Malwarebytes Pro hängt sich bei vollständigem Suchlauf auf, dann friert auch der PC ein

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:31 on 24/10/2014 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-
         

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by Heinz User (ATTENTION: The logged in user is not administrator) on HEINZH on 24-10-2014 09:35:57
Running from D:\Heinz User\Downloads
Loaded Profiles: Heinz User & Administrator (Available profiles: Heinz User & MiBa & Administrator & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3833208206-1359478055-801439717-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3833208206-1359478055-801439717-1003\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe
HKU\S-1-5-21-3833208206-1359478055-801439717-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3833208206-1359478055-801439717-1003\...\MountPoints2: {bb23c7c7-d2ac-11e3-a5a2-20cf30a8f39d} - I:\EasySuite.exe
HKU\S-1-5-21-3833208206-1359478055-801439717-1003\...\MountPoints2: {cd65e538-7178-11e0-8df0-20cf30a8f39d} - I:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x308C704DF1A7CD01
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60

FireFox:
========
FF ProfilePath: C:\Users\Heinz User\AppData\Roaming\Mozilla\Firefox\Profiles\rp4a81q1.default-1339407163827
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Heinz User\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Heinz User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Heinz User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\MyCamera.dll (CANON INC.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCIG.dll (CANON INC.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Heinz User\AppData\Roaming\Mozilla\Firefox\Profiles\9v52ub4n.default\Extensions\wotstats@mywot.com [2012-02-01]
FF Extension: Ad-Aware Security Add-on - C:\Users\Heinz User\AppData\Roaming\Mozilla\Firefox\Profiles\9v52ub4n.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013-08-27]
FF Extension: GMX Toolbar - C:\Users\Heinz User\AppData\Roaming\Mozilla\Firefox\Profiles\9v52ub4n.default\Extensions\toolbar@gmx.net.xpi [2011-12-20]
FF Extension: NoScript - C:\Users\Heinz User\AppData\Roaming\Mozilla\Firefox\Profiles\9v52ub4n.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-11-15]
FF Extension: DownloadHelper - C:\Users\Heinz User\AppData\Roaming\Mozilla\Firefox\Profiles\rp4a81q1.default-1339407163827\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: CSHelper - C:\Users\Heinz User\AppData\Roaming\Mozilla\Firefox\Profiles\rp4a81q1.default-1339407163827\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2013-05-20]
FF Extension: Adblock Plus - C:\Users\Heinz User\AppData\Roaming\Mozilla\Firefox\Profiles\rp4a81q1.default-1339407163827\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-06]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-07-28]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-16]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-27]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Heinz User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Heinz User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Users\Heinz User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Heinz User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\Heinz User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Google-Suche) - C:\Users\Heinz User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (avast! Online Security) - C:\Users\Heinz User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Heinz User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Google Mail) - C:\Users\Heinz User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [nphjeokkkbngjpiofnfpnafjeofjomfb] - C:\Users\peterlein\AppData\LocalLow\WOT\CHROME\WOT.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-09-08] () [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-02-06] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S4 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-12] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-27] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-07-30] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-10-27] (Acronis International GmbH)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-07-30] (Acronis International GmbH)
S2 WinI2C-DDC; C:\Program Files (x86)\Quato\iColorDisplay\DDCDrv.sys [10240 2010-06-09] (Nicomsoft Ltd.) [File not signed]
R2 WiseFS; C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFs64.sys [10280 2014-03-14] ()
S3 X-Rite; C:\Windows\System32\DRIVERS\XrUsb64.sys [33600 2011-12-09] (X-Rite, Inc.)
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 09:33 - 2014-10-24 09:36 - 00000000 ____D () C:\FRST
2014-10-23 15:31 - 2014-10-23 15:31 - 1163930954 _____ () C:\Windows\MEMORY.DMP
2014-10-23 09:57 - 2014-10-23 09:59 - 00007276 _____ () C:\Windows\IE10_main.log
2014-10-22 14:26 - 2014-10-23 15:33 - 04970808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 22:00 - 2014-10-24 09:09 - 00072940 _____ () C:\Windows\setupact.log
2014-10-21 22:00 - 2014-10-21 22:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-21 19:02 - 2014-10-21 19:02 - 00110104 _____ () C:\Users\Heinz User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-20 21:48 - 2014-10-20 21:48 - 00262144 _____ () C:\Users\Gast
2014-10-20 19:13 - 2014-10-20 19:13 - 00000000 ____D () C:\Users\Heinz User\AppData\Roaming\LavasoftStatistics
2014-10-20 17:38 - 2014-10-20 17:38 - 00044062 _____ () C:\Users\Heinz User\Documents\cc_20141020_173825.reg
2014-10-16 15:47 - 2014-10-23 15:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 15:46 - 2014-10-20 04:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-16 15:46 - 2014-10-20 04:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-16 15:46 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-16 15:46 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-15 17:04 - 2014-10-20 04:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-15 14:16 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-15 13:56 - 2014-09-20 02:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:56 - 2014-09-20 01:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:56 - 2014-09-20 01:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:56 - 2014-09-20 01:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:56 - 2014-09-20 01:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:56 - 2014-09-20 01:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:56 - 2014-09-20 01:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 13:56 - 2014-09-20 01:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:56 - 2014-09-20 01:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:56 - 2014-09-20 01:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 