Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


Log-Analyse und Auswertung: Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 14.01.2015, 00:31   #1
LuffyXD
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


Hallo liebe Helfer/Helferinnen,

Seit einigen Wochen ist mein Laptop zunehmend langsamer geworden. Dies ist besonders auffällig bei Benutzung von Internetbrowsern(überwiegend Firefox bis ausschließlich), MMORPGS(Aion und vor allem Tera Rising) und auch bei diversen Anwendungen & Apps. Das Spiel Tera Rising stürzt zu dem regelmäßig in kurzen Abständen ab. Dies soll scheinbar ein häufiges Problem in der Community zu sein.

Ich habe mehrfach Antivir Avira nach Viren etc suchen lassen, dabei waren aber keine Funde. Das System wurde vollständig durchsucht, die Heuristik war in allen Bereichen auf hoch eingestellt.

Nachdem ich mir dann unsicher wurde, was die Anwendung von Avira angeht, habe ich mir einen neuen Virenscanner installiert - Panda Free Antivirus. Dieser hat dann auch bei dem ersten Scans unerwünschte Programme entdeckt (PUP's), die ich daraufhin gelöscht habe. Der Scan wurde mit einem zusätzlichen Programm namens Panda Cloudcleaner durchgeführt.
Um die Frage auszuschließen: Windows Defender ist deaktiviert und Avira wurde zuvor im Offlinemodus deinstalliert.

Nach der Entfernung dieser schien es anfänglich so, als wäre das Gerät wieder schneller, jedoch hat sich die Euphorie genauso schnell wieder in Luft aufgelöst.

Nun zu den Logfiles:

Ich hatte bei dem ersten Scan von GMER vergessen, den Haken bei IAT/EAT zu entfernen und daher den ersten Scan direkt geschlossen. Nachdem ich versucht hatte einen zweiten Scan durchlaufen zu lassen, hatte das Programm Probleme bei der Ausführung und wurde direkt geschlossen. Nach einem Neustart funktionierte es weiterhin nicht. Als ich dann nach Kompatibilitätsproblemen suchen lassen habe, hat es schlussendlich wieder funktioniert.

