916] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                  0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                              0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                        0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                        0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                          0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                            0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                          0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                              0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                  0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                  0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                          0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                            0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                  0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                              0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                              0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                        0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[7700] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                      0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                              0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                              0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                      0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                      0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                        0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                            0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                          0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                              0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                            0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                            0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                        0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                      0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                        0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                          0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7200] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                      0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                        0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                        0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                        0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                  0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                    0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                  0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                      0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                          0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\USER32.dll!CreateWindowExW                          0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                      0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                      0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo              0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                  0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                    0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                        0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6728] C:\Windows\syswow64\ole32.dll!CoCreateInstance                          0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                        0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                          0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                          0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                          0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                  0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                  0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                    0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                      0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                    0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                        0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                            0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                            0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                        0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                        0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                  0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                    0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                      0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                          0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\ExpressGateUtil\VAWinAgent.exe[6152] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                            0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                              0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                        0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                        0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                          0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                            0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                          0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                              0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                  0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                  0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                              0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                              0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                        0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                      0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                          0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                            0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[8292] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                  0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                            0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                              0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                              0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                            0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                    0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                    0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                      0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                          0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                        0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                            0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                              0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                      0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                        0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                              0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                          0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                          0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                      0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                    0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                              0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[8100] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                              0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                  0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                    0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                    0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                    0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx            0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation            0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW              0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW              0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                  0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                      0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\USER32.dll!CreateWindowExW                      0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                  0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                  0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW            0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo          0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList              0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17            0000000075e81401 2 bytes JMP 76beb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17              0000000075e81419 2 bytes JMP 76beb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17            0000000075e81431 2 bytes JMP 76c68ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42            0000000075e8144a 2 bytes CALL 76bc48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                              * 9
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                0000000075e814dd 2 bytes JMP 76c687a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17        0000000075e814f5 2 bytes JMP 76c68978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                0000000075e8150d 2 bytes JMP 76c68698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17        0000000075e81525 2 bytes JMP 76c68a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17              0000000075e8153d 2 bytes JMP 76bdfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                    0000000075e81555 2 bytes JMP 76be68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17            0000000075e8156d 2 bytes JMP 76c68f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17              0000000075e81585 2 bytes JMP 76c68ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                  0000000075e8159d 2 bytes JMP 76c6865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17              0000000075e815b5 2 bytes JMP 76bdfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17            0000000075e815cd 2 bytes JMP 76beb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20        0000000075e816b2 2 bytes JMP 76c68e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31        0000000075e816bd 2 bytes JMP 76c685f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW            0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\kernel32.dll!RegSetValueExW              0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\kernel32.dll!RegSetValueExA              0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW            0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx    0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation    0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW      0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW          0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW        0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW            0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary              0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\USER32.dll!CreateWindowExW              0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA          0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW          0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW      0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo    0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList      0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo        0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075e81401 2 bytes JMP 76beb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075e81419 2 bytes JMP 76beb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075e81431 2 bytes JMP 76c68ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075e8144a 2 bytes CALL 76bc48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                              * 9
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17        0000000075e814dd 2 bytes JMP 76c687a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075e814f5 2 bytes JMP 76c68978 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17        0000000075e8150d 2 bytes JMP 76c68698 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075e81525 2 bytes JMP 76c68a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075e8153d 2 bytes JMP 76bdfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17            0000000075e81555 2 bytes JMP 76be68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075e8156d 2 bytes JMP 76c68f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075e81585 2 bytes JMP 76c68ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17          0000000075e8159d 2 bytes JMP 76c6865c C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075e815b5 2 bytes JMP 76bdfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075e815cd 2 bytes JMP 76beb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075e816b2 2 bytes JMP 76c68e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075e816bd 2 bytes JMP 76c685f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket              0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Users\Scheer\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[6048] C:\Windows\syswow64\ole32.dll!CoCreateInstance              0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                          0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                            0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                            0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                          0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                  0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                  0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                    0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                        0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                      0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                          0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                            0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                            0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                        0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                        0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                    0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                  0000000076b27a5c 5 bytes JMP 0000000173ce42d0
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                    0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                      0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                            0000000074fc5ea5 5 bytes JMP 0000000173ce3a00
.text    C:\Windows\SysWOW64\ACEngSvr.exe[8420] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                            0000000074ff9d0b 5 bytes JMP 0000000173ce3990
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW                                  0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW                                    0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                    0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW                                    0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                            0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                            0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                              0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                              0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                  0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[4536] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                      0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                          0000000076bc1f0e 7 bytes JMP 0000000173ce4b10
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                            0000000076bc5bad 7 bytes JMP 0000000173ce54b0
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                            0000000076bd1409 7 bytes JMP 0000000173ce4e50
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                          0000000076bdea45 7 bytes JMP 0000000173ce4b00
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                  0000000076c68e24 7 bytes JMP 0000000173ce45c0
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                  0000000076c68ea9 5 bytes JMP 0000000173ce4670
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                    0000000076c691ff 5 bytes JMP 0000000173ce45d0
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                        0000000076021d29 5 bytes JMP 0000000173ce4580
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                      0000000076021dd7 5 bytes JMP 0000000173ce4540
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                          0000000076022ab1 5 bytes JMP 0000000173ce4680
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                            0000000076022d17 5 bytes JMP 0000000173ce4360
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                    0000000074f4e96b 5 bytes JMP 0000000173ce3b60
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                      0000000074f4eba5 5 bytes JMP 0000000173ce3b80
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                            0000000076ac8a29 5 bytes JMP 0000000173ce3a40
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                        0000000076ad4572 5 bytes JMP 0000000173ce42e0
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                        0000000076aee567 5 bytes JMP 0000000173ce4350
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                    0000000076b107d7 5 bytes JMP 0000000173ce3850
.text    C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe[5220] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                  0000000076b27a5c 5 bytes JMP 0000000173ce42d0

---- Threads - GMER 2.1 ----

Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3388:3704]                                                        000000006ea76358
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3388:3732]                                                        000000006daef71d
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3388:3776]                                                        000000006daef71d
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3388:3780]                                                        000000006dae5b1a
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3388:688]                                                        000000006ea20b14
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3388:7088]                                                        000000006daef71d

---- EOF - GMER 2.1 ----
--- --- ---
#

schrauber 18.10.2014 15:56
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

FredPerrylol 18.10.2014 18:24
Hallo,
alles klar, für den FAll der Fälle dann noch mal der combifix-Text:

Combofix Logfile:
Code:
ComboFix 14-10-15.01 - Scheer 18.10.2014  3:21.3.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3884.1318 [GMT 2:00]
ausgeführt von:: c:\users\Scheer\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-09-18 bis 2014-10-18  ))))))))))))))))))))))))))))))
.
.
2014-10-18 01:34 . 2014-10-18 01:34        --------        d-----w-        c:\users\Public\AppData\Local\temp
2014-10-18 01:34 . 2014-10-18 01:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-10-18 01:34 . 2014-10-18 01:34        --------        d-----w-        c:\users\beTheFellowBee\AppData\Local\temp
2014-10-17 23:10 . 2014-10-17 23:10        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-10-17 20:04 . 2014-10-17 20:15        --------        d-----w-        C:\FRST
2014-10-17 11:38 . 2014-10-17 11:37        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-16 14:45 . 2014-10-16 14:45        --------        d-----w-        c:\programdata\IsolatedStorage
2014-10-16 14:42 . 2014-10-16 14:42        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-10-15 15:55 . 2014-10-15 15:55        --------        d-----w-        c:\program files (x86)\Microsoft ASP.NET
2014-10-15 09:48 . 2014-09-29 00:58        3198976        ----a-w-        c:\windows\system32\win32k.sys
2014-10-15 09:48 . 2014-06-18 22:23        1943696        ----a-w-        c:\windows\system32\dfshim.dll
2014-10-15 09:48 . 2014-06-18 22:23        156312        ----a-w-        c:\windows\system32\mscorier.dll
2014-10-15 09:48 . 2014-06-18 22:23        156824        ----a-w-        c:\windows\SysWow64\mscorier.dll
2014-10-15 09:48 . 2014-06-18 22:23        1131664        ----a-w-        c:\windows\SysWow64\dfshim.dll
2014-10-15 09:48 . 2014-06-18 22:23        73880        ----a-w-        c:\windows\system32\mscories.dll
2014-10-15 09:48 . 2014-06-18 22:23        81560        ----a-w-        c:\windows\SysWow64\mscories.dll
2014-10-15 09:46 . 2014-10-07 02:54        810680        ----a-w-        c:\program files\Internet Explorer\iexplore.exe
2014-10-15 09:43 . 2014-09-18 02:00        3241472        ----a-w-        c:\windows\system32\msi.dll
2014-10-15 07:39 . 2014-10-15 07:39        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2014-10-15 07:39 . 2014-09-13 20:13        613696        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2014-10-15 07:38 . 2014-10-15 07:38        --------        d-----w-        c:\windows\SysWow64\NV
2014-10-15 07:38 . 2014-10-15 07:38        --------        d-----w-        c:\windows\system32\NV
2014-10-15 01:07 . 2014-09-04 19:14        38048        ----a-w-        c:\windows\system32\drivers\nvvad64v.sys
2014-10-15 01:07 . 2014-09-04 19:14        32416        ----a-w-        c:\windows\SysWow64\nvaudcap32v.dll
2014-10-15 01:03 . 2014-10-15 01:03        --------        d-----w-        c:\users\Scheer\AppData\Local\AskPartnerNetwork
2014-10-09 13:38 . 2014-10-16 14:36        --------        d-----w-        c:\users\Scheer\AppData\Local\Adobe
2014-10-01 09:34 . 2014-09-25 02:08        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-10-01 09:34 . 2014-09-25 01:40        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-09-27 12:01 . 2009-07-14 01:40        84992        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2014-09-24 08:38 . 2014-09-09 22:11        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-24 08:38 . 2014-09-09 21:47        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-09-23 21:23 . 2014-09-23 21:23        3675824        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-22 23:01 . 2014-09-22 23:01        --------        d-----w-        c:\users\Scheer\AppData\Roaming\OpenOffice
2014-09-22 09:00 . 2014-09-22 09:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-09-22 09:00 . 2014-09-22 09:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-09-22 09:00 . 2014-09-22 09:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-09-22 09:00 . 2014-09-22 09:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-09-22 09:00 . 2014-09-22 09:00        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-09-22 09:00 . 2014-09-22 09:00        --------        d-----w-        c:\program files (x86)\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 15:59 . 2010-11-13 16:05        45056        ----a-w-        c:\windows\SysWow64\acovcnt.exe
2014-10-16 15:06 . 2012-06-08 08:43        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-16 15:06 . 2012-05-29 14:32        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 14:40 . 2014-06-04 15:23        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-10-15 15:47 . 2012-05-29 15:29        103265616        ----a-w-        c:\windows\system32\MRT.exe
2014-09-17 14:46 . 2014-06-04 15:23        319912        ----a-w-        c:\windows\system32\javaws.exe
2014-09-17 14:46 . 2014-06-04 15:23        191400        ----a-w-        c:\windows\system32\javaw.exe
2014-09-17 14:46 . 2014-06-04 15:23        190888        ----a-w-        c:\windows\system32\java.exe
2014-09-17 04:51 . 2013-09-05 01:36        1538880        ----a-w-        c:\windows\system32\nvhdagenco6420103.dll
2014-09-17 02:13 . 2014-07-29 18:08        2193560        ----a-w-        c:\windows\SysWow64\nvspcap.dll
2014-09-17 02:13 . 2014-07-29 18:08        1291280        ----a-w-        c:\windows\SysWow64\nvspbridge.dll
2014-09-17 02:12 . 2014-07-29 18:08        2799784        ----a-w-        c:\windows\system32\nvspcap64.dll
2014-09-17 02:12 . 2014-07-29 18:08        1715224        ----a-w-        c:\windows\system32\nvspbridge64.dll
2014-09-13 23:48 . 2014-07-29 18:02        867528        ----a-w-        c:\windows\SysWow64\nvumdshim.dll
2014-09-13 23:48 . 2014-07-29 18:02        2838424        ----a-w-        c:\windows\SysWow64\nvapi.dll
2014-09-13 23:48 . 2014-07-29 18:02        16875856        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2014-09-13 23:48 . 2012-10-08 09:42        984424        ----a-w-        c:\windows\system32\nvumdshimx.dll
2014-09-13 23:48 . 2010-08-16 13:49        3223120        ----a-w-        c:\windows\system32\nvapi64.dll
2014-09-13 23:48 . 2010-08-16 13:49        156840        ----a-w-        c:\windows\SysWow64\nvinit.dll
2014-09-13 21:53 . 2010-08-17 07:06        6890696        ----a-w-        c:\windows\system32\nvcpl.dll
2014-09-13 21:53 . 2010-08-17 07:06        3529872        ----a-w-        c:\windows\system32\nvsvc64.dll
2014-09-13 21:53 . 2010-08-17 07:06        385168        ----a-w-        c:\windows\system32\nvmctray.dll
2014-09-13 21:53 . 2010-08-17 07:06        934216        ----a-w-        c:\windows\system32\nvvsvc.exe
2014-09-13 21:53 . 2010-08-17 07:06        62608        ----a-w-        c:\windows\system32\nvshext.dll
2014-09-13 21:53 . 2010-08-17 07:06        2557640        ----a-w-        c:\windows\system32\nvsvcr.dll
2014-09-13 21:53 . 2010-08-17 07:06        1087688        ----a-w-        c:\windows\system32\nv3dappshext.dll
2014-09-13 21:53 . 2010-08-17 07:06        67072        ----a-w-        c:\windows\system32\nv3dappshextr.dll
2014-09-11 15:37 . 2010-08-17 07:06        3961833        ----a-w-        c:\windows\system32\nvcoproc.bin
2014-09-04 19:14 . 2014-07-29 18:02        34976        ----a-w-        c:\windows\system32\nvaudcap64v.dll
2014-08-23 02:07 . 2014-08-28 11:23        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 11:23        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-14 07:19 . 2012-07-17 12:37        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-01 11:53 . 2014-09-10 23:24        1031168        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-10 23:24        793600        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-07-28 12:52 . 2014-07-28 12:52        6112072        ----a-w-        c:\windows\system32\usbaaplrc.dll
2014-07-28 12:52 . 2014-07-28 12:52        54784        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 12:33 . 2014-07-24 12:33        11336        ----a-w-        c:\windows\system32\drivers\mfeclnrk.sys
2014-07-24 12:32 . 2014-07-24 12:32        96592        ----a-w-        c:\windows\system32\drivers\mfencrk.sys
2014-07-24 12:31 . 2014-07-24 12:31        444720        ----a-w-        c:\windows\system32\drivers\mfencbdc.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-05-29 784392]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\FileHippo.AppManager.exe" [2014-10-03 1435136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-13 2429]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - ufdiqpow
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-16 14:51        1089352        ----a-w-        c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 15:06]
.
2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-13 14:50]
.
2014-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-13 14:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-28 2121320]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-09-17 2799784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Digital Sites - c:\users\Scheer\AppData\Roaming\DIGITA~1\UpdateProc\UpdateTask.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1560831024-780671805-4130521857-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1560831024-780671805-4130521857-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1560831024-780671805-4130521857-1001\Software\SecuROM\License information*]
"datasecu"=hex:dd,2b,4a,3c,11,5e,12,c2,8f,1e,35,18,8b,58,17,08,52,44,7b,f4,e4,
  5b,e6,3f,e7,16,fd,6c,e2,76,89,97,d3,aa,33,99,4f,7d,d5,48,cf,be,7b,30,f7,68,\
"rkeysecu"=hex:09,a8,a3,db,a9,0a,fa,a5,21,60,fc,d0,48,36,d6,6b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-18  03:57:58
ComboFix-quarantined-files.txt  2014-10-18 01:57
.
Vor Suchlauf: 20 Verzeichnis(se), 28.771.315.712 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 28.320.874.496 Bytes frei
.
- - End Of File - - 119F5D2A65AB0E8A73E6713C046A6B21
--- --- ---

weiters folgt in einer Stunde

Malwarebytes

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 18.10.2014
Suchlauf-Zeit: 17:14:45
Logdatei: malwarebytes.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.10.18.05
Rootkit Datenbank: v2014.10.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Scheer

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 379662
Verstrichene Zeit: 29 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 6
PUP.Optional.Babylon.A, HKU\S-1-5-21-1560831024-780671805-4130521857-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [c8651ff74438dd59f88c683770923cc4],
PUP.Optional.Ask.A, HKU\S-1-5-21-1560831024-780671805-4130521857-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, In Quarantäne, [3df0021498e4a98dd0c9dec0a65c32ce],
PUP.Optional.Ask.A, HKU\S-1-5-21-1560831024-780671805-4130521857-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, In Quarantäne, [3df0021498e4a98dd0c9dec0a65c32ce],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1560831024-780671805-4130521857-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [121b6ea82b513204727eb69b59aa946c],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1560831024-780671805-4130521857-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [002d23f3fc80bd797eb9105861a36799],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1560831024-780671805-4130521857-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [092424f282fa5fd793a4c3a529db936d],

Registrierungswerte: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1560831024-780671805-4130521857-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R0DtO0U1C1S1U1StR0J1Q2P1J1K1I2R, In Quarantäne, [002d23f3fc80bd797eb9105861a36799]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1560831024-780671805-4130521857-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, In Quarantäne, [092424f282fa5fd793a4c3a529db936d]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
PUP.Optional.Updater.A, C:\Users\Scheer\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [9895f1251b6189ad7186f316e91aad53],

Dateien: 5
PUP.Optional.Updater.A, C:\Users\Scheer\AppData\Roaming\DigitalSites\UpdateProc\config.dat, In Quarantäne, [9895f1251b6189ad7186f316e91aad53],
PUP.Optional.Updater.A, C:\Users\Scheer\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [9895f1251b6189ad7186f316e91aad53],
PUP.Optional.Updater.A, C:\Users\Scheer\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, In Quarantäne, [9895f1251b6189ad7186f316e91aad53],
PUP.Optional.Updater.A, C:\Users\Scheer\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [9895f1251b6189ad7186f316e91aad53],
PUP.Optional.Updater.A, C:\Users\Scheer\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [9895f1251b6189ad7186f316e91aad53],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

#AdwCleaner Logfile:
Code:
# AdwCleaner v4.000 - Bericht erstellt am 18/10/2014 um 18:26:31
# DB v2014-10-17.9
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Scheer - SCHEER-PC
# Gestartet von : C:\Users\Scheer\Downloads\AdwCleaner_4.000.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Scheer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Scheer\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Scheer\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Scheer\AppData\Roaming\pdfforge

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v38.0.2125.104

Gelöscht [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4E410026C7B10A63&affID=127690&tsp=5196

*************************

AdwCleaner[R0].txt - [1392 octets] - [18/10/2014 18:03:40]
AdwCleaner[S0].txt - [1382 octets] - [18/10/2014 18:26:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1442 octets] ##########
--- --- ---
#

JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Scheer on 18.10.2014 at 18:40:36,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{63859E4C-AD99-499D-986B-22E0CE4D0594}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Scheer\appdata\local\{44E885E7-2186-4DB0-96BB-B6FF798989DB}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.10.2014 at 18:48:47,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Scheer (administrator) on SCHEER-PC on 18-10-2014 19:37:32
Running from C:\Users\beTheFellowBee\Downloads
Loaded Profile: Scheer (Available profiles: Scheer & beTheFellowBee)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(ASUS) C:\Windows\AsScrPro.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\ExpressGateUtil\VAWinAgent.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2185032 2009-10-19] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-11-13] ()
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-04] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1560831024-780671805-4130521857-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1560831024-780671805-4130521857-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [1435136 2014-10-03] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-05-29]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=4E410026C7B10A63&affID=127690&tsp=5196", "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
CHR Profile: C:\Users\Scheer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scheer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-16]
CHR Extension: (Google Wallet) - C:\Users\Scheer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-25] (Fresco Logic)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 18:48 - 2014-10-18 18:48 - 00000882 _____ () C:\Users\Scheer\Desktop\JRT.txt
2014-10-18 18:37 - 2014-10-18 18:37 - 01705698 _____ (Thisisu) C:\Users\Scheer\Downloads\JRT (2).exe
2014-10-18 18:37 - 2014-10-18 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-18 17:59 - 2014-10-18 17:59 - 00003712 _____ () C:\Users\Scheer\Desktop\malwarebytes.txt
2014-10-18 17:57 - 2014-10-18 17:57 - 00003712 _____ () C:\malwarebytes.txt
2014-10-18 17:14 - 2014-10-18 18:26 - 00000000 ____D () C:\AdwCleaner
2014-10-18 17:14 - 2014-10-18 17:14 - 01705698 _____ (Thisisu) C:\Users\Scheer\Downloads\JRT.exe
2014-10-18 17:14 - 2014-10-18 17:14 - 01705698 _____ (Thisisu) C:\Users\Scheer\Downloads\JRT (1).exe
2014-10-18 17:13 - 2014-10-18 17:13 - 01976320 _____ () C:\Users\Scheer\Downloads\AdwCleaner_4.000.exe
2014-10-18 17:10 - 2014-10-18 18:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 17:10 - 2014-10-18 17:10 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-18 17:10 - 2014-10-18 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-18 17:10 - 2014-10-18 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-18 17:10 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-18 17:10 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-18 17:09 - 2014-10-18 17:09 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Scheer\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 17:03 - 2014-10-18 17:03 - 00028349 _____ () C:\Users\beTheFellowBee\Downloads\combifix (1).txt
2014-10-18 17:02 - 2014-10-18 17:03 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\beTheFellowBee\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 13:13 - 2014-10-18 13:13 - 00028349 _____ () C:\Users\beTheFellowBee\Downloads\combifix.txt
2014-10-18 04:01 - 2014-10-18 04:01 - 00028349 _____ () C:\Users\Scheer\Desktop\combifix.txt
2014-10-18 03:58 - 2014-10-18 03:58 - 00028349 _____ () C:\ComboFix.txt
2014-10-18 01:20 - 2014-10-18 03:59 - 00000000 ____D () C:\Qoobox
2014-10-18 01:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-18 01:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-18 01:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-18 01:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-18 01:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-18 01:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-18 01:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-18 01:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-18 01:18 - 2014-10-18 01:19 - 05583559 ____R (Swearware) C:\Users\Scheer\Desktop\ComboFix.exe
2014-10-18 01:11 - 2014-10-18 01:11 - 00116060 _____ () C:\Users\Scheer\Desktop\gmer logfile.log
2014-10-18 01:10 - 2014-10-18 01:10 - 00001266 _____ () C:\Users\Scheer\Desktop\Revo Uninstaller.lnk
2014-10-18 01:10 - 2014-10-18 01:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-18 01:09 - 2014-10-18 01:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Scheer\Downloads\revosetup95.exe
2014-10-17 22:33 - 2014-10-17 22:33 - 00380416 _____ () C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe
2014-10-17 22:08 - 2014-10-17 22:15 - 00030266 _____ () C:\Users\beTheFellowBee\Downloads\Addition.txt
2014-10-17 22:04 - 2014-10-18 19:37 - 00023007 _____ () C:\Users\beTheFellowBee\Downloads\FRST.txt
2014-10-17 22:04 - 2014-10-18 19:37 - 00000000 ____D () C:\FRST
2014-10-17 22:04 - 2014-10-17 22:04 - 02112000 _____ (Farbar) C:\Users\beTheFellowBee\Downloads\FRST64.exe
2014-10-17 22:03 - 2014-10-17 22:03 - 00000474 _____ () C:\Users\beTheFellowBee\Downloads\defogger_disable.log
2014-10-17 22:03 - 2014-10-17 22:03 - 00000000 _____ () C:\Users\Scheer\defogger_reenable
2014-10-17 22:02 - 2014-10-17 22:02 - 00050477 _____ () C:\Users\beTheFellowBee\Downloads\Defogger.exe
2014-10-17 13:38 - 2014-10-17 13:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-16 19:20 - 2014-10-16 19:20 - 31555072 _____ (Secunia) C:\Users\Scheer\Downloads\Opera_25.0.1614.50_SPS.exe
2014-10-16 19:19 - 2014-10-16 19:19 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (6).msi
2014-10-16 18:18 - 2014-10-16 18:18 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (5).msi
2014-10-16 16:50 - 2014-10-16 16:50 - 17703272 _____ (Adobe Systems Inc.) C:\Users\Scheer\Downloads\AdobeAIRInstaller (1).exe
2014-10-16 16:50 - 2014-10-16 16:50 - 00880272 _____ (Google Inc.) C:\Users\Scheer\Downloads\ChromeSetup (4).exe
2014-10-16 16:48 - 2014-10-16 16:48 - 17703272 _____ (Adobe Systems Inc.) C:\Users\Scheer\Downloads\AdobeAIRInstaller.exe
2014-10-16 16:47 - 2014-10-16 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-16 16:46 - 2014-10-16 16:46 - 00771792 _____ ( ) C:\Users\Scheer\Downloads\SandboxieInstall_inst (1).exe
2014-10-16 16:45 - 2014-10-16 16:45 - 00002050 _____ () C:\Users\Scheer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2014-10-16 16:45 - 2014-10-16 16:45 - 00002020 _____ () C:\Users\Scheer\Desktop\FileHippo App Manager.lnk
2014-10-16 16:45 - 2014-10-16 16:45 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-10-16 16:43 - 2014-10-16 16:47 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Scheer\Downloads\SandboxieInstall.exe
2014-10-16 16:41 - 2014-10-16 16:41 - 00000000 ____D () C:\ProgramData\Sun
2014-10-16 16:29 - 2014-10-16 16:31 - 92658088 _____ (Oracle Corporation) C:\Users\Scheer\Downloads\jre-8u25-windows-x64.exe
2014-10-16 16:29 - 2014-10-16 16:30 - 31897256 _____ (Opera Software) C:\Users\Scheer\Downloads\Opera_25.0.1614.50_Setup.exe
2014-10-16 16:29 - 2014-10-16 16:29 - 00771792 _____ ( ) C:\Users\Scheer\Downloads\SandboxieInstall_inst.exe
2014-10-16 16:29 - 2014-10-16 16:29 - 00499976 _____ () C:\Users\Scheer\Downloads\AppManagerSetup_1.44.exe
2014-10-16 16:28 - 2014-10-16 16:28 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (4).msi
2014-10-16 16:06 - 2014-10-16 16:06 - 17882112 _____ (Secunia) C:\Users\Scheer\Downloads\AdobeAir_15.0.0.293_SPS (1).exe
2014-10-16 16:06 - 2014-10-16 16:06 - 03707392 _____ () C:\Users\Scheer\Downloads\msxml6_ia64 (1).msi
2014-10-16 16:06 - 2014-10-16 16:06 - 02617344 _____ () C:\Users\Scheer\Downloads\msxml6_x64 (1).msi
2014-10-16 16:06 - 2014-10-16 16:06 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (3).msi
2014-10-16 15:59 - 2014-10-16 15:59 - 17882112 _____ (Secunia) C:\Users\Scheer\Downloads\AdobeAir_15.0.0.293_SPS.exe
2014-10-15 17:55 - 2014-10-15 17:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-15 11:48 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 11:48 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 11:47 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 11:47 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 11:47 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 11:47 - 2014-08-19 05:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 11:47 - 2014-08-19 05:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 11:47 - 2014-08-19 05:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 11:47 - 2014-08-19 05:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 11:47 - 2014-08-19 05:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 11:47 - 2014-08-19 05:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 11:47 - 2014-08-19 05:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 11:47 - 2014-08-19 05:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 11:47 - 2014-08-19 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 11:47 - 2014-08-19 05:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 11:47 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 11:47 - 2014-08-19 04:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 11:47 - 2014-08-19 04:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 11:47 - 2014-07-07 04:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 11:47 - 2014-07-07 04:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 11:47 - 2014-07-07 04:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 11:47 - 2014-07-07 04:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 11:47 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 11:47 - 2014-07-07 04:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 11:47 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 11:47 - 2014-07-07 04:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 11:47 - 2014-07-07 04:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 11:47 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 11:47 - 2014-07-07 03:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 11:47 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 11:47 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 11:47 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 11:47 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 11:47 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 11:47 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 11:47 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 11:47 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 11:47 - 2014-06-28 02:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 11:47 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 11:47 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 11:46 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 11:46 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 11:46 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 11:46 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 11:46 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 11:46 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 11:46 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 11:46 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 11:46 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 11:46 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 11:46 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 11:46 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 11:46 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 11:46 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 11:46 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 11:46 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 11:46 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 11:46 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 11:46 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 11:46 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 