13:56 - 2014-09-20 01:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:56 - 2014-09-20 01:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:56 - 2014-09-20 01:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:56 - 2014-09-20 01:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:56 - 2014-09-20 01:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:56 - 2014-09-20 01:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:56 - 2014-09-20 01:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:56 - 2014-09-20 01:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 13:56 - 2014-09-20 01:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 13:56 - 2014-09-20 01:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:56 - 2014-09-20 01:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 13:56 - 2014-09-20 00:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 13:56 - 2014-09-20 00:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 13:56 - 2014-09-20 00:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 13:56 - 2014-09-20 00:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 13:56 - 2014-09-20 00:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 13:56 - 2014-09-20 00:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 13:56 - 2014-09-20 00:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 13:56 - 2014-09-20 00:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 13:56 - 2014-09-20 00:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 13:56 - 2014-09-20 00:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 13:56 - 2014-09-20 00:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 13:56 - 2014-09-20 00:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 13:56 - 2014-09-20 00:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 13:56 - 2014-09-20 00:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 13:56 - 2014-09-20 00:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 13:56 - 2014-09-20 00:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 13:56 - 2014-09-20 00:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 13:56 - 2014-09-20 00:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 13:56 - 2014-09-20 00:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 13:56 - 2014-09-20 00:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-15 13:56 - 2014-09-20 00:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 13:56 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:56 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 13:56 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:56 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 13:56 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 13:56 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:56 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 13:56 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:54 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:54 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 13:54 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:54 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 13:54 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:54 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:54 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:54 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:54 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:54 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:54 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 13:54 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 13:54 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 13:54 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 13:54 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 13:54 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 13:54 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:54 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:53 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:53 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 00:04 - 2014-10-15 00:04 - 00000218 _____ () C:\Users\Heinz User\.recently-used.xbel
2014-10-13 14:45 - 2014-07-03 11:14 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
2014-10-13 14:45 - 2014-07-03 11:14 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\system32\nlssrv32.exe
2014-10-06 22:49 - 2014-10-06 22:49 - 00000000 __SHD () C:\found.001
2014-10-05 23:06 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-05 23:06 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-25 12:42 - 2014-09-25 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 10:30 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 10:30 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 09:31 - 2014-08-03 22:39 - 00000000 ____D () C:\Users\Administrator.HEINZH
2014-10-24 09:26 - 2014-02-27 11:33 - 01938383 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 09:26 - 2013-06-06 17:04 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-10-24 09:26 - 2013-05-31 20:04 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-10-24 09:26 - 2012-02-24 10:42 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 09:22 - 2009-07-14 06:45 - 00024496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 09:22 - 2009-07-14 06:45 - 00024496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 09:20 - 2011-05-13 19:03 - 00000000 ____D () C:\Users\Heinz User\Documents\Outlook-Dateien
2014-10-24 09:09 - 2014-02-27 11:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-24 09:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 15:31 - 2014-03-18 06:43 - 00000000 ____D () C:\Windows\Minidump
2014-10-23 13:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-23 10:44 - 2014-02-27 12:33 - 01610606 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-23 10:44 - 2011-04-12 09:43 - 00705584 _____ () C:\Windows\system32\perfh007.dat
2014-10-23 10:44 - 2011-04-12 09:43 - 00151876 _____ () C:\Windows\system32\perfc007.dat
2014-10-23 10:44 - 2009-07-14 07:13 - 01610606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-23 10:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-10-23 10:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-10-23 10:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-23 10:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-21 18:41 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-21 18:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-21 16:23 - 2012-08-25 15:26 - 00000000 ____D () C:\Temp
2014-10-21 06:34 - 2012-11-18 16:52 - 00179712 ___SH () C:\Users\Heinz User\Thumbs.db
2014-10-20 21:48 - 2013-12-25 15:20 - 00000000 ____D () C:\Users\Heinz User\SecurityScans
2014-10-20 12:03 - 2013-07-07 17:53 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2014-10-20 09:51 - 2011-05-21 12:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-20 04:20 - 2014-09-12 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SNS-HDR Lite new