defogger_disable.txt

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:35 on 13/01/2015 (Josephine Mireille)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Josephine Mireille (administrator) on MIREILLE on 13-01-2015 23:05:32
Running from C:\Users\Josephine Mireille\Downloads
Loaded Profile: Josephine Mireille (Available profiles: Josephine Mireille & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2014-06-01] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [DXM6Patch_981116] => C:\WINDOWS\p_981116.exe [497376 1998-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-02] ( (Atheros Communications))
HKU\S-1-5-21-768070318-4204382875-4262773496-1001\...\MountPoints2: {8447746c-297d-11e4-bea7-485ab66d3c08} - "E:\Startme.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-768070318-4204382875-4262773496-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.digimonmasters.com/index.aspx
HKU\S-1-5-21-768070318-4204382875-4262773496-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
DPF: HKLM-x32 {9A3D12F9-8802-4316-B877-022025566DA1} hxxp://www.digimonmasters.com/inc/ActiveX/launcher/20130813/Digitalic%20Launcher.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Josephine Mireille\AppData\Roaming\Mozilla\Firefox\Profiles\5h2pxznh.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-768070318-4204382875-4262773496-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Josephine Mireille\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: Adblock Plus - C:\Users\Josephine Mireille\AppData\Roaming\Mozilla\Firefox\Profiles\5h2pxznh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-02] (Windows (R) Win 7 DDK provider)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-11-21] (BitRaider, LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2014-06-01] (Intel Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-29] (VTech)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-06-27] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-11-21] (BitRaider)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-02] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-06-27] ()
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-01] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 23:04 - 2015-01-13 23:05 - 00020254 _____ () C:\Users\Josephine Mireille\Downloads\Addition.txt
2015-01-13 23:03 - 2015-01-13 23:05 - 00015096 _____ () C:\Users\Josephine Mireille\Downloads\FRST.txt
2015-01-13 23:03 - 2015-01-13 23:05 - 00000000 ____D () C:\FRST
2015-01-13 23:02 - 2015-01-13 23:02 - 00000498 _____ () C:\Users\Josephine Mireille\Downloads\defogger_disable.log
2015-01-13 23:02 - 2015-01-13 23:02 - 00000000 _____ () C:\Users\Josephine Mireille\defogger_reenable
2015-01-13 22:59 - 2015-01-13 22:59 - 02124288 _____ (Farbar) C:\Users\Josephine Mireille\Downloads\FRST64.exe
2015-01-13 22:55 - 2015-01-13 22:55 - 00000000 ____D () C:\Users\Josephine Mireille\Downloads\10 WBC
2015-01-13 22:53 - 2015-01-13 22:54 - 00380416 _____ () C:\Users\Josephine Mireille\Downloads\Gmer-19357.exe
2015-01-13 22:45 - 2015-01-13 22:45 - 00050477 _____ () C:\Users\Josephine Mireille\Downloads\Defogger.exe
2015-01-12 15:19 - 2015-01-12 15:19 - 00000000 ____D () C:\Users\Josephine Mireille\Documents\TeraSAVES
2015-01-12 09:51 - 2015-01-12 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-12 09:51 - 2014-12-13 01:11 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-12 09:51 - 2014-12-13 01:11 - 02210040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-12 09:51 - 2014-12-13 01:11 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-12 09:51 - 2014-12-13 01:11 - 01291464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-12 09:50 - 2015-01-12 10:30 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-12 09:50 - 2015-01-12 10:30 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-12 09:50 - 2015-01-12 09:50 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-12 09:49 - 2015-01-12 09:50 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-01-12 09:48 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 18594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 14128496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-01-12 09:48 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434709.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434709.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00399688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00391488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00346944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-01-12 09:48 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-01-12 09:48 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-01-12 09:48 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-01-12 09:42 - 2015-01-12 09:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-12 09:42 - 2014-12-13 09:03 - 06859408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 03513488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 01097360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-12 09:42 - 2014-12-13 09:03 - 00386368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-12 09:42 - 2014-12-13 00:11 - 04151176 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-12 09:40 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-01-12 03:17 - 2015-01-12 03:17 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\Panda Security
2015-01-12 03:16 - 2015-01-12 03:16 - 00000180 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-01-12 01:28 - 2015-01-12 01:28 - 00001298 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-01-12 01:28 - 2015-01-12 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-01-12 00:23 - 2015-01-12 00:23 - 00227096 _____ () C:\Users\Administrator\Downloads\avira_registry_cleaner_de.exe
2015-01-12 00:16 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-12 00:15 - 2015-01-12 01:28 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-12 00:15 - 2015-01-12 00:15 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Panda Security
2015-01-12 00:15 - 2015-01-12 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-12 00:13 - 2015-01-12 00:16 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-02 22:10 - 2015-01-13 22:58 - 00000000 ____D () C:\Users\Josephine Mireille\Downloads\Sims 4
2014-12-25 10:35 - 2014-12-25 10:35 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 22:43 - 2014-12-24 22:43 - 00000000 ____D () C:\Users\Josephine Mireille\Documents\Electronic Arts
2014-12-24 22:41 - 2014-12-24 22:41 - 00001362 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-12-24 22:41 - 2014-12-24 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-12-24 22:41 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2014-12-19 20:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 20:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-18 11:48 - 2014-12-18 11:48 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w95inf32.dll
2014-12-18 11:48 - 2014-12-18 11:48 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w95inf16.dll
2014-12-18 11:48 - 1998-09-02 09:28 - 01088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\danim.dll
2014-12-18 11:48 - 1998-09-02 09:28 - 00155408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LMRT.dll
2014-12-18 11:48 - 1998-09-02 09:28 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unam4ie.exe
2014-12-18 11:48 - 1998-09-02 09:28 - 00038160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LMRTREND.dll
2014-12-18 11:48 - 1998-09-02 09:02 - 00194320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qcut.dll
2014-12-18 11:48 - 1998-08-27 05:51 - 00182032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft3.dll
2014-12-18 11:48 - 1998-08-20 12:02 - 00140800 _____ (The Duck Corporation) C:\WINDOWS\SysWOW64\tm20dec.ax
2014-12-18 11:48 - 1998-08-20 11:38 - 00217984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\strmdll.dll
2014-12-18 11:48 - 1998-08-17 10:21 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciqtz.drv
2014-12-18 11:48 - 1998-08-17 10:21 - 00010240 _____ () C:\WINDOWS\SysWOW64\vidx16.dll
2014-12-18 11:48 - 1998-08-17 10:21 - 00005672 _____ () C:\WINDOWS\SysWOW64\quartz.vxd
2014-12-18 11:24 - 2014-12-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Catan
2014-12-18 11:24 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\WINDOWS\IsUn0407.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 23:02 - 2014-05-31 23:06 - 00000000 ____D () C:\Users\Josephine Mireille
2015-01-13 23:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-13 22:58 - 2014-05-31 23:16 - 01077688 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-13 22:31 - 2014-03-18 11:04 - 01689572 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-13 22:31 - 2014-03-18 10:25 - 00728968 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-13 22:31 - 2014-03-18 10:25 - 00152122 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-13 22:27 - 2014-06-01 09:37 - 00000000 __RDO () C:\Users\Josephine Mireille\OneDrive
2015-01-13 22:23 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-13 22:23 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-13 22:20 - 2014-06-02 13:48 - 00000000 ____D () C:\ProgramData\Origin
2015-01-13 22:19 - 2014-06-02 13:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-13 20:59 - 2014-06-03 22:48 - 00000000 ____D () C:\Users\Josephine Mireille\Downloads\Gameforge Live
2015-01-12 19:17 - 2014-11-11 11:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-12 10:07 - 2014-05-31 16:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-768070318-4204382875-4262773496-1001
2015-01-12 09:51 - 2014-06-01 07:22 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Local\NVIDIA Corporation
2015-01-12 09:51 - 2014-05-31 16:35 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-12 09:51 - 2014-05-31 16:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-12 09:50 - 2013-08-22 15:46 - 00008474 _____ () C:\WINDOWS\setupact.log
2015-01-12 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-12 09:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-01-12 09:40 - 2013-08-22 15:44 - 00384464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-12 00:34 - 2014-05-31 23:36 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-768070318-4204382875-4262773496-500
2015-01-12 00:21 - 2014-11-04 09:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-12 00:10 - 2014-05-31 23:06 - 00000000 ____D () C:\Users\Administrator
2015-01-12 00:10 - 2014-03-18 02:51 - 00213880 _____ () C:\WINDOWS\PFRO.log
2015-01-12 00:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-11 15:05 - 2014-05-31 16:59 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Local\CrashDumps
2015-01-11 00:33 - 2014-08-14 12:23 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\TS3Client
2014-12-28 20:10 - 2014-06-01 19:23 - 00007605 _____ () C:\Users\Josephine Mireille\AppData\Local\Resmon.ResmonCfg
2014-12-24 20:06 - 2014-06-02 13:50 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\Origin
2014-12-24 20:06 - 2014-06-02 13:50 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-22 16:05 - 2014-05-31 11:11 - 00000000 ____D () C:\Users\Josephine Mireille\Documents\Bluetooth Folder
2014-12-21 17:28 - 2014-06-01 08:58 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\Atheros
2014-12-20 13:08 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-19 15:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-18 11:47 - 2013-08-22 12:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-12-18 11:47 - 2013-08-22 12:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-12-18 11:47 - 2013-08-22 12:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-12-18 11:47 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-12-18 11:47 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-12-18 11:47 - 2013-08-22 05:05 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-12-18 11:47 - 2013-08-22 05:03 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-12-18 11:47 - 2013-08-22 04:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-12-18 11:47 - 2013-08-22 04:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-12-18 11:47 - 2013-08-22 04:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-12-18 11:47 - 2013-08-22 04:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-12-18 11:47 - 2013-08-22 04:51 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-12-18 11:47 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-12-18 11:47 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-12-17 21:22 - 2014-05-31 16:09 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\{8AE74035-125D-44A3-8BA6-7E8172E91058}.exe
C:\Users\Josephine Mireille\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 13:16

==================== End Of Log ============================
--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Josephine Mireille at 2015-01-13 23:05:50
Running from C:\Users\Josephine Mireille\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.01.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
DigimonMasters Online (HKLM-x32\...\DigimonMasters) (Version:  - Move games)
DigimonMasters Online Launcher (HKLM-x32\...\DigimonMasters Launcher) (Version:  - Move games)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.0 - pdfforge)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.320 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.31 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28130 - Realtek Semiconductor Corp.)
ServiceInstaller (HKLM-x32\...\ServiceInstaller) (Version:  - )
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.59 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
Unity Web Player (HKU\S-1-5-21-768070318-4204382875-4262773496-1001\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-768070318-4204382875-4262773496-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

28-12-2014 19:12:00 Removed Java 8 Update 5
07-01-2015 13:07:14 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4F0F85C3-4DFA-44AF-A3FD-E3F618B0D5EB} - System32\Tasks\{0BFEC8A9-7CA1-4DF0-8B13-D074D1A03D80} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_223_Plugin.exe -c -maintain plugin
Task: {E2600F8A-C7E0-43A7-B24F-25CF05F98856} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2015-01-12 09:42 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-02 01:25 - 2014-04-02 01:25 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-02 01:22 - 2014-04-02 01:22 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-02 01:28 - 2014-04-02 01:28 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-10-13 02:49 - 2014-06-20 07:42 - 00401280 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-06-01 21:39 - 2014-06-01 21:36 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-13 02:49 - 2014-03-04 12:20 - 00117760 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2014-10-13 02:49 - 2014-04-22 03:14 - 00065536 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QHttpServer.dll
2014-10-13 02:49 - 2014-05-06 06:39 - 00861184 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\platforms\qwindows.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00021504 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qgif.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00020992 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qico.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00204800 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00218112 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qmng.dll
2014-10-13 02:49 - 2014-05-06 06:58 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00015360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtga.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00307712 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00014848 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll
2014-10-13 02:49 - 2014-05-06 07:31 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00036352 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00038912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll
2014-12-09 18:56 - 2014-12-09 18:56 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Josephine Mireille\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "DXM6Patch_981116"