11:46 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 11:46 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 11:46 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 11:46 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 11:46 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 11:46 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 11:46 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 11:46 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 11:46 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 11:46 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 11:46 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 11:46 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 11:46 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 11:46 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 11:46 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 11:46 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 11:46 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 11:46 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 11:46 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 11:46 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 11:46 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 11:46 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 11:46 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 11:46 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 11:46 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 11:46 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 11:46 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 11:46 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 11:46 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 11:46 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 11:46 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 11:46 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 11:46 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 11:46 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 11:46 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 11:46 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 11:43 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 11:43 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 11:43 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 11:43 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 11:43 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 11:43 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 11:43 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 11:43 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 11:43 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 11:43 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 11:43 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 11:43 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 09:39 - 2014-10-15 09:39 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-15 09:39 - 2014-09-13 22:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-15 09:38 - 2014-10-15 09:38 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-10-15 09:38 - 2014-10-15 09:38 - 00000000 ____D () C:\Windows\system32\NV
2014-10-15 09:35 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-10-15 09:35 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-15 09:35 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-10-15 03:07 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-10-15 03:07 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-10-13 13:59 - 2014-10-13 13:59 - 00044962 _____ () C:\Users\beTheFellowBee\Downloads\eBayISAPI.gz
2014-10-13 03:01 - 2014-10-18 15:24 - 00000406 _____ () C:\Users\beTheFellowBee\Desktop\Neues Textdokument (2).txt
2014-10-09 21:08 - 2014-10-10 00:43 - 00002637 _____ () C:\Users\beTheFellowBee\Desktop\Neues Textdokument.txt
2014-10-09 21:08 - 2014-10-09 21:08 - 00000000 ____D () C:\Users\beTheFellowBee\Desktop\Neuer Ordner (2)
2014-10-09 16:03 - 2014-10-09 16:04 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-09 16:03 - 2014-10-09 16:03 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-10-09 15:54 - 2014-10-09 15:54 - 00895120 _____ (Google Inc.) C:\Users\Scheer\Downloads\ChromeSetup (3).exe
2014-10-09 15:53 - 2014-10-09 15:55 - 131105792 _____ (Secunia) C:\Users\Scheer\Downloads\OpenOffice_4.1.1_en-US_SPS.exe
2014-10-09 15:53 - 2014-10-09 15:54 - 01528320 _____ () C:\Users\Scheer\Downloads\msxml6 (2).msi
2014-10-09 15:38 - 2014-10-16 19:21 - 00000924 _____ () C:\Windows\SecuniaPackage.log
2014-10-09 15:38 - 2014-10-16 16:36 - 00000000 ____D () C:\Users\Scheer\AppData\Local\Adobe
2014-10-09 15:37 - 2014-10-09 15:37 - 00895120 _____ (Google Inc.) C:\Users\Scheer\Downloads\ChromeSetup (2).exe
2014-10-09 15:36 - 2014-10-09 15:37 - 17882624 _____ (Secunia) C:\Users\Scheer\Downloads\AdobeAir_15.0.0.249_SPS.exe
2014-10-09 15:36 - 2014-10-09 15:37 - 01528320 _____ () C:\Users\Scheer\Downloads\msxml6 (1).msi
2014-10-09 15:36 - 2014-10-09 15:36 - 04614144 _____ () C:\Users\Scheer\Downloads\msxml6_SDK.msi
2014-10-09 15:36 - 2014-10-09 15:36 - 03753472 _____ () C:\Users\Scheer\Downloads\msxml6_ia64.msi
2014-10-09 15:36 - 2014-10-09 15:36 - 02721280 _____ () C:\Users\Scheer\Downloads\msxml6_x64.msi
2014-10-09 15:36 - 2014-10-09 15:36 - 01528320 _____ () C:\Users\Scheer\Downloads\msxml6.msi
2014-10-07 15:26 - 2014-10-07 15:26 - 00011833 _____ () C:\Users\beTheFellowBee\Downloads\Lands' End GmbH - Zur Erinnerung.html
2014-10-02 12:59 - 2014-10-02 13:00 - 00000000 ____D () C:\Users\beTheFellowBee\Desktop\Neuer Ordner (3)
2014-10-01 11:34 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 11:34 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 01:07 - 2014-09-28 01:07 - 00017659 _____ () C:\Users\beTheFellowBee\AppData\Local\recently-used.xbel
2014-09-24 10:38 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 10:38 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 23:23 - 2014-09-23 23:23 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-23 01:01 - 2014-09-23 01:01 - 00000000 ____D () C:\Users\Scheer\AppData\Roaming\OpenOffice
2014-09-23 00:44 - 2014-09-23 00:44 - 00000000 ____D () C:\Users\Scheer\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2014-09-23 00:37 - 2014-09-23 00:41 - 140852175 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US (1).exe
2014-09-23 00:37 - 2014-09-23 00:40 - 140852175 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-23 00:34 - 2014-09-23 00:37 - 164858324 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de (1).exe
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-22 11:00 - 2014-09-22 11:00 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-22 11:00 - 2014-09-22 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-22 11:00 - 2014-09-22 11:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-19 22:35 - 2014-09-22 01:34 - 00019539 _____ () C:\Users\beTheFellowBee\Desktop\Untitled 1.odt
2014-09-19 22:35 - 2014-09-19 22:35 - 00000000 ____D () C:\Users\Scheer\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-09-19 22:32 - 2014-09-19 22:34 - 164858324 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 19:23 - 2012-08-16 22:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-18 18:55 - 2010-11-13 17:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-18 18:40 - 2013-07-11 17:44 - 00000000 ____D () C:\Windows\ERUNT
2014-10-18 18:36 - 2009-07-14 06:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 18:36 - 2009-07-14 06:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 18:34 - 2010-11-13 18:00 - 00000000 ____D () C:\Program Files\P4G
2014-10-18 18:34 - 2010-11-13 17:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 18:33 - 2010-11-13 18:00 - 00002332 _____ () C:\Windows\system32\ServiceFilter.ini
2014-10-18 18:33 - 2010-11-13 17:04 - 01293259 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 18:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 18:28 - 2010-11-13 17:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-18 18:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 18:28 - 2009-07-14 06:51 - 00377458 _____ () C:\Windows\setupact.log
2014-10-18 18:27 - 2010-11-13 17:40 - 00529998 _____ () C:\Windows\PFRO.log
2014-10-18 17:10 - 2013-07-10 19:43 - 00000000 ____D () C:\Users\Scheer\AppData\Roaming\Malwarebytes
2014-10-18 17:10 - 2013-07-10 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 11:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-18 03:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-18 01:19 - 2013-07-09 23:23 - 00000000 ____D () C:\Windows\erdnt
2014-10-17 22:03 - 2012-05-29 15:47 - 00000000 ____D () C:\Users\Scheer
2014-10-17 16:04 - 2009-08-04 11:51 - 00711546 _____ () C:\Windows\system32\perfh007.dat
2014-10-17 16:04 - 2009-08-04 11:51 - 00153736 _____ () C:\Windows\system32\perfc007.dat
2014-10-17 16:04 - 2009-07-14 07:13 - 01653060 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 19:21 - 2014-06-04 17:20 - 00004046 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1384201802
2014-10-16 19:21 - 2012-05-29 16:25 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-16 19:02 - 2014-05-31 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 17:59 - 2010-11-13 18:05 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-10-16 17:06 - 2012-08-16 22:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-16 17:06 - 2012-06-08 10:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-16 17:06 - 2012-05-29 16:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-16 16:50 - 2010-11-13 17:31 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-16 16:50 - 2010-11-13 17:31 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 16:45 - 2012-05-29 16:29 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-10-16 16:40 - 2014-06-04 17:23 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-16 16:40 - 2014-06-04 17:22 - 00000000 ____D () C:\Program Files\Java
2014-10-16 16:28 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-15 19:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 18:34 - 2012-05-29 16:22 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-15 18:34 - 2009-07-14 06:45 - 00305568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 18:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 18:30 - 2014-05-07 16:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 18:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 17:54 - 2013-08-14 23:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 17:47 - 2012-05-29 17:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 17:46 - 2012-05-30 14:58 - 00004346 _____ () C:\Windows\Sandboxie.ini
2014-10-15 09:39 - 2014-07-29 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-15 09:39 - 2010-11-13 17:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-15 03:09 - 2010-11-13 17:50 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-15 03:03 - 2012-05-29 15:47 - 00069616 _____ () C:\Users\Scheer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-13 13:56 - 2014-07-29 20:08 - 00000000 ____D () C:\Users\beTheFellowBee\AppData\Local\NVIDIA Corporation
2014-10-13 13:56 - 2014-07-29 20:08 - 00000000 ____D () C:\Users\beTheFellowBee\AppData\Local\NVIDIA
2014-10-09 17:45 - 2012-05-30 11:49 - 00069616 _____ () C:\Users\beTheFellowBee\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-09 16:04 - 2013-07-29 19:13 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-10-01 11:11 - 2013-07-10 19:40 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 01:08 - 2013-11-23 17:28 - 00000000 ____D () C:\Users\beTheFellowBee\.gimp-2.8
2014-09-23 00:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-22 11:16 - 2010-11-13 18:00 - 00002416 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-19 01:58 - 2014-07-01 11:52 - 00000000 ____D () C:\Users\beTheFellowBee\Desktop\Umbau Bumsenheim
2014-09-18 21:04 - 2013-05-18 21:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 14:43 - 2014-06-25 16:45 - 00000000 ____D () C:\Users\beTheFellowBee\Desktop\Neuer Ordner