2014-10-20 04:20 - 2014-08-11 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 04:20 - 2014-06-15 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GUI for dvdauthor
2014-10-20 04:20 - 2014-06-15 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-10-20 04:20 - 2014-06-07 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-20 04:20 - 2014-06-06 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-10-20 04:20 - 2014-04-12 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer SG
2014-10-20 04:20 - 2014-03-28 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-10-20 04:20 - 2014-02-27 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-20 04:20 - 2014-02-27 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-20 04:20 - 2014-02-27 11:34 - 00000000 ____D () C:\Users\MiBa
2014-10-20 04:20 - 2014-01-24 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-20 04:20 - 2014-01-15 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kernel Outlook PST Viewer
2014-10-20 04:20 - 2014-01-14 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\upc cablecom
2014-10-20 04:20 - 2013-12-12 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-10-20 04:20 - 2013-10-15 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SNS-HDR Lite
2014-10-20 04:20 - 2013-09-08 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-20 04:20 - 2013-08-08 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2014-10-20 04:20 - 2013-08-05 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-10-20 04:20 - 2013-07-28 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2014-10-20 04:20 - 2013-07-07 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Folder Hider
2014-10-20 04:20 - 2013-06-10 21:29 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-10-20 04:20 - 2013-06-10 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-10-20 04:20 - 2013-05-20 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-10-20 04:20 - 2013-02-21 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GML
2014-10-20 04:20 - 2013-02-07 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-10-20 04:20 - 2012-12-16 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
2014-10-20 04:20 - 2012-11-28 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poladroid
2014-10-20 04:20 - 2012-08-25 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dfine 2.0
2014-10-20 04:20 - 2012-08-24 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nik Software
2014-10-20 04:20 - 2012-08-07 10:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett
2014-10-20 04:20 - 2012-07-06 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Camera
2014-10-20 04:20 - 2012-06-11 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-20 04:20 - 2012-04-30 16:55 - 00000000 ____D () C:\Users\Heinz User\AppData\Roaming\onOne Software
2014-10-20 04:20 - 2012-04-30 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
2014-10-20 04:20 - 2012-04-12 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugmode
2014-10-20 04:20 - 2012-01-23 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quato
2014-10-20 04:20 - 2011-11-21 17:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-20 04:20 - 2011-09-30 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2014-10-20 04:20 - 2011-09-19 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-10-20 04:20 - 2011-07-20 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-10-20 04:20 - 2011-04-29 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-10-20 04:20 - 2011-03-28 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-10-20 04:20 - 2011-03-28 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
2014-10-20 04:20 - 2011-03-28 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
2014-10-20 04:20 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-20 04:20 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-20 04:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-10-20 04:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-20 04:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-20 04:18 - 2014-02-27 11:34 - 00000000 ____D () C:\Users\Administrator
2014-10-20 04:17 - 2014-03-01 19:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-20 04:17 - 2013-11-01 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis
2014-10-20 04:17 - 2013-07-28 09:28 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-10-20 04:17 - 2013-05-23 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
2014-10-20 04:17 - 2011-07-16 11:03 - 00000000 ____D () C:\ProgramData\Real
2014-10-20 04:17 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-10-17 04:15 - 2014-08-30 12:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 22:20 - 2013-11-05 19:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-16 20:26 - 2011-08-05 18:43 - 00000000 ____D () C:\Fotos von Digitalkamera
2014-10-16 15:38 - 2014-08-30 12:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-16 15:38 - 2014-08-30 12:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 16:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 16:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 14:17 - 2014-02-27 11:32 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-15 14:14 - 2014-02-27 11:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-15 14:06 - 2013-07-20 15:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 13:57 - 2014-02-27 17:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 07:39 - 2012-02-24 10:42 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-14 12:27 - 2014-07-29 10:12 - 00001078 _____ () C:\Users\Heinz User\AppData\Local\b910beaedd16e666d75f0eba9db54ffc
2014-10-13 17:35 - 2014-06-15 10:08 - 00000000 ____D () C:\Users\Heinz User\AppData\Local\Google
2014-10-13 14:48 - 2012-04-30 16:51 - 00000000 ____D () C:\Program Files\onOne Software
2014-10-13 14:47 - 2012-04-30 16:50 - 00000000 ____D () C:\ProgramData\onOne Software
2014-10-13 14:45 - 2012-04-30 16:50 - 00000000 ____D () C:\Program Files (x86)\onOne Software
2014-10-13 14:17 - 2013-08-08 18:51 - 00076408 _____ () C:\Users\Heinz User\Documents\PerfectEffectsConduit.log
2014-10-06 22:42 - 2012-08-22 14:50 - 00000000 ___RD () C:\Users\Heinz User\Dropbox
2014-10-06 19:59 - 2012-08-22 14:45 - 00000000 ____D () C:\Users\Heinz User\AppData\Roaming\Dropbox
2014-10-06 19:58 - 2012-08-22 14:46 - 00000000 ____D () C:\Users\Heinz User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-02 15:53 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 11:11 - 2014-03-01 19:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 14:53 - 2013-11-05 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 10:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\CatRoot2_2014107121131