========================= Accounts: ==========================

Administrator (S-1-5-21-768070318-4204382875-4262773496-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-768070318-4204382875-4262773496-501 - Limited - Disabled)
Josephine Mireille (S-1-5-21-768070318-4204382875-4262773496-1001 - Administrator - Enabled) => C:\Users\Josephine Mireille

==================== Faulty Device Manager Devices =============

Name: Broadcom NetLink (TM)-Gigabit-Ethernet
Description: Broadcom NetLink (TM)-Gigabit-Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom Corporation
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 05:26:41 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (01/12/2015 09:43:13 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (01/12/2015 09:42:42 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcMessaging remove all devices. [0]

Error: (01/12/2015 09:39:22 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]

Error: (01/12/2015 00:10:16 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]

Error: (01/12/2015 00:10:15 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]

Error: (01/11/2015 07:20:00 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]

Error: (01/11/2015 07:19:59 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]

Error: (01/11/2015 03:05:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_235.exe, Version: 16.0.0.235, Zeitstempel: 0x546fbf96
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02667488
ID des fehlerhaften Prozesses: 0xca0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_235.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_235.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_235.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_235.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_235.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_235.exe5

Error: (01/08/2015 08:15:25 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]


System errors:
=============
Error: (01/13/2015 10:24:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/13/2015 10:20:44 PM) (Source: DCOM) (EventID: 10010) (User: MIREILLE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/13/2015 10:20:44 PM) (Source: DCOM) (EventID: 10010) (User: MIREILLE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/12/2015 00:43:10 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/12/2015 10:30:28 AM) (Source: DCOM) (EventID: 10010) (User: MIREILLE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/12/2015 10:30:28 AM) (Source: DCOM) (EventID: 10010) (User: MIREILLE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/12/2015 09:45:32 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/12/2015 00:23:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Microsoft.BingWeather

Error: (01/12/2015 00:23:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: microsoft.windowscommunicationsapps


Microsoft Office Sessions:
=========================
Error: (01/13/2015 05:26:41 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (01/12/2015 09:43:13 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (01/12/2015 09:42:42 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcMessaging remove all devices. [0]

Error: (01/12/2015 09:39:22 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]

Error: (01/12/2015 00:10:16 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]

Error: (01/12/2015 00:10:15 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]

Error: (01/11/2015 07:20:00 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]

Error: (01/11/2015 07:19:59 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]

Error: (01/11/2015 03:05:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_235.exe16.0.0.235546fbf96unknown0.0.0.000000000c000000502667488ca001d02d983a64061eC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exeunknownda0a36a3-999a-11e4-bede-485ab66d3c08

Error: (01/08/2015 08:15:25 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 3976.36 MB
Available physical RAM: 2484.21 MB
Total Pagefile: 5832.36 MB
Available Pagefile: 4154.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:305.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9550422)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Geändert von LuffyXD (14.01.2015 um 00:38 Uhr)

Alt 14.01.2015, 00:34   #2
LuffyXD
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


Gmer.txt

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-13 23:43:41
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST500LT012-9WS142 rev.0001SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\JOSEPH~1\AppData\Local\Temp\pwlcypow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                               fffff96000184200 15 bytes [00, 28, F6, 01, 80, 1C, 6C, ...]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                          fffff96000184210 11 bytes [00, 0E, FC, FF, 00, 05, C4, ...]