Some content of TEMP:
====================
C:\Users\Scheer\AppData\Local\Temp\Quarantine.exe
C:\Users\Scheer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 00:16

==================== End Of Log ============================
--- --- ---

FredPerrylol 18.10.2014 18:42
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Scheer at 2014-10-18 19:38:16
Running from C:\Users\beTheFellowBee\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D-Viewer-innoplus (HKLM-x32\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.302 - INNOVA-engineering GmbH)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.293 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.40 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4015 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4015 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_N3_Series (HKLM-x32\...\ASUS_N3_Series) (Version: 1.0.0002 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0006 - ASUS)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP250 series Benutzerregistrierung (HKLM-x32\...\Canon MP250 series Benutzerregistrierung) (Version:  - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2609a - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.2609a - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.76.380 - Asus)
ExpressGate Cloud (x32 Version: 2.1.76.380 - Asus) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.6 - ASUS)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fresco Logic USB3.0 Host Controller (HKLM\...\{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}) (Version: 3.0.105.11 - Fresco Logic Inc.)
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKLM-x32\...\{69BDE82E-C14F-3309-9813-E5F4E6111920}) (Version: 65.61.49247 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version:  - Oberon Media Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version:  - Oberon Media Inc.)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel(R) Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Jewel Quest 3 (HKLM-x32\...\Jewel Quest 3) (Version:  - Oberon Media Inc.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Luxor 3 (HKLM-x32\...\Luxor 3) (Version:  - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version:  - Oberon Media Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5942 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 24.0.1558.53 (HKCU\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)
Opera Stable 25.0.1614.50 (HKCU\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version:  - Oberon Media Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6210 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.54000.206 - Sonix)
VA HausDesigner Premium (HKLM-x32\...\VAHausDesignerPremium.Exe) (Version: VA HausDesigner Premium - TRICAD GmbH)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version:  - Oberon Media Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

17-10-2014 11:19:45 McAfee  Vulnerability Scanner
17-10-2014 23:13:53 Revo Uninstaller's restore point - Search App by Ask

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-10-18 01:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {010E47F2-1E11-450B-9C01-E64A2C2BCFA6} - System32\Tasks\{33A56B08-821C-41BE-91DA-E0757A0B6BF6} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
Task: {057B6E30-2EF0-480D-87CE-A1842CD4E456} - System32\Tasks\{068AAA21-0641-41C1-8EAA-0F75EDAA58A7} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {0FAD9CCC-6D64-4ABD-8CA1-A63D08BB8971} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {1BD752A2-F961-4D5F-AE70-BF57C132F6F3} - System32\Tasks\{506CDB96-827C-4455-80CA-5C28799140B7} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {2715573E-9B56-4827-A121-13233C59B3DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-16] (Adobe Systems Incorporated)
Task: {278A6EF8-8137-4B9F-B0EB-A074259E2860} - System32\Tasks\{0EC522C9-12AC-4CC4-AA7E-14DB8E765F8D} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {33B9BA4A-8479-44AD-B11F-3199060A9B9A} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {3EED291C-754F-4163-AABD-9986A5CED9E0} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-08-12] (ASUS)
Task: {405F7652-C710-4A14-ABD3-301651AD8555} - System32\Tasks\{6098EE44-C6B1-4824-8CF5-9399326AAFAC} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {4562B44D-9046-4073-8071-BF24923C91CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E3DCC2D-50A6-4B9E-BBAA-038C0F5AA541} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe
Task: {6F865EEE-93EF-4E3C-AF58-81EFA798B330} - System32\Tasks\{08E77359-8A61-4574-B619-03877F12F806} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {8F5A7594-7B88-4096-894A-F33E91AB4E55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {B4B188EB-FDFA-4E4D-820C-455DF7E3DEF2} - System32\Tasks\{C56502D8-BB5B-438C-B517-CBC10E7761B3} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {B54F92A0-6539-48EE-AC1F-481B374D3DBE} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {D4936DF1-99E0-4299-AE98-2CBBEC279E6D} - System32\Tasks\{FF87EAD2-778A-40BD-8AB4-A0E065A0B2D6} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {D4F9C756-319B-4B2B-A642-018A245B23F0} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {D5827A25-5A4E-4631-AB1D-40F854EA43CA} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2012-03-09] (ASUSTek Computer Inc.)
Task: {DBC594AE-80B1-4F90-AB9B-63D1E37831B9} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {DCEA0B5F-367B-4738-AF31-BFEC3FC2B471} - System32\Tasks\{4CB84E3F-20D6-4B54-9251-67B94C378009} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {E237DCB4-4EA6-43EE-B28F-2FAF891CB8DD} - System32\Tasks\Opera scheduled Autoupdate 1384201802 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E9C5A23A-33BE-46EC-BC3D-11D816C2E6E5} - System32\Tasks\{75584341-387B-4507-B002-6FE4A73EAB8D} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {F8AF292A-8587-4F12-A219-D2BFA73F71D8} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 19:21 - 2010-03-05 19:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-05-21 12:22 - 2014-05-21 12:22 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2010-08-21 04:47 - 2010-08-21 04:47 - 00077312 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-03-16 03:48 - 2010-03-16 03:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-03-05 19:21 - 2010-03-05 19:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-04-10 17:40 - 2011-04-10 17:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-13 17:14 - 2010-04-06 08:29 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-10-03 10:08 - 2014-10-03 10:08 - 01435136 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2010-08-13 03:52 - 2010-08-13 03:52 - 00021504 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2010-09-23 17:53 - 2010-09-23 17:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2012-10-13 14:09 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-15 02:11 - 2010-07-15 02:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-11-13 18:00 - 2007-11-30 21:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-04-02 19:21 - 2008-09-30 23:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-11-13 17:34 - 2010-11-13 17:34 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-11-13 17:34 - 2010-11-13 17:34 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-13 03:52 - 2010-08-13 03:52 - 00151552 _____ () C:\ExpressGateUtil\libexpat.dll
2010-08-13 03:52 - 2010-08-13 03:52 - 00057344 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2014-07-29 20:02 - 2014-09-14 01:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2009-11-03 00:20 - 2009-11-03 00:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-03 00:23 - 2009-11-03 00:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-07-01 12:21 - 2010-07-01 12:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2014-10-16 16:51 - 2014-10-10 04:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-16 16:51 - 2014-10-10 04:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-16 16:51 - 2014-10-10 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-16 16:51 - 2014-10-10 04:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-16 16:51 - 2014-10-10 04:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-1560831024-780671805-4130521857-500 - Administrator - Disabled)
beTheFellowBee (S-1-5-21-1560831024-780671805-4130521857-1002 - Limited - Enabled) => C:\Users\beTheFellowBee
Gast (S-1-5-21-1560831024-780671805-4130521857-501 - Limited - Disabled)
Scheer (S-1-5-21-1560831024-780671805-4130521857-1001 - Administrator - Enabled) => C:\Users\Scheer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/18/2014 07:20:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-18 01:35:12.484
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-18 01:35:12.421
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-18 01:35:12.343
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-18 01:35:12.265
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-10 19:51:38.769
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-10 19:51:38.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-10 19:51:38.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-09 23:32:53.928
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-09 23:32:53.819
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 60%
Total physical RAM: 3884.48 MB
Available physical RAM: 1546.53 MB
Total Pagefile: 7767.14 MB
Available Pagefile: 4767.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:25.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:327.83 GB) (Free:202.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=327.8 GB) - (Type=OF Extended)

==================== End Of Log ============================
Viele Grüße
Tim

schrauber 19.10.2014 08:55

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

FredPerrylol 19.10.2014 15:06
Hallo Schrauber, und Danke schonmal;

ich habe im Moment noch Schwierigkeiten, den ESET auszuführen, es kommt beim Herunterladen der DAtenbank die Fehlermeldung 2002. Aber ich versuche es nochmal (es dauert immer etwas lange).

Die installiere ANti-Maleware-Software hat mir heute Morgen beim Öffnen von Windows eine Trojanerwarnung für die DAtei combofix.exer gegeben:
combofix.exe wäre mit " TROJAN.AGENT.ED " belastet.

Ansonsten denke ich soweit, dass es mittlerweile schon etwas schneller geht. :)


VG
Timo

Hallo, 17h: ESET meldetjetzt: Updates funktionieren nicht! Ist ein Proxy eingerichtet?--- :(

schrauber 20.10.2014 07:41
Lass ESET weg und mach nen Vollscan mit deinem AV Programm. Dann den Rest von oben.

FredPerrylol 20.10.2014 12:01
Der ESET hat zwar mehrere Anläufe gebraucht, habe ihn aber gestern NAcht durchlaufen lassen mit folgendem Ergebins
(Funde wurde nicht entfernt):

Code:
C:\AdwCleaner\Quarantine\C\Users\Scheer\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir        Win32/InstallCore.AZ evtl. unerwünschte Anwendung
C:\Users\beTheFellowBee\Downloads\backups\backup-20130626-185253-639.dll        Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung
C:\Users\Scheer\Desktop\ZipOpenerSetup.exe        Win32/InstallCore.GB evtl. unerwünschte Anwendung
C:\Users\Scheer\Downloads\SandboxieInstall_inst (1).exe        Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung
C:\Users\Scheer\Downloads\SandboxieInstall_inst.exe        Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung
D:\Videos Desktop User FellowBee\Bew\ImageEditorSetup.exe        Win32/InstallCore.BN evtl. unerwünschte Anwendung
Security Check:

Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
McAfee Anti-Virus und Anti-Spyware 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (2.0.0.4003) 
 Java 8 Update 25 
 Java version out of Date!
 Adobe Flash Player 15.0.0.189 
 Adobe Reader XI 
 Google Chrome 38.0.2125.101 
 Google Chrome 38.0.2125.104 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
frisches FRST Log:

#
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
Ran by Scheer (administrator) on SCHEER-PC on 20-10-2014 10:15:05
Running from C:\Users\beTheFellowBee\Downloads
Loaded Profile: Scheer (Available profiles: Scheer & beTheFellowBee)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2185032 2009-10-19] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-11-13] ()
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-04] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1560831024-780671805-4130521857-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1560831024-780671805-4130521857-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [1435136 2014-10-03] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-05-29]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=4E410026C7B10A63&affID=127690&tsp=5196", "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
CHR Profile: C:\Users\Scheer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scheer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-16]
CHR Extension: (Google Wallet) - C:\Users\Scheer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-25] (Fresco Logic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 10:14 - 2014-10-20 10:14 - 00000000 ____D () C:\Users\beTheFellowBee\Downloads\FRST-OlderVersion
2014-10-20 10:13 - 2014-10-20 10:13 - 00001002 _____ () C:\Users\Scheer\Desktop\checkup.txt
2014-10-20 10:09 - 2014-10-20 10:09 - 00854417 _____ () C:\Users\Scheer\Desktop\SecurityCheck.exe
2014-10-20 09:34 - 2014-10-20 09:34 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-20 09:34 - 2014-10-20 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-20 09:33 - 2014-10-20 09:34 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-20 09:33 - 2014-10-20 09:34 - 00000000 ____D () C:\Program Files\iTunes
2014-10-20 09:33 - 2014-10-20 09:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-20 09:33 - 2014-10-20 09:33 - 00000000 ____D () C:\Program Files\iPod
2014-10-19 23:21 - 2014-10-19 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-19 21:18 - 2014-10-19 21:18 - 02347384 _____ (ESET) C:\Users\Scheer\Desktop\esetsmartinstaller_deu (1).exe
2014-10-19 19:55 - 2014-10-20 09:25 - 00000733 _____ () C:\Users\Scheer\Desktop\eset.txt
2014-10-19 16:01 - 2014-10-19 16:02 - 02347384 _____ (ESET) C:\Users\Scheer\Desktop\esetsmartinstaller_deu.exe
2014-10-19 15:49 - 2014-10-19 16:01 - 01406687 _____ () C:\Users\Scheer\Downloads\esetsmartinstaller_deu (2).exe
2014-10-19 15:48 - 2014-10-19 15:53 - 02347384 _____ (ESET) C:\Users\Scheer\Downloads\esetsmartinstaller_deu (1).exe
2014-10-19 14:27 - 2014-10-19 14:27 - 02347384 _____ (ESET) C:\Users\Scheer\Downloads\esetsmartinstaller_deu.exe
2014-10-19 14:27 - 2014-10-19 14:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-19 14:18 - 2014-10-19 14:18 - 02347384 _____ (ESET) C:\Users\beTheFellowBee\Downloads\esetsmartinstaller_deu.exe
2014-10-19 14:16 - 2014-10-19 14:16 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-10-18 18:48 - 2014-10-18 18:48 - 00000882 _____ () C:\Users\Scheer\Desktop\JRT.txt
2014-10-18 18:37 - 2014-10-18 18:37 - 01705698 _____ (Thisisu) C:\Users\Scheer\Downloads\JRT (2).exe
2014-10-18 17:59 - 2014-10-18 17:59 - 00003712 _____ () C:\Users\Scheer\Desktop\malwarebytes.txt
2014-10-18 17:57 - 2014-10-18 17:57 - 00003712 _____ () C:\malwarebytes.txt
2014-10-18 17:14 - 2014-10-18 18:26 - 00000000 ____D () C:\AdwCleaner
2014-10-18 17:14 - 2014-10-18 17:14 - 01705698 _____ (Thisisu) C:\Users\Scheer\Downloads\JRT.exe
2014-10-18 17:14 - 2014-10-18 17:14 - 01705698 _____ (Thisisu) C:\Users\Scheer\Downloads\JRT (1).exe
2014-10-18 17:13 - 2014-10-18 17:13 - 01976320 _____ () C:\Users\Scheer\Downloads\AdwCleaner_4.000.exe
2014-10-18 17:10 - 2014-10-20 06:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 17:10 - 2014-10-18 17:10 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-18 17:10 - 2014-10-18 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-18 17:10 - 2014-10-18 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-18 17:10 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-18 17:10 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-18 17:09 - 2014-10-18 17:09 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Scheer\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 17:03 - 2014-10-18 17:03 - 00028349 _____ () C:\Users\beTheFellowBee\Downloads\combifix (1).txt
2014-10-18 17:02 - 2014-10-18 17:03 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\beTheFellowBee\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 13:13 - 2014-10-18 13:13 - 00028349 _____ () C:\Users\beTheFellowBee\Downloads\combifix.txt
2014-10-18 04:01 - 2014-10-18 04:01 - 00028349 _____ () C:\Users\Scheer\Desktop\combifix.txt
2014-10-18 03:58 - 2014-10-18 03:58 - 00028349 _____ () C:\ComboFix.txt
2014-10-18 01:20 - 2014-10-18 03:59 - 00000000 ____D () C:\Qoobox
2014-10-18 01:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-18 01:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-18 01:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-18 01:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-18 01:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-18 01:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-18 01:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-18 01:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-18 01:18 - 2014-10-18 01:19 - 05583559 ____R (Swearware) C:\Users\Scheer\Desktop\ComboFix.exe
2014-10-18 01:11 - 2014-10-18 01:11 - 00116060 _____ () C:\Users\Scheer\Desktop\gmer logfile.log
2014-10-18 01:10 - 2014-10-18 01:10 - 00001266 _____ () C:\Users\Scheer\Desktop\Revo Uninstaller.lnk
2014-10-18 01:10 - 2014-10-18 01:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-18 01:09 - 2014-10-18 01:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Scheer\Downloads\revosetup95.exe
2014-10-17 22:33 - 2014-10-17 22:33 - 00380416 _____ () C:\Users\beTheFellowBee\Downloads\Gmer-19357.exe
2014-10-17 22:08 - 2014-10-18 19:39 - 00034905 _____ () C:\Users\beTheFellowBee\Downloads\Addition.txt
2014-10-17 22:04 - 2014-10-20 10:15 - 00023135 _____ () C:\Users\beTheFellowBee\Downloads\FRST.txt
2014-10-17 22:04 - 2014-10-20 10:15 - 00000000 ____D () C:\FRST
2014-10-17 22:04 - 2014-10-20 10:14 - 02111488 _____ (Farbar) C:\Users\beTheFellowBee\Downloads\FRST64.exe
2014-10-17 22:03 - 2014-10-17 22:03 - 00000474 _____ () C:\Users\beTheFellowBee\Downloads\defogger_disable.log
2014-10-17 22:03 - 2014-10-17 22:03 - 00000000 _____ () C:\Users\Scheer\defogger_reenable
2014-10-17 22:02 - 2014-10-17 22:02 - 00050477 _____ () C:\Users\beTheFellowBee\Downloads\Defogger.exe
2014-10-17 13:38 - 2014-10-17 13:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-16 19:20 - 2014-10-16 19:20 - 31555072 _____ (Secunia) C:\Users\Scheer\Downloads\Opera_25.0.1614.50_SPS.exe
2014-10-16 19:19 - 2014-10-16 19:19 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (6).msi
2014-10-16 18:18 - 2014-10-16 18:18 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (5).msi
2014-10-16 16:50 - 2014-10-16 16:50 - 17703272 _____ (Adobe Systems Inc.) C:\Users\Scheer\Downloads\AdobeAIRInstaller (1).exe
2014-10-16 16:50 - 2014-10-16 16:50 - 00880272 _____ (Google Inc.) C:\Users\Scheer\Downloads\ChromeSetup (4).exe
2014-10-16 16:48 - 2014-10-16 16:48 - 17703272 _____ (Adobe Systems Inc.) C:\Users\Scheer\Downloads\AdobeAIRInstaller.exe
2014-10-16 16:47 - 2014-10-16 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-16 16:46 - 2014-10-16 16:46 - 00771792 _____ ( ) C:\Users\Scheer\Downloads\SandboxieInstall_inst (1).exe
2014-10-16 16:45 - 2014-10-16 16:45 - 00002050 _____ () C:\Users\Scheer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2014-10-16 16:45 - 2014-10-16 16:45 - 00002020 _____ () C:\Users\Scheer\Desktop\FileHippo App Manager.lnk
2014-10-16 16:45 - 2014-10-16 16:45 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-10-16 16:43 - 2014-10-16 16:47 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Scheer\Downloads\SandboxieInstall.exe
2014-10-16 16:41 - 2014-10-16 16:41 - 00000000 ____D () C:\ProgramData\Sun
2014-10-16 16:29 - 2014-10-16 16:31 - 92658088 _____ (Oracle Corporation) C:\Users\Scheer\Downloads\jre-8u25-windows-x64.exe
2014-10-16 16:29 - 2014-10-16 16:30 - 31897256 _____ (Opera Software) C:\Users\Scheer\Downloads\Opera_25.0.1614.50_Setup.exe
2014-10-16 16:29 - 2014-10-16 16:29 - 00771792 _____ ( ) C:\Users\Scheer\Downloads\SandboxieInstall_inst.exe
2014-10-16 16:29 - 2014-10-16 16:29 - 00499976 _____ () C:\Users\Scheer\Downloads\AppManagerSetup_1.44.exe
2014-10-16 16:28 - 2014-10-16 16:28 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (4).msi
2014-10-16 16:06 - 2014-10-16 16:06 - 17882112 _____ (Secunia) C:\Users\Scheer\Downloads\AdobeAir_15.0.0.293_SPS (1).exe
2014-10-16 16:06 - 2014-10-16 16:06 - 03707392 _____ () C:\Users\Scheer\Downloads\msxml6_ia64 (1).msi
2014-10-16 16:06 - 2014-10-16 16:06 - 02617344 _____ () C:\Users\Scheer\Downloads\msxml6_x64 (1).msi
2014-10-16 16:06 - 2014-10-16 16:06 - 01488384 _____ () C:\Users\Scheer\Downloads\msxml6 (3).msi
2014-10-16 15:59 - 2014-10-16 15:59 - 17882112 _____ (Secunia) C:\Users\Scheer\Downloads\AdobeAir_15.0.0.293_SPS.exe
2014-10-15 17:55 - 2014-10-15 17:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-15 11:48 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 11:48 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 11:48 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 11:47 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 11:47 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 11:47 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 11:47 - 2014-08-19 05:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 11:47 - 2014-08-19 05:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 11:47 - 2014-08-19 05:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 11:47 - 2014-08-19 05:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 11:47 - 2014-08-19 05:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 11:47 - 2014-08-19 05:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 11:47 - 2014-08-19 05:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 11:47 - 2014-08-19 05:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 11:47 - 2014-08-19 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 11:47 - 2014-08-19 05:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 11:47 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 11:47 - 2014-08-19 04:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 11:47 - 2014-08-19 04:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 11:47 - 2014-07-07 04:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 11:47 - 2014-07-07 04:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 11:47 - 2014-07-07 04:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 11:47 - 2014-07-07 04:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 11:47 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 11:47 - 2014-07-07 04:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 11:47 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 11:47 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 11:47 - 2014-07-07 04:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 11:47 - 2014-07-07 04:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 11:47 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 11:47 - 2014-07-07 03:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 11:47 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 11:47 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 11:47 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 11:47 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 11:47 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 11:47 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 11:47 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 11:47 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 11:47 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 11:47 - 2014-06-28 02:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 11:47 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 11:47 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 11:46 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 11:46 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 11:46 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 11:46 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 11:46 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 11:46 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 11:46 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 11:46 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 11:46 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 11:46 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 11:46 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 11:46 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 11:46 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 11:46 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 11:46 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 11:46 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 11:46 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 11:46 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 11:46 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 11:46 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 11:46 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 11:46 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 11:46 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 11:46 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 11:46 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 11:46 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 11:46 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 11:46 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 11:46 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 11:46 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 11:46 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 11:46 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 11:46 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 11:46 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 11:46 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 11:46 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 11:46 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 11:46 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 11:46 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 11:46 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 11:46 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 11:46 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 11:46 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 11:46 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 11:46 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 11:46 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 11:46 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 11:46 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 11:46 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 11:46 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 11:46 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 11:46 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 11:46 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 11:46 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 11:46 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 11:46 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 11:43 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 11:43 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 11:43 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 11:43 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 11:43 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 11:43 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 11:43 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 11:43 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 11:43 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 11:43 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 11:43 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 11:43 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 11:43 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 11:43 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 09:39 - 2014-10-15 09:39 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-15 09:39 - 2014-09-13 22:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-15 09:38 - 2014-10-15 09:38 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-10-15 09:38 - 2014-10-15 09:38 - 00000000 ____D () C:\Windows\system32\NV
2014-10-15 09:35 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-10-15 09:35 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-15 09:35 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-15 09:35 - 2014-09-14 01:48 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-10-15 03:07 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-10-15 03:07 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-10-13 13:59 - 2014-10-13 13:59 - 00044962 _____ () C:\Users\beTheFellowBee\Downloads\eBayISAPI.gz
2014-10-13 03:01 - 2014-10-18 15:24 - 00000406 _____ () C:\Users\beTheFellowBee\Desktop\Neues Textdokument (2).txt
2014-10-09 21:08 - 2014-10-10 00:43 - 00002637 _____ () C:\Users\beTheFellowBee\Desktop\Neues Textdokument.txt
2014-10-09 21:08 - 2014-10-09 21:08 - 00000000 ____D () C:\Users\beTheFellowBee\Desktop\Neuer Ordner (2)
2014-10-09 16:03 - 2014-10-09 16:04 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-09 16:03 - 2014-10-09 16:03 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-10-09 15:54 - 2014-10-09 15:54 - 00895120 _____ (Google Inc.) C:\Users\Scheer\Downloads\ChromeSetup (3).exe
2014-10-09 15:53 - 2014-10-09 15:55 - 131105792 _____ (Secunia) C:\Users\Scheer\Downloads\OpenOffice_4.1.1_en-US_SPS.exe
2014-10-09 15:53 - 2014-10-09 15:54 - 01528320 _____ () C:\Users\Scheer\Downloads\msxml6 (2).msi
2014-10-09 15:38 - 2014-10-16 19:21 - 00000924 _____ () C:\Windows\SecuniaPackage.log
2014-10-09 15:38 - 2014-10-16 16:36 - 00000000 ____D () C:\Users\Scheer\AppData\Local\Adobe
2014-10-09 15:37 - 2014-10-09 15:37 - 00895120 _____ (Google Inc.) C:\Users\Scheer\Downloads\ChromeSetup (2).exe
2014-10-09 15:36 - 2014-10-09 15:37 - 17882624 _____ (Secunia) C:\Users\Scheer\Downloads\AdobeAir_15.0.0.249_SPS.exe
2014-10-09 15:36 - 2014-10-09 15:37 - 01528320 _____ () C:\Users\Scheer\Downloads\msxml6 (1).msi
2014-10-09 15:36 - 2014-10-09 15:36 - 04614144 _____ () C:\Users\Scheer\Downloads\msxml6_SDK.msi
2014-10-09 15:36 - 2014-10-09 15:36 - 03753472 _____ () C:\Users\Scheer\Downloads\msxml6_ia64.msi
2014-10-09 15:36 - 2014-10-09 15:36 - 02721280 _____ () C:\Users\Scheer\Downloads\msxml6_x64.msi
2014-10-09 15:36 - 2014-10-09 15:36 - 01528320 _____ () C:\Users\Scheer\Downloads\msxml6.msi
2014-10-07 15:26 - 2014-10-07 15:26 - 00011833 _____ () C:\Users\beTheFellowBee\Downloads\Lands' End GmbH - Zur Erinnerung.html
2014-10-02 12:59 - 2014-10-02 13:00 - 00000000 ____D () C:\Users\beTheFellowBee\Desktop\Neuer Ordner (3)
2014-10-01 11:34 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 11:34 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 01:07 - 2014-09-28 01:07 - 00017659 _____ () C:\Users\beTheFellowBee\AppData\Local\recently-used.xbel
2014-09-24 10:38 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 10:38 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 23:23 - 2014-09-23 23:23 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-23 01:01 - 2014-09-23 01:01 - 00000000 ____D () C:\Users\Scheer\AppData\Roaming\OpenOffice
2014-09-23 00:44 - 2014-09-23 00:44 - 00000000 ____D () C:\Users\Scheer\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2014-09-23 00:37 - 2014-09-23 00:41 - 140852175 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US (1).exe
2014-09-23 00:37 - 2014-09-23 00:40 - 140852175 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-23 00:34 - 2014-09-23 00:37 - 164858324 _____ () C:\Users\beTheFellowBee\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de (1).exe
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-22 11:00 - 2014-09-22 11:00 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-22 11:00 - 2014-09-22 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-22 11:00 - 2014-09-22 11:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 09:55 - 2010-11-13 17:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 09:33 - 2014-09-15 08:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-20 09:33 - 2014-01-01 02:56 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-20 09:26 - 2010-11-13 17:04 - 01336522 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 09:23 - 2012-08-16 22:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 20:23 - 2009-07-14 06:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 20:23 - 2009-07-14 06:45 - 00018832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 20:14 - 2010-11-13 18:05 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-10-19 20:14 - 2010-11-13 18:00 - 00000000 ____D () C:\Program Files\P4G
2014-10-19 20:14 - 2010-11-13 17:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-19 20:14 - 2010-11-13 17:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 20:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 20:14 - 2009-07-14 06:51 - 00377962 _____ () C:\Windows\setupact.log
2014-10-19 14:35 - 2009-08-04 11:51 - 00711546 _____ () C:\Windows\system32\perfh007.dat
2014-10-19 14:35 - 2009-08-04 11:51 - 00153736 _____ () C:\Windows\system32\perfc007.dat
2014-10-19 14:35 - 2009-07-14 07:13 - 01653060 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 12:22 - 2012-05-30 14:58 - 00004346 _____ () C:\Windows\Sandboxie.ini
2014-10-18 18:40 - 2013-07-11 17:44 - 00000000 ____D () C:\Windows\ERUNT
2014-10-18 18:33 - 2010-11-13 18:00 - 00002332 _____ () C:\Windows\system32\ServiceFilter.ini
2014-10-18 18:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 18:27 - 2010-11-13 17:40 - 00529998 _____ () C:\Windows\PFRO.log
2014-10-18 17:10 - 2013-07-10 19:43 - 00000000 ____D () C:\Users\Scheer\AppData\Roaming\Malwarebytes
2014-10-18 17:10 - 2013-07-10 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 11:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-18 03:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-18 01:19 - 2013-07-09 23:23 - 00000000 ____D () C:\Windows\erdnt
2014-10-17 22:03 - 2012-05-29 15:47 - 00000000 ____D () C:\Users\Scheer
2014-10-16 19:21 - 2014-06-04 17:20 - 00004046 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1384201802
2014-10-16 19:21 - 2012-05-29 16:25 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-16 19:02 - 2014-05-31 23:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 17:06 - 2012-08-16 22:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-16 17:06 - 2012-06-08 10:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-16 17:06 - 2012-05-29 16:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-16 16:50 - 2010-11-13 17:31 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-16 16:50 - 2010-11-13 17:31 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 16:45 - 2012-05-29 16:29 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-10-16 16:40 - 2014-06-04 17:23 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-16 16:40 - 2014-06-04 17:22 - 00000000 ____D () C:\Program Files\Java
2014-10-16 16:28 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-15 19:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 18:34 - 2012-05-29 16:22 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-15 18:34 - 2009-07-14 06:45 - 00305568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 18:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 18:30 - 2014-05-07 16:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 18:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 17:54 - 2013-08-14 23:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 17:47 - 2012-05-29 17:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 09:39 - 2014-07-29 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-15 09:39 - 2010-11-13 17:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-15 03:09 - 2010-11-13 17:50 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-15 03:03 - 2012-05-29 15:47 - 00069616 _____ () C:\Users\Scheer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-13 13:56 - 2014-07-29 20:08 - 00000000 ____D () C:\Users\beTheFellowBee\AppData\Local\NVIDIA Corporation
2014-10-13 13:56 - 2014-07-29 20:08 - 00000000 ____D () C:\Users\beTheFellowBee\AppData\Local\NVIDIA
2014-10-09 17:45 - 2012-05-30 11:49 - 00069616 _____ () C:\Users\beTheFellowBee\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-09 16:04 - 2013-07-29 19:13 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-10-01 11:11 - 2013-07-10 19:40 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 01:08 - 2013-11-23 17:28 - 00000000 ____D () C:\Users\beTheFellowBee\.gimp-2.8
2014-09-23 00:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-22 11:16 - 2010-11-13 18:00 - 00002416 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-22 01:34 - 2014-09-19 22:35 - 00019539 _____ () C:\Users\beTheFellowBee\Desktop\Untitled 1.odt

Some content of TEMP:
====================
C:\Users\Scheer\AppData\Local\Temp\Quarantine.exe
C:\Users\Scheer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 00:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---
#

FRST ADdition log:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014
Ran by Scheer at 2014-10-20 10:16:00
Running from C:\Users\beTheFellowBee\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D-Viewer-innoplus (HKLM-x32\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.302 - INNOVA-engineering GmbH)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.293 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.40 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4015 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4015 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_N3_Series (HKLM-x32\...\ASUS_N3_Series) (Version: 1.0.0002 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0006 - ASUS)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP250 series Benutzerregistrierung (HKLM-x32\...\Canon MP250 series Benutzerregistrierung) (Version:  - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2609a - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.2609a - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.76.380 - Asus)
ExpressGate Cloud (x32 Version: 2.1.76.380 - Asus) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.6 - ASUS)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fresco Logic USB3.0 Host Controller (HKLM\...\{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}) (Version: 3.0.105.11 - Fresco Logic Inc.)
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKLM-x32\...\{69BDE82E-C14F-3309-9813-E5F4E6111920}) (Version: 65.61.49247 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version:  - Oberon Media Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version:  - Oberon Media Inc.)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel(R) Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Jewel Quest 3 (HKLM-x32\...\Jewel Quest 3) (Version:  - Oberon Media Inc.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Luxor 3 (HKLM-x32\...\Luxor 3) (Version:  - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version:  - Oberon Media Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5942 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 24.0.1558.53 (HKCU\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)
Opera Stable 25.0.1614.50 (HKCU\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version:  - Oberon Media Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6210 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.54000.206 - Sonix)
VA HausDesigner Premium (HKLM-x32\...\VAHausDesignerPremium.Exe) (Version: VA HausDesigner Premium - TRICAD GmbH)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version:  - Oberon Media Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-10-18 01:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {010E47F2-1E11-450B-9C01-E64A2C2BCFA6} - System32\Tasks\{33A56B08-821C-41BE-91DA-E0757A0B6BF6} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
Task: {057B6E30-2EF0-480D-87CE-A1842CD4E456} - System32\Tasks\{068AAA21-0641-41C1-8EAA-0F75EDAA58A7} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {0FAD9CCC-6D64-4ABD-8CA1-A63D08BB8971} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {1BD752A2-F961-4D5F-AE70-BF57C132F6F3} - System32\Tasks\{506CDB96-827C-4455-80CA-5C28799140B7} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {2715573E-9B56-4827-A121-13233C59B3DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-16] (Adobe Systems Incorporated)
Task: {278A6EF8-8137-4B9F-B0EB-A074259E2860} - System32\Tasks\{0EC522C9-12AC-4CC4-AA7E-14DB8E765F8D} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {33B9BA4A-8479-44AD-B11F-3199060A9B9A} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {3EED291C-754F-4163-AABD-9986A5CED9E0} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-08-12] (ASUS)
Task: {405F7652-C710-4A14-ABD3-301651AD8555} - System32\Tasks\{6098EE44-C6B1-4824-8CF5-9399326AAFAC} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {4562B44D-9046-4073-8071-BF24923C91CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E3DCC2D-50A6-4B9E-BBAA-038C0F5AA541} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe
Task: {6F865EEE-93EF-4E3C-AF58-81EFA798B330} - System32\Tasks\{08E77359-8A61-4574-B619-03877F12F806} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {8F5A7594-7B88-4096-894A-F33E91AB4E55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {B4B188EB-FDFA-4E4D-820C-455DF7E3DEF2} - System32\Tasks\{C56502D8-BB5B-438C-B517-CBC10E7761B3} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {B54F92A0-6539-48EE-AC1F-481B374D3DBE} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {D4936DF1-99E0-4299-AE98-2CBBEC279E6D} - System32\Tasks\{FF87EAD2-778A-40BD-8AB4-A0E065A0B2D6} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {D4F9C756-319B-4B2B-A642-018A245B23F0} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {D5827A25-5A4E-4631-AB1D-40F854EA43CA} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2012-03-09] (ASUSTek Computer Inc.)
Task: {DBC594AE-80B1-4F90-AB9B-63D1E37831B9} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {DCEA0B5F-367B-4738-AF31-BFEC3FC2B471} - System32\Tasks\{4CB84E3F-20D6-4B54-9251-67B94C378009} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {E237DCB4-4EA6-43EE-B28F-2FAF891CB8DD} - System32\Tasks\Opera scheduled Autoupdate 1384201802 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {E9C5A23A-33BE-46EC-BC3D-11D816C2E6E5} - System32\Tasks\{75584341-387B-4507-B002-6FE4A73EAB8D} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {F8AF292A-8587-4F12-A219-D2BFA73F71D8} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-10-13 14:09 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-03-05 19:21 - 2010-03-05 19:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-05-21 12:22 - 2014-05-21 12:22 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2010-11-13 18:00 - 2007-11-30 21:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-07-15 02:11 - 2010-07-15 02:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-04-02 19:21 - 2008-09-30 23:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-11-13 17:34 - 2010-11-13 17:34 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-11-13 17:34 - 2010-11-13 17:34 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-08-21 04:47 - 2010-08-21 04:47 - 00077312 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-03-16 03:48 - 2010-03-16 03:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-03-05 19:21 - 2010-03-05 19:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-04-10 17:40 - 2011-04-10 17:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-03 10:08 - 2014-10-03 10:08 - 01435136 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2010-08-13 03:52 - 2010-08-13 03:52 - 00021504 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2010-09-23 17:53 - 2010-09-23 17:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-11-13 17:14 - 2010-04-06 08:29 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-07-29 20:02 - 2014-09-14 01:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2009-11-03 00:20 - 2009-11-03 00:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-03 00:23 - 2009-11-03 00:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-08-13 03:52 - 2010-08-13 03:52 - 00151552 _____ () C:\ExpressGateUtil\libexpat.dll
2010-08-13 03:52 - 2010-08-13 03:52 - 00057344 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-01 12:21 - 2010-07-01 12:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2014-10-16 16:51 - 2014-10-10 04:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-16 16:51 - 2014-10-10 04:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-16 16:51 - 2014-10-10 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-16 16:51 - 2014-10-10 04:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-1560831024-780671805-4130521857-500 - Administrator - Disabled)
beTheFellowBee (S-1-5-21-1560831024-780671805-4130521857-1002 - Limited - Enabled) => C:\Users\beTheFellowBee
Gast (S-1-5-21-1560831024-780671805-4130521857-501 - Limited - Disabled)
Scheer (S-1-5-21-1560831024-780671805-4130521857-1001 - Administrator - Enabled) => C:\Users\Scheer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2014 03:54:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2014 10:53:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2014 10:53:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2014 10:53:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2014 09:19:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2014 09:19:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2014 09:18:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2014 09:17:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2014 09:17:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/19/2014 09:17:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (10/20/2014 04:04:32 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/19/2014 08:18:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (10/19/2014 08:15:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Client Virtualization Handler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/19/2014 08:15:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Client Virtualization Handler erreicht.

Error: (10/19/2014 00:19:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "COMODO Dragon Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/18/2014 07:20:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (10/20/2014 03:54:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/19/2014 10:53:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scheer\Desktop\esetsmartinstaller_deu.exe

Error: (10/19/2014 10:53:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scheer\Desktop\esetsmartinstaller_deu.exe

Error: (10/19/2014 10:53:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scheer\Desktop\esetsmartinstaller_deu.exe

Error: (10/19/2014 09:19:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scheer\Desktop\esetsmartinstaller_deu (1).exe

Error: (10/19/2014 09:19:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scheer\Desktop\esetsmartinstaller_deu (1).exe

Error: (10/19/2014 09:18:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scheer\Desktop\esetsmartinstaller_deu (1).exe

Error: (10/19/2014 09:17:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scheer\Desktop\esetsmartinstaller_deu.exe

Error: (10/19/2014 09:17:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scheer\Desktop\esetsmartinstaller_deu.exe

Error: (10/19/2014 09:17:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scheer\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-10-18 01:35:12.484
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-18 01:35:12.421
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-18 01:35:12.343
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-18 01:35:12.265
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-10 19:51:38.769
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-10 19:51:38.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-10 19:51:38.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-09 23:32:53.928
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-09 23:32:53.819
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 62%
Total physical RAM: 3884.48 MB
Available physical RAM: 1439.35 MB
Total Pagefile: 7767.14 MB
Available Pagefile: 4476.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:27.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:327.83 GB) (Free:202.49 GB) NTFS
Drive g: () (Removable) (Total:0.22 GB) (Free:0.13 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=327.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 230.5 MB) (Disk ID: 938AA6E2)
Partition 1: (Active) - (Size=230 MB) - (Type=06)

==================== End Of Log ===========================
Mein AntiVir hat nichts gefunden.

VG

schrauber 21.10.2014 08:08
Java updaten. ESET Funde von Hand löschen.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132