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by Heinz User at 2014-10-24 09:36:37
Running from D:\Heinz User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.293 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.6.0.12 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.2.7 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.1.0.31 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.51.2 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.40.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.0.0.3 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3/E4 Utility (HKLM-x32\...\WFTK) (Version: 3.3.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.2.1.31 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
Color Efex Pro 3.0 (HKLM-x32\...\Color Efex Pro 3.0_is1) (Version:  - )
Color Efex Pro 3.0 Complete (HKLM-x32\...\Color Efex Pro 3.0 Complete Stand-Alone) (Version: 3.1.1.0 - Nik Software, Inc.)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DebugMode Wink (HKLM-x32\...\DebugMode Wink) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Fotostory 3 für Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GML Matting 0.3 (HKLM-x32\...\GML Matting_is1) (Version: 0.3 - GML Computer Vision Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.0.1558 (HKCU\...\GoToMeeting) (Version: 6.4.0.1558 - CitrixOnline)
GPU Boost Driver (HKLM-x32\...\{B8887E02-C910-4498-A7C0-186ABFDCD110}) (Version: 1.00.00 - ASUS)
GUI for dvdauthor 1.07 (HKLM-x32\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12262 - HP)
HP Software Update (HKLM-x32\...\{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}) (Version: 1.0.18.20030625 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kernel Outlook PST Viewer ver 11.05.01 (HKLM-x32\...\Kernel Outlook PST Viewer_is1) (Version:  - Lepide Software Pvt. Ltd.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1039 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1150 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Pen Pad Driver with Macro Key Manager (HKLM-x32\...\Rmtablet) (Version:  - )
Perfect Effects 3 Free (HKLM-x32\...\{B8D92680-34AC-4B76-8D95-7E95B11B5121}) (Version: 3.0.2 - onOne Software)
Perfect Effects 4 (HKLM-x32\...\{385E6A4D-A440-43E2-9BAF-A012FB5FC2E2}) (Version: 4.0 - onOne Software)
PhotoFrame 4.6.3 Free (HKLM-x32\...\{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}) (Version: 4.6.3 - onOne Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poladroid (HKLM-x32\...\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}) (Version: 0.9.6.0 - Poladroid.net)
PTLens (HKLM-x32\...\{A24B8DC8-DAEC-4F36-91CC-BDDC9453BAC8}) (Version: 1.0.661 - ePaperPress)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{C764198E-EB02-4542-8F71-C369B064DE22}) (Version: 6.3a - Silicon Laboratories, Inc.)
SNS-HDR Lite v1.4.22 (HKLM\...\SNS-HDR Lite_is1) (Version:  - Sebastian Nibisz)
Steuer 2011 12.0.1 (HKCU\...\5365-1369-1386-1612) (Version: 12.0.1 - Information Factory AG)
Steuer 2012 13.0.3 (HKCU\...\1382-8438-0790-3872) (Version: 13.0.3 - Information Factory AG)
Steuer 2013 14.0.1 (HKLM-x32\...\0166-6433-7072-1489) (Version: 14.0.1 - Information Factory AG)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Topaz B&W Effects (x32 Version: 1.1.0 - Topaz Labs) Hidden
upc cablecom assistant (HKLM-x32\...\upc cablecom assistant) (Version: 2.0.0.2 - upc cablecom GmbH)
virtualPhotographer 1.5.6 (HKLM-x32\...\virtualPhotographer_is1) (Version:  - optikVerve Labs)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX kontrola za daljinske veze (HKLM-x32\...\{8985AE5E-622A-4980-8BF8-0A1830643220}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wise Folder Hider 2.02 (HKLM-x32\...\Wise Folder Hider_is1) (Version: 2.02 - WiseCleaner.com, Inc.)
XMedia Recode Version 3.1.6.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.6.9 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-07-22 17:18 - 04215724 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adcash.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => ?
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => ?
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3833208206-1359478055-801439717-1003.job => C:\Users\Heinz User\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3833208206-1359478055-801439717-1003Core.job => C:\Users\Heinz User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3833208206-1359478055-801439717-1003UA.job => C:\Users\Heinz User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => ?