---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                    00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                           00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                             00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                             00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                            00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                    00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                      00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                         00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                              00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                           00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                       00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                                     00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                              00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                          00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                          00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                                     00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                   00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                                                  00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\WINDOWS\system32\dwm.exe[1052] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                       00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                              00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                               00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                       00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                         00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                            00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                 00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                              00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                          00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                        00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                              00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                               00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                 00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                             00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                             00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                        00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                      00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                         00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                     00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                           00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\WINDOWS\system32\nvvsvc.exe[1160] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                   00007ffffc4c169a 4 bytes [4C, FC, FF, 7F]
.text   C:\WINDOWS\system32\nvvsvc.exe[1160] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                   00007ffffc4c16a2 4 bytes [4C, FC, FF, 7F]
.text   C:\WINDOWS\system32\nvvsvc.exe[1160] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                      00007ffffc4c181a 4 bytes [4C, FC, FF, 7F]
.text   C:\WINDOWS\system32\nvvsvc.exe[1160] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                      00007ffffc4c1832 4 bytes [4C, FC, FF, 7F]
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                       00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                         00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                         00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                        00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                  00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                     00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                          00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                       00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                   00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                 00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                          00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                      00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                      00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                 00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo               00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                  00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2              00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                    00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex                          00007ffff1efa204 5 bytes JMP 00007ffffb9805a8
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9                            00007ffff1f122cc 6 bytes JMP 00007ffffb980570
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                       00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3716] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                        00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                             00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                    00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                      00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                      00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                     00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                             00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                               00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                  00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                       00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                    00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                              00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW                                                       00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesA                                                   00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesW                                                   00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExW                                              00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo                                            00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                               00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                                           00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                 00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                 00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                        00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                          00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                          00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                         00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                 00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                   00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                      00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                           00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                        00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                    00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                  00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                        00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                         00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                           00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                       00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                       00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                  00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                   00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                               00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\Windows\System32\InputMethod\KOR\KorIME.exe[3932] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                     00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                 00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                        00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                          00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                          00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                         00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                 00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                   00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                      00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                           00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                        00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                    00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                                  00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                           00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                       00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                       00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                                  00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                   00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                                               00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                     00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                                        00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\WINDOWS\system32\igfxEM.exe[4080] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                                         00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                 00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                        00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                          00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                          00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                         00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                 00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                   00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                      00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                           00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                        00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                    00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                                  00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                           00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                       00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                       00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                                  00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                   00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                                               00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                     00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                                        00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\WINDOWS\system32\igfxHK.exe[3084] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                                         00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                               00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                      00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                        00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                        00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                       00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                               00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                 00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                    00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                         00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                      00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                  00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                                00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                                      00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                                       00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                 00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                                             00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                   00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                         00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                     00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                     00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                                00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\Windows\System32\skydrive.exe[3672] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                              00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation           00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                  00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                    00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                    00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                   00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx           00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW             00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                     00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                  00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW              00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW            00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                     00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                 00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                 00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW            00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo          00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList             00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2         00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo               00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                  00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                   00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                   00007fffe62c1f6a 4 bytes [2C, E6, FF, 7F]
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4276] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                   00007fffe62c1f82 4 bytes [2C, E6, FF, 7F]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                       00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                         00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                         00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                        00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                  00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                     00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                          00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                       00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                   00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                 00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                          00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                      00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                      00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                 00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                               00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                  00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                              00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                    00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                       00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4288] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                        00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation    00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW           00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA             00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW             00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW            00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx    00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW      00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW         00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary              00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW           00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW       00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW     00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\USER32.dll!CreateWindowExW              00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA          00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW          00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW     00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo   00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList      00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2  00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo        00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket           00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4308] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance            00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                 00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                        00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                          00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                          00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                         00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                 00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                   00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                      00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                           00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                        00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                    00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                  00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                           00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                       00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                       00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                  00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                   00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                               00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                     00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                        00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4400] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                         00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                  00007ffffc5328c0 7 bytes JMP 00008000fb8d0260
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                         00007ffffc5343d8 7 bytes JMP 00008000fb8d0298
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                           00007ffffc5e1f20 7 bytes JMP 00008000fb8d0308
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                           00007ffffc5e40b4 7 bytes JMP 00008000fb8d0340
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                          00007ffffc5e4510 7 bytes JMP 00008000fb8d02d0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                  00007ffffc60cea0 7 bytes JMP 00008000fb8d01f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                    00007ffffc60cf10 7 bytes JMP 00008000fb8d0228
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                       00007ffffb99299c 7 bytes JMP 00008000fb8d00d8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                            00007ffffb9954c8 5 bytes JMP 00008000fb8d0180
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                         00007ffffb9955b0 5 bytes JMP 00008000fb8d0148
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                     00007ffffb995e58 5 bytes JMP 00008000fb8d0110
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                   00007ffffba06200 5 bytes JMP 00008000fb8d01b8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                    00007ffffc4c169a 4 bytes [4C, FC, FF, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                    00007ffffc4c16a2 4 bytes [4C, FC, FF, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                       00007ffffc4c181a 4 bytes [4C, FC, FF, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                       00007ffffc4c1832 4 bytes [4C, FC, FF, 7F]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                            00007ffffe047834 10 bytes JMP 00008000fb8d0420
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                        00007ffffe04b4d0 5 bytes JMP 00008000fb8d03b0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                        00007ffffe04c6d8 5 bytes JMP 00008000fb8d03e8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                   00007ffffe04c8fc 5 bytes JMP 00008000fb8d0458
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                 00007ffffe04e39c 9 bytes JMP 00008000fb8d0378
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                    00007ffffbd81500 1 byte JMP 00008000fb8d0490
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                                00007ffffbd81502 6 bytes {JMP 0xffffffffffb4ef90}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                      00007ffffbd81750 8 bytes JMP 00008000fb8d04c8
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                         00007ffffdd49318 7 bytes JMP 00008000fb8d0538
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4452] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                          00007ffffdd4cbe0 7 bytes JMP 00008000fb8d0500
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                               00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                      00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                        00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                        00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                       00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                               00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                 00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                    00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                         00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                      00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                  00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                 00007ffffc4c169a 4 bytes [4C, FC, FF, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                 00007ffffc4c16a2 4 bytes [4C, FC, FF, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                    00007ffffc4c181a 4 bytes [4C, FC, FF, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                    00007ffffc4c1832 4 bytes [4C, FC, FF, 7F]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                         00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                     00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                     00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                              00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                 00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                             00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4656] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                   00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                        00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                               00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                 00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                 00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                        00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                          00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                             00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                  00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                               00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                           00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\Windows\System32\SettingSyncHost.exe[5596] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                         00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                   00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                          00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                            00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                            00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                           00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                   00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                     00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                        00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                             00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                          00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                      00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                                    00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                             00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                         00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                         00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                                    00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                  00007ffffe04e39c 9 bytes JMP 00008000fb980378
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                     00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                                                 00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                       00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                                          00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\WINDOWS\System32\msdt.exe[5136] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                                           00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                             00007ffffc5328c0 7 bytes JMP 00008000fb980260
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                    00007ffffc5343d8 7 bytes JMP 00008000fb980298
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                      00007ffffc5e1f20 7 bytes JMP 00008000fb980308
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                      00007ffffc5e40b4 7 bytes JMP 00008000fb980340
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                     00007ffffc5e4510 7 bytes JMP 00008000fb9802d0
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                             00007ffffc60cea0 7 bytes JMP 00008000fb9801f0
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                               00007ffffc60cf10 7 bytes JMP 00008000fb980228
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                  00007ffffb99299c 7 bytes JMP 00008000fb9800d8
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                       00007ffffb9954c8 5 bytes JMP 00008000fb980180
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                    00007ffffb9955b0 5 bytes JMP 00008000fb980148
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                00007ffffb995e58 5 bytes JMP 00008000fb980110
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                              00007ffffba06200 5 bytes JMP 00008000fb9801b8
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                                    00007ffffdd49318 7 bytes JMP 00008000fb980538
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                                     00007ffffdd4cbe0 7 bytes JMP 00008000fb980500
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                               00007ffffbd81500 1 byte JMP 00008000fb980490
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2                                           00007ffffbd81502 6 bytes {JMP 0xffffffffffbfef90}
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                 00007ffffbd81750 8 bytes JMP 00008000fb9804c8
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                       00007ffffe047834 10 bytes JMP 00008000fb980420
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                   00007ffffe04b4d0 5 bytes JMP 00008000fb9803b0
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                   00007ffffe04c6d8 5 bytes JMP 00008000fb9803e8
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                              00007ffffe04c8fc 5 bytes JMP 00008000fb980458
.text   C:\WINDOWS\System32\sdiagnhost.exe[6372] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                            00007ffffe04e39c 9 bytes JMP 00008000fb980378