==================== Loaded Modules (whitelisted) =============

2013-10-01 11:32 - 2013-10-01 11:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-08-07 10:03 - 2012-05-30 10:29 - 01184672 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4
AlternateDataStreams: C:\ProgramData\TEMP:FF566C71

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuatoCalibrationLoader.lnk => C:\Windows\pss\QuatoCalibrationLoader.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe"
MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: atwtusb => atwtusb.exe
MSCONFIG\startupreg: BoxcryptorClassic.exe => "C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe"
MSCONFIG\startupreg: HOSTS Anti-Adware_PUPs => C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
MSCONFIG\startupreg: MyTomTomSA.exe => "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Ocster Backup => "C:\Program Files\Ocster Backup\bin\backupClient-ox.exe" --hidden
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Safer-Tech ProCrypt Services => "C:\Program Files (x86)\Safer-Tech\ProCrypt\stpcs.exe" /fs
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-3833208206-1359478055-801439717-500 - Administrator - Enabled) => C:\Users\Administrator.HEINZH
Gast (S-1-5-21-3833208206-1359478055-801439717-501 - Limited - Disabled) => C:\Users\Gast
Heinz User (S-1-5-21-3833208206-1359478055-801439717-1003 - Limited - Enabled) => C:\Users\Heinz User
HomeGroupUser$ (S-1-5-21-3833208206-1359478055-801439717-1152 - Limited - Enabled)
MiBa (S-1-5-21-3833208206-1359478055-801439717-1143 - Limited - Enabled) => C:\Users\MiBa
UpdatusUser (S-1-5-21-3833208206-1359478055-801439717-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2014 09:13:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 03:34:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 11:36:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 10:25:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 10:21:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 10:15:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 10:11:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 08:49:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 03:46:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 02:27:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/24/2014 09:17:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intel(R) Management & Security Application User Notification Service" ist vom Dienst "Intel(R) Management and Security Application Local Management Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/24/2014 09:16:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (10/24/2014 09:16:49 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (10/24/2014 09:13:22 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (10/24/2014 09:13:22 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/

Error: (10/24/2014 09:13:22 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (10/24/2014 09:13:22 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/

Error: (10/24/2014 09:13:21 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (10/24/2014 09:13:21 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/

Error: (10/24/2014 09:13:21 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7


Microsoft Office Sessions:
=========================
Error: (10/24/2014 09:13:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 03:34:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 11:36:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 10:25:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 10:21:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 10:15:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 10:11:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 08:49:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2014 03:46:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 02:27:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-10-15 16:46:29.630
  Description: N/A

  Date: 2014-10-15 16:46:29.599
  Description: N/A

  Date: 2014-10-15 16:27:08.614
  Description: N/A

  Date: 2014-10-15 16:27:08.583
  Description: N/A

  Date: 2014-10-15 07:42:38.338
  Description: N/A

  Date: 2014-10-15 07:42:38.276
  Description: N/A

  Date: 2014-10-11 10:15:21.791
  Description: N/A

  Date: 2014-10-11 10:15:21.728
  Description: N/A

  Date: 2014-10-07 12:38:25.280
  Description: N/A

  Date: 2014-10-07 12:38:25.217
  Description: N/A


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 25%
Total physical RAM: 8158.05 MB
Available physical RAM: 6039.2 MB
Total Pagefile: 16314.28 MB
Available Pagefile: 14116.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:473.1 GB) (Free:114.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Volume) (Fixed) (Total:448.16 GB) (Free:47.03 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-24 11:03:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AJ1 931.51GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1.HEI\AppData\Local\Temp\uftdipod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\wininit.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      0000000076d1ef8d 1 byte [62]
.text   C:\Windows\system32\winlogon.exe[896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     0000000076d1ef8d 1 byte [62]
.text   C:\Windows\system32\services.exe[956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     0000000076d1ef8d 1 byte [62]
.text   C:\Windows\system32\nvvsvc.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                       0000000076d1ef8d 1 byte [62]
.text   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[604] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                  000000007520a2fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      0000000076d1ef8d 1 byte [62]
.text   C:\Windows\System32\svchost.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     0000000076d1ef8d 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     0000000076d1ef8d 1 byte [62]
.text   C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe[1368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                0000000076d1ef8d 1 byte [62]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            0000000076d1ef8d 1 byte [62]
.text   C:\Windows\system32\nvvsvc.exe[1652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      0000000076d1ef8d 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                  0000000076d1ef8d 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                        000000007520a2fd 1 byte [62]
.text   C:\Windows\system32\taskhost.exe[1868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                    0000000076d1ef8d 1 byte [62]
.text   C:\Windows\Explorer.EXE[2176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                             0000000076d1ef8d 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              000000007520a2fd 1 byte [62]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2928] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  000000007520a2fd 1 byte [62]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3048] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              0000000076d1ef8d 1 byte [62]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[1764] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                            00000000751e8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[1764] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   000000007520a2fd 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    000000007520a2fd 1 byte [62]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                  000000007520a2fd 1 byte [62]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18                                0000000074aa1402 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18                                  0000000074aa141a 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18                                0000000074aa1432 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43                                0000000074aa144b 1 byte [74]
.text   ...                                                                                                                                                             * 9
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18                                   0000000074aa14de 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18                            0000000074aa14f6 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18                                   0000000074aa150e 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18                            0000000074aa1526 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18                                  0000000074aa153e 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18                                       0000000074aa1556 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18                                0000000074aa156e 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18                                  0000000074aa1586 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18                                     0000000074aa159e 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18                                  0000000074aa15b6 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18                                0000000074aa15ce 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21                            0000000074aa16b3 1 byte [74]
.text   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32                            0000000074aa16be 1 byte [74]
.text   C:\Windows\SysWOW64\nlssrv32.exe[2972] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                    000000007520a2fd 1 byte [62]
.text   C:\Program Files (x86)\PDF Architect\HelperService.exe[1212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                              000000007520a2fd 1 byte [62]
.text   C:\Program Files (x86)\PDF Architect\ConversionService.exe[3112] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          000000007520a2fd 1 byte [62]
.text   C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[3168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              000000007520a2fd 1 byte [62]
.text   C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[3236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                      0000000076d1ef8d 1 byte [62]
.text   C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[3364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                      0000000076d1ef8d 1 byte [62]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                 000000007520a2fd 1 byte [62]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18                               0000000074aa1402 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18                                 0000000074aa141a 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18                               0000000074aa1432 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43                               0000000074aa144b 1 byte [74]
.text   ...                                                                                                                                                             * 9
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18                                  0000000074aa14de 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18                           0000000074aa14f6 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18                                  0000000074aa150e 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18                           0000000074aa1526 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18                                 0000000074aa153e 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18                                      0000000074aa1556 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18                               0000000074aa156e 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18                                 0000000074aa1586 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18                                    0000000074aa159e 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18                                 0000000074aa15b6 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18                               0000000074aa15ce 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21                           0000000074aa16b3 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32                           0000000074aa16be 1 byte [74]
.text   C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              000000007520a2fd 1 byte [62]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[4352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  0000000076d1ef8d 1 byte [62]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                 00000000751e8791 5 bytes JMP 00000001611b7f8e
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                        000000007520a2fd 1 byte [62]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\ole32.dll!OleLoadFromStream                                              0000000076666143 5 bytes JMP 00000001616fca31
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString                                               0000000074b53e59 4 bytes JMP 00000001611eaba8
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\OLEAUT32.dll!VariantClear                                                0000000074b53eae 4 bytes JMP 00000001611fb17a
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen                                       0000000074b54731 4 bytes JMP 00000001611faa6c
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType                                           0000000074b55dee 4 bytes JMP 000000016121dc0e
?       C:\Windows\system32\mssprxy.dll [5156] entry point in ".rdata" section                                                                                          00000000745871e6
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18                                      0000000074aa1402 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18                                        0000000074aa141a 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18                                      0000000074aa1432 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43                                      0000000074aa144b 1 byte [74]
.text   ...                                                                                                                                                             * 9
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18                                         0000000074aa14de 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18                                  0000000074aa14f6 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18                                         0000000074aa150e 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18                                  0000000074aa1526 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18                                        0000000074aa153e 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18                                             0000000074aa1556 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18                                      0000000074aa156e 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18                                        0000000074aa1586 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18                                           0000000074aa159e 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18                                        0000000074aa15b6 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18                                      0000000074aa15ce 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21                                  0000000074aa16b3 1 byte [74]
.text   C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32                                  0000000074aa16be 1 byte [74]
.text   C:\Windows\system32\winlogon.exe[4092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                    0000000076d1ef8d 1 byte [62]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            0000000076d1ef8d 1 byte [62]
.text   C:\Windows\system32\nvvsvc.exe[4368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      0000000076d1ef8d 1 byte [62]
.text   C:\Windows\Explorer.EXE[5760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                             0000000076d1ef8d 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[6436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              000000007520a2fd 1 byte [62]
.text   C:\Program Files\OO Software\Defrag\oodtray.exe[6612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                     0000000076d1ef8d 1 byte [62]
.text   C:\Program Files\CCleaner\CCleaner64.exe[6680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            0000000076d1ef8d 1 byte [62]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              0000000076d1ef8d 1 byte [62]
.text   C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6884] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  000000007520a2fd 1 byte [62]
.text   C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[6936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                      0000000076d1ef8d 1 byte [62]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                 000000007520a2fd 1 byte [62]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18                               0000000074aa1402 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18                                 0000000074aa141a 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18                               0000000074aa1432 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43                               0000000074aa144b 1 byte [74]
.text   ...                                                                                                                                                             * 9
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18                                  0000000074aa14de 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18                           0000000074aa14f6 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18                                  0000000074aa150e 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18                           0000000074aa1526 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18                                 0000000074aa153e 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18                                      0000000074aa1556 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18                               0000000074aa156e 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18                                 0000000074aa1586 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18                                    0000000074aa159e 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18                                 0000000074aa15b6 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18                               0000000074aa15ce 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21                           0000000074aa16b3 1 byte [74]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32                           0000000074aa16be 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                            00000000751e8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   000000007520a2fd 1 byte [62]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18                                                 0000000074aa1402 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18                                                   0000000074aa141a 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18                                                 0000000074aa1432 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43                                                 0000000074aa144b 1 byte [74]
.text   ...                                                                                                                                                             * 9
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18                                                    0000000074aa14de 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18                                             0000000074aa14f6 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18                                                    0000000074aa150e 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18                                             0000000074aa1526 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18                                                   0000000074aa153e 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18                                                        0000000074aa1556 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18                                                 0000000074aa156e 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18                                                   0000000074aa1586 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18                                                      0000000074aa159e 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18                                                   0000000074aa15b6 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18                                                 0000000074aa15ce 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21                                             0000000074aa16b3 1 byte [74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32                                             0000000074aa16be 1 byte [74]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    000000007520a2fd 1 byte [62]
.text   C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[7116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                   0000000076d1ef8d 1 byte [62]
.text   D:\Heinz User\Downloads\Gmer-19357.exe[5848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                              000000007520a2fd 1 byte [62]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [3456:2556]                                                                                                                     000007fef1b39688

---- EOF - GMER 2.1 ----