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [580:676]                                                                                                       fffff96000884b90
Thread  C:\WINDOWS\system32\svchost.exe [1244:5004]                                                                                                   00007fffeffe10e0
Thread  C:\WINDOWS\system32\svchost.exe [1244:7384]                                                                                                   00007fffea7d38e0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                             0x6F 0x64 0xA5 0x32 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime                                                                         0x3D 0x25 0xA9 0xD7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime                                                                                0x33 0xAA 0xAF 0x32 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime                                                                            0x3D 0x25 0xA9 0xD7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE                                                                         122
Reg     HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMN17350_32_07DC_E0^32E5A83C84F67081B9C9AD9E235CC62C@Timestamp            0x76 0x26 0xAD 0x33 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                              776
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                                            4521700
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                             1855716501
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                             126
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                           432497077
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                          1836
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime                                                                        1437
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                              1100eba6-e79c-4bfb-ab0c-b3543bf
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter                                                                3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\485ab66d3c08                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\485ab66d3c08@98d6f71f35ef                                                      0xFA 0xDF 0xB9 0xAD ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\485ab66d3c08@f05a09322187                                                      0xAA 0x16 0x55 0xF1 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Services\{00001200-0000-1000-8000-00805f9b34fb}@SecurityFlags                       2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{89051d3d-2ba8-4492-b7ce-b54e5f73c9d4}@LastProbeTime                         1421188017
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{609760BF-8900-46BB-92D7-E44FE5CD150D}@DefunctTimestamp                     0xEF 0x99 0xB5 0x54 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                               ?Di?, ?Jan ?13 ?15, 10:25:19???????????????????????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                               12476
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                              2659
Reg     HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                                        124
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS                                                                          470
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5E000D1-FFA6-4238-A061-B4ABAAC40588}@LeaseObtainedTime                   1421187447
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5E000D1-FFA6-4238-A061-B4ABAAC40588}@T1                                  1421619447
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5E000D1-FFA6-4238-A061-B4ABAAC40588}@T2                                  1421943447
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5E000D1-FFA6-4238-A061-B4ABAAC40588}@LeaseTerminatesTime                 1422051447
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                                              0
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                                            0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                                        0x64 0x62 0x03 0x00 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}                         
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}@                        SynTPCpl0
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{17b6eaa6-e8d4-11e3-be66-806e6f6e6963}@Generation             358
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{17b6eaa7-e8d4-11e3-be66-806e6f6e6963}@Generation             382
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{17b6eaab-e8d4-11e3-be66-806e6f6e6963}@Generation             383
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                                                1
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\PolicyApplicationState@PolicyState                                                0
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime                                      0xF0 0x20 0x42 0xC5 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime                                 0xF0 0x20 0x42 0xC5 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime                                        0xF0 0x20 0x42 0xC5 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime                                       0xF0 0x20 0x42 0xC5 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken                                                       LM%3d63556775966940%3bID%3d10C593320689C62C!107%3bLR%3d63556784271073%3bEP%3d4%3bTD%3dTrue%3bSO%3d0
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest                                        0xC7 0xB1 0x51 0x22 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations                                                         16
Reg     HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                                                                   C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Gmer-19357.exe_d0d3955a196d9f2ab4b8ad4ff555b78d2c0b7_69ff3d88_00c3fe4d
Reg     HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog                                             0x24 0x03 0x0C 0x00 ...
Reg     HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog                                                           0x24 0x03 0x0C 0x00 ...

---- EOF - GMER 2.1 ----
Vielen Dank schonmal für die Bemühungen.
__________________
Alt 14.01.2015, 07:25   #3
schrauber
/// the machine
/// TB-Ausbilder
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
__________________
Alt 14.01.2015, 13:00   #4
LuffyXD
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


Hallo schrauber,

erstmal danke für deine Hilfe.

MBAM hat 54 unerwünschte Programme und eine Malware(rogue.multiple) gefunden.

AdwCleaner hat Registryeinträge gelöscht, dabei wurde doch in dem Forum darauf hingewiesen, die Registry unberührt zu lassen. War es richtig diese zu löschen oder hätte ich die Makierung entfernen sollen?

Nach der Anwendung von JRT war der Laptop wieder spürbar langsamer. Ist das normal?

hier sind die Logfiles:

mbam.txt

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.01.2015
Suchlauf-Zeit: 11:37:41
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.14.03
Rootkit Datenbank: v2015.01.07.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Josephine Mireille

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 417482
Verstrichene Zeit: 20 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 20
Rogue.Multiple, C:\ProgramData\374311380, Keine Aktion durch Benutzer, [39129f58f4959c9a200eae78e41fd927], 
PUP.Optional.NewPlayer.A, C:\Users\Josephine Mireille\AppData\Local\newplayer, In Quarantäne, [eb608d6a8bfeff3704dd8d0a44bf09f7], 
PUP.Optional.NewPlayer.A, C:\Users\Josephine Mireille\AppData\Local\newplayer\Playlists, In Quarantäne, [eb608d6a8bfeff3704dd8d0a44bf09f7], 
PUP.Optional.NewPlayer.A, C:\Users\Josephine Mireille\AppData\Local\newplayer\Snap, In Quarantäne, [eb608d6a8bfeff3704dd8d0a44bf09f7], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\code, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\log, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [a0ab4cab3257e056a2864cff2dd6e719], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [a0ab4cab3257e056a2864cff2dd6e719], 
PUP.Optional.SearchProtect.A, C:\Users\Josephine Mireille\AppData\Local\SearchProtect, In Quarantäne, [4506dc1b781149ed43e6074440c3f10f], 
PUP.Optional.SearchProtect.A, C:\Users\Josephine Mireille\AppData\Local\SearchProtect\Logs, In Quarantäne, [4506dc1b781149ed43e6074440c3f10f], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger, In Quarantäne, [98b3a3544b3e989ed6ef490223e0936d], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log, In Quarantäne, [98b3a3544b3e989ed6ef490223e0936d], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update, In Quarantäne, [98b3a3544b3e989ed6ef490223e0936d], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\-Re_Markable, In Quarantäne, [ce7db542daaf60d6432b77d528db3dc3], 
PUP.Optional.FreeSoftToday.A, C:\Users\Josephine Mireille\AppData\Local\fst_de_55, In Quarantäne, [1239b443e9a0e0565a3edb737d8602fe], 
PUP.Optional.FreeSoftToday.A, C:\Users\Josephine Mireille\AppData\Local\fst_de_55\fst_de_55, In Quarantäne, [1239b443e9a0e0565a3edb737d8602fe], 
PUP.Optional.FreeSoftToday.A, C:\Users\Josephine Mireille\AppData\Local\fst_de_55\fst_de_55\1.10, In Quarantäne, [1239b443e9a0e0565a3edb737d8602fe], 
PUP.Optional.SupTab.A, C:\Users\Josephine Mireille\AppData\Roaming\SupTab, In Quarantäne, [4407ca2dbbce5fd77a177fd4c73c7987], 

Dateien: 36
PUP.Optional.NewPlayer.A, C:\Users\Josephine Mireille\AppData\Local\newplayer\log.txt, In Quarantäne, [eb608d6a8bfeff3704dd8d0a44bf09f7], 
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [5af1fbfc01881e1867225253758e2ad6], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\124.json, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\MessageBox.xml, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\uninstallDlg2.xml, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\bg.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\bg1.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\bk_shadow.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\button.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\button1.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\checkbox.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\checkbox_select.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\checked.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\close.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\loading_bg.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\loading_light.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\min.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\scrollbar.bmp, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\Thumbs.db, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\unchecked.png, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\code\code1.jpg, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\code\code2.jpg, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\code\code3.jpg, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\code\code4.jpg, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\code\code5.jpg, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\code\code6.jpg, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\images\code\Thumbs.db, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\log\UninstallManager_2014-06-23[15-55-21-098].log, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Josephine Mireille\AppData\Roaming\webssearches\log\UninstallManager_2014-06-23[15-58-31-420].log, In Quarantäne, [24277a7d4346c175f04cd16be320d42c], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [a0ab4cab3257e056a2864cff2dd6e719], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log\wprotectmanager_2014-06-23[15-47-09-534].log, In Quarantäne, [98b3a3544b3e989ed6ef490223e0936d], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update\conf, In Quarantäne, [98b3a3544b3e989ed6ef490223e0936d], 
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\-Re_Markable\174.xpi, In Quarantäne, [ce7db542daaf60d6432b77d528db3dc3], 
PUP.Optional.FreeSoftToday.A, C:\Users\Josephine Mireille\AppData\Local\fst_de_55\upfst_de_55.cyl, In Quarantäne, [1239b443e9a0e0565a3edb737d8602fe], 
PUP.Optional.FreeSoftToday.A, C:\Users\Josephine Mireille\AppData\Local\fst_de_55\fst_de_55\1.10\cnf.cyl, In Quarantäne, [1239b443e9a0e0565a3edb737d8602fe], 
PUP.Optional.FreeSoftToday.A, C:\Users\Josephine Mireille\AppData\Local\fst_de_55\fst_de_55\1.10\eorezo.cyl, In Quarantäne, [1239b443e9a0e0565a3edb737d8602fe], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner[S0]

Code:
ATTFilter
# AdwCleaner v4.107 - Bericht erstellt am 14/01/2015 um 12:30:11
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : Josephine Mireille - MIREILLE
# Gestartet von : C:\Users\Josephine Mireille\Downloads\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\374311380 
Ordner Gelöscht : C:\Users\Josephine Mireille\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Josephine Mireille\AppData\Local\pdfforge
Ordner Gelöscht : C:\Users\Josephine Mireille\AppData\Local\DownloadManager
Ordner Gelöscht : C:\Users\Josephine Mireille\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Josephine Mireille\Documents\Optimizer Pro
Datei Gelöscht : C:\END

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [1397 octets] - [14/01/2015 12:19:15]
AdwCleaner[S0].txt - [1272 octets] - [14/01/2015 12:30:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1332 octets] ##########
JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro x64
Ran by Josephine Mireille on 14.01.2015 at 12:38:18,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.01.2015 at 12:39:53,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Josephine Mireille (administrator) on MIREILLE on 14-01-2015 12:44:31
Running from C:\Users\Josephine Mireille\Desktop
Loaded Profile: Josephine Mireille (Available profiles: Josephine Mireille & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2014-06-01] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [DXM6Patch_981116] => C:\WINDOWS\p_981116.exe [497376 1998-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-02] ( (Atheros Communications))
HKU\S-1-5-21-768070318-4204382875-4262773496-1001\...\MountPoints2: {8447746c-297d-11e4-bea7-485ab66d3c08} - "E:\Startme.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-768070318-4204382875-4262773496-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.digimonmasters.com/index.aspx
HKU\S-1-5-21-768070318-4204382875-4262773496-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DPF: HKLM-x32 {9A3D12F9-8802-4316-B877-022025566DA1} hxxp://www.digimonmasters.com/inc/ActiveX/launcher/20130813/Digitalic%20Launcher.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Josephine Mireille\AppData\Roaming\Mozilla\Firefox\Profiles\5h2pxznh.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-768070318-4204382875-4262773496-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Josephine Mireille\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Josephine Mireille\AppData\Roaming\Mozilla\Firefox\Profiles\5h2pxznh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-02] (Windows (R) Win 7 DDK provider)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-11-21] (BitRaider, LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2014-06-01] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-29] (VTech)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-06-27] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-11-21] (BitRaider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-02] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-06-27] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-01] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 12:44 - 2015-01-14 12:45 - 00016070 _____ () C:\Users\Josephine Mireille\Desktop\FRST.txt
2015-01-14 12:39 - 2015-01-14 12:39 - 00000631 _____ () C:\Users\Josephine Mireille\Desktop\JRT.txt
2015-01-14 12:38 - 2015-01-14 12:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-14 12:31 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-01-14 12:19 - 2015-01-14 12:30 - 00000000 ____D () C:\AdwCleaner
2015-01-14 12:05 - 2015-01-14 12:14 - 00009459 _____ () C:\Users\Josephine Mireille\Desktop\mbam.txt
2015-01-14 12:05 - 2015-01-14 12:05 - 00009459 _____ () C:\Users\Josephine Mireille\Desktop\mbam01.txt
2015-01-14 11:33 - 2015-01-14 12:42 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 11:31 - 2015-01-14 11:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 11:31 - 2015-01-14 11:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-14 11:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-14 11:31 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-14 11:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-14 11:22 - 2015-01-14 11:22 - 01707939 _____ (Thisisu) C:\Users\Josephine Mireille\Downloads\JRT.exe
2015-01-14 11:21 - 2015-01-14 11:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Josephine Mireille\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 11:21 - 2015-01-14 11:21 - 02191360 _____ () C:\Users\Josephine Mireille\Downloads\AdwCleaner_4.107.exe
2015-01-13 23:43 - 2015-01-13 23:43 - 00083661 _____ () C:\Users\Josephine Mireille\Downloads\Gmer.log
2015-01-13 23:25 - 2015-01-13 23:44 - 00000270 _____ () C:\Users\Josephine Mireille\Downloads\defogger_enable.log
2015-01-13 23:04 - 2015-01-13 23:06 - 00020254 _____ () C:\Users\Josephine Mireille\Downloads\Addition.txt
2015-01-13 23:03 - 2015-01-14 12:44 - 00000000 ____D () C:\FRST
2015-01-13 23:03 - 2015-01-13 23:06 - 00031833 _____ () C:\Users\Josephine Mireille\Downloads\FRST.txt
2015-01-13 23:02 - 2015-01-13 23:35 - 00000498 _____ () C:\Users\Josephine Mireille\Downloads\defogger_disable.log
2015-01-13 22:59 - 2015-01-13 22:59 - 02124288 _____ (Farbar) C:\Users\Josephine Mireille\Desktop\FRST64.exe
2015-01-13 22:55 - 2015-01-13 22:55 - 00000000 ____D () C:\Users\Josephine Mireille\Downloads\10 WBC
2015-01-13 22:53 - 2015-01-13 22:54 - 00380416 _____ () C:\Users\Josephine Mireille\Downloads\Gmer-19357.exe
2015-01-13 22:45 - 2015-01-13 22:45 - 00050477 _____ () C:\Users\Josephine Mireille\Downloads\Defogger.exe
2015-01-12 15:19 - 2015-01-12 15:19 - 00000000 ____D () C:\Users\Josephine Mireille\Documents\TeraSAVES
2015-01-12 09:51 - 2015-01-12 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-12 09:51 - 2014-12-13 01:11 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-12 09:51 - 2014-12-13 01:11 - 02210040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-12 09:51 - 2014-12-13 01:11 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-12 09:51 - 2014-12-13 01:11 - 01291464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-12 09:50 - 2015-01-12 10:30 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-12 09:50 - 2015-01-12 10:30 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-12 09:50 - 2015-01-12 09:50 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-12 09:49 - 2015-01-12 09:50 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-01-12 09:48 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 18594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 14128496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-01-12 09:48 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434709.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434709.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00399688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00391488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00346944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-01-12 09:48 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-01-12 09:48 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-01-12 09:48 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-01-12 09:42 - 2015-01-12 09:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-12 09:42 - 2014-12-13 09:03 - 06859408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 03513488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 01097360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-12 09:42 - 2014-12-13 09:03 - 00386368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-12 09:42 - 2014-12-13 00:11 - 04151176 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-12 03:17 - 2015-01-12 03:17 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\Panda Security
2015-01-12 03:16 - 2015-01-12 03:16 - 00000180 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-01-12 01:28 - 2015-01-12 01:28 - 00001298 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-01-12 01:28 - 2015-01-12 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-01-12 00:23 - 2015-01-12 00:23 - 00227096 _____ () C:\Users\Administrator\Downloads\avira_registry_cleaner_de.exe
2015-01-12 00:16 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-12 00:15 - 2015-01-12 01:28 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-12 00:15 - 2015-01-12 00:15 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Panda Security
2015-01-12 00:15 - 2015-01-12 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-12 00:13 - 2015-01-12 00:16 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-02 22:10 - 2015-01-13 22:58 - 00000000 ____D () C:\Users\Josephine Mireille\Downloads\Sims 4
2014-12-25 10:35 - 2014-12-25 10:35 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 22:43 - 2014-12-24 22:43 - 00000000 ____D () C:\Users\Josephine Mireille\Documents\Electronic Arts
2014-12-24 22:41 - 2014-12-24 22:41 - 00001362 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-12-24 22:41 - 2014-12-24 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-12-24 22:41 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2014-12-19 20:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 20:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-18 11:48 - 2014-12-18 11:48 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w95inf32.dll
2014-12-18 11:48 - 2014-12-18 11:48 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w95inf16.dll
2014-12-18 11:48 - 1998-09-02 09:28 - 01088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\danim.dll
2014-12-18 11:48 - 1998-09-02 09:28 - 00155408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LMRT.dll
2014-12-18 11:48 - 1998-09-02 09:28 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unam4ie.exe
2014-12-18 11:48 - 1998-09-02 09:28 - 00038160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LMRTREND.dll
2014-12-18 11:48 - 1998-09-02 09:02 - 00194320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qcut.dll
2014-12-18 11:48 - 1998-08-27 05:51 - 00182032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft3.dll
2014-12-18 11:48 - 1998-08-20 12:02 - 00140800 _____ (The Duck Corporation) C:\WINDOWS\SysWOW64\tm20dec.ax
2014-12-18 11:48 - 1998-08-20 11:38 - 00217984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\strmdll.dll
2014-12-18 11:48 - 1998-08-17 10:21 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciqtz.drv
2014-12-18 11:48 - 1998-08-17 10:21 - 00010240 _____ () C:\WINDOWS\SysWOW64\vidx16.dll
2014-12-18 11:48 - 1998-08-17 10:21 - 00005672 _____ () C:\WINDOWS\SysWOW64\quartz.vxd
2014-12-18 11:24 - 2014-12-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Catan
2014-12-18 11:24 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\WINDOWS\IsUn0407.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 12:43 - 2014-05-31 23:16 - 01186589 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-14 12:42 - 2014-06-01 09:37 - 00000000 __RDO () C:\Users\Josephine Mireille\OneDrive
2015-01-14 12:41 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-14 12:41 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-14 12:31 - 2014-03-18 02:51 - 00214458 _____ () C:\WINDOWS\PFRO.log
2015-01-14 12:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-13 23:44 - 2014-05-31 23:06 - 00000000 ____D () C:\Users\Josephine Mireille
2015-01-13 23:24 - 2014-05-31 16:59 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Local\CrashDumps
2015-01-13 23:12 - 2014-03-18 11:04 - 01689572 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-13 23:12 - 2014-03-18 10:25 - 00728968 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-13 23:12 - 2014-03-18 10:25 - 00152122 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-13 23:07 - 2014-05-31 11:11 - 00000000 ____D () C:\Users\Josephine Mireille\Documents\Bluetooth Folder
2015-01-13 22:20 - 2014-06-02 13:48 - 00000000 ____D () C:\ProgramData\Origin
2015-01-13 22:19 - 2014-06-02 13:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-13 20:59 - 2014-06-03 22:48 - 00000000 ____D () C:\Users\Josephine Mireille\Downloads\Gameforge Live
2015-01-12 19:17 - 2014-11-11 11:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-12 10:07 - 2014-05-31 16:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-768070318-4204382875-4262773496-1001
2015-01-12 09:51 - 2014-06-01 07:22 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Local\NVIDIA Corporation
2015-01-12 09:51 - 2014-05-31 16:35 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-12 09:51 - 2014-05-31 16:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-12 09:50 - 2013-08-22 15:46 - 00008474 _____ () C:\WINDOWS\setupact.log
2015-01-12 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-12 09:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-01-12 09:40 - 2013-08-22 15:44 - 00384464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-12 00:34 - 2014-05-31 23:36 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-768070318-4204382875-4262773496-500
2015-01-12 00:21 - 2014-11-04 09:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-12 00:10 - 2014-05-31 23:06 - 00000000 ____D () C:\Users\Administrator
2015-01-12 00:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-11 00:33 - 2014-08-14 12:23 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\TS3Client
2014-12-28 20:10 - 2014-06-01 19:23 - 00007605 _____ () C:\Users\Josephine Mireille\AppData\Local\Resmon.ResmonCfg
2014-12-24 20:06 - 2014-06-02 13:50 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\Origin
2014-12-24 20:06 - 2014-06-02 13:50 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-21 17:28 - 2014-06-01 08:58 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\Atheros
2014-12-20 13:08 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-19 15:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-18 11:47 - 2013-08-22 12:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-12-18 11:47 - 2013-08-22 12:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-12-18 11:47 - 2013-08-22 12:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-12-18 11:47 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-12-18 11:47 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-12-18 11:47 - 2013-08-22 05:05 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-12-18 11:47 - 2013-08-22 05:03 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-12-18 11:47 - 2013-08-22 04:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-12-18 11:47 - 2013-08-22 04:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-12-18 11:47 - 2013-08-22 04:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-12-18 11:47 - 2013-08-22 04:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-12-18 11:47 - 2013-08-22 04:51 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-12-18 11:47 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-12-18 11:47 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-12-17 21:22 - 2014-05-31 16:09 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\{8AE74035-125D-44A3-8BA6-7E8172E91058}.exe
C:\Users\Josephine Mireille\AppData\Local\Temp\avgnt.exe
C:\Users\Josephine Mireille\AppData\Local\Temp\Quarantine.exe
C:\Users\Josephine Mireille\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 13:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Josephine Mireille at 2015-01-14 12:45:33
Running from C:\Users\Josephine Mireille\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Disabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.01.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
DigimonMasters Online (HKLM-x32\...\DigimonMasters) (Version:  - Move games)
DigimonMasters Online Launcher (HKLM-x32\...\DigimonMasters Launcher) (Version:  - Move games)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.0 - pdfforge)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.320 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.31 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28130 - Realtek Semiconductor Corp.)
ServiceInstaller (HKLM-x32\...\ServiceInstaller) (Version:  - )
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.59 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
Unity Web Player (HKU\S-1-5-21-768070318-4204382875-4262773496-1001\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-768070318-4204382875-4262773496-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

28-12-2014 19:12:00 Removed Java 8 Update 5
07-01-2015 13:07:14 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4F0F85C3-4DFA-44AF-A3FD-E3F618B0D5EB} - System32\Tasks\{0BFEC8A9-7CA1-4DF0-8B13-D074D1A03D80} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_223_Plugin.exe -c -maintain plugin
Task: {E2600F8A-C7E0-43A7-B24F-25CF05F98856} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2015-01-12 09:42 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-02 01:25 - 2014-04-02 01:25 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-02 01:22 - 2014-04-02 01:22 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-02 01:28 - 2014-04-02 01:28 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-10-13 02:49 - 2014-06-20 07:42 - 00401280 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-10-13 02:49 - 2014-03-04 12:20 - 00117760 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2014-10-13 02:49 - 2014-04-22 03:14 - 00065536 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QHttpServer.dll
2014-10-13 02:49 - 2014-05-06 06:39 - 00861184 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\platforms\qwindows.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00021504 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qgif.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00020992 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qico.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00204800 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00218112 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qmng.dll
2014-10-13 02:49 - 2014-05-06 06:58 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00015360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtga.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00307712 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00014848 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll
2014-10-13 02:49 - 2014-05-06 07:31 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00036352 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00038912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll
2014-06-01 21:39 - 2014-06-01 21:36 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Josephine Mireille\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "DXM6Patch_981116"

========================= Accounts: ==========================

Administrator (S-1-5-21-768070318-4204382875-4262773496-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-768070318-4204382875-4262773496-501 - Limited - Disabled)
Josephine Mireille (S-1-5-21-768070318-4204382875-4262773496-1001 - Administrator - Enabled) => C:\Users\Josephine Mireille

==================== Faulty Device Manager Devices =============

Name: Broadcom NetLink (TM)-Gigabit-Ethernet
Description: Broadcom NetLink (TM)-Gigabit-Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom Corporation
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/14/2015 00:42:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 31%
Total physical RAM: 3976.36 MB
Available physical RAM: 2705.44 MB
Total Pagefile: 5832.36 MB
Available Pagefile: 4469.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:305.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9550422)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Geändert von LuffyXD (14.01.2015 um 13:28 Uhr)

Alt 14.01.2015, 13:25   #5
schrauber
/// the machine
/// TB-Ausbilder
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.01.2015, 21:52   #6
LuffyXD
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


Hallo schrauber,

Eset Online Scanner hatte zunächst Probleme beim Downloaden der Signaturen. Nach mehrmaligen Neustarten des Programmes funktionierte es dann einwandfrei. Es wurden 2 Bedrohungen entdeckt. Während des Scanlaufes ist mir aufgefallen, dass noch alte Treiberreste von meiner Grafikkarte vorhanden sind, so gesehen die Version, die ich zuvor noch installiert hatte.

Hier die neuen Logfiles:

Eset Online Scanner

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5f8922fc5e9d8548a72dea96c2516265
# engine=21968
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-14 07:21:30
# local_time=2015-01-14 08:21:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 248740 207459264 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4503780 46144583 0 0
# scanned=133
# found=0
# cleaned=0
# scan_time=34
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5f8922fc5e9d8548a72dea96c2516265
# engine=21968
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-14 08:31:56
# local_time=2015-01-14 09:31:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 252966 207463490 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4508006 46148809 0 0
# scanned=187600
# found=2
# cleaned=0
# scan_time=4152
sh=15219C0F274C5C9956981C91ABEC5D4E3A1F6442 ft=1 fh=3fec66b3c1704bce vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=27BE2CB6B8D7EA55306D3C0EC4888BD1402A7690 ft=1 fh=6f771ae31cc34ec8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Temp\{8AE74035-125D-44A3-8BA6-7E8172E91058}.exe"
Security Check

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Panda Free Antivirus   
Windows Defender       
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Panda Cloud Cleaner   
 Adobe Flash Player 	16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Josephine Mireille (administrator) on MIREILLE on 14-01-2015 21:46:46
Running from C:\Users\Josephine Mireille\Downloads
Loaded Profile: Josephine Mireille (Available profiles: Josephine Mireille & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Disney.FrozenFreeFall_2.2.0.2_x86__6rarf9sa4v8jt\Template.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2014-06-01] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [DXM6Patch_981116] => C:\WINDOWS\p_981116.exe [497376 1998-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-02] ( (Atheros Communications))
HKU\S-1-5-21-768070318-4204382875-4262773496-1001\...\MountPoints2: {8447746c-297d-11e4-bea7-485ab66d3c08} - "E:\Startme.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-768070318-4204382875-4262773496-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.digimonmasters.com/index.aspx
HKU\S-1-5-21-768070318-4204382875-4262773496-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DPF: HKLM-x32 {9A3D12F9-8802-4316-B877-022025566DA1} hxxp://www.digimonmasters.com/inc/ActiveX/launcher/20130813/Digitalic%20Launcher.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Josephine Mireille\AppData\Roaming\Mozilla\Firefox\Profiles\5h2pxznh.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-768070318-4204382875-4262773496-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Josephine Mireille\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Josephine Mireille\AppData\Roaming\Mozilla\Firefox\Profiles\5h2pxznh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-02] (Windows (R) Win 7 DDK provider)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-11-21] (BitRaider, LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2014-06-01] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-29] (VTech)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-06-27] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-11-21] (BitRaider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-02] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-06-27] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-01] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 21:45 - 2015-01-14 21:46 - 00016051 _____ () C:\Users\Josephine Mireille\Downloads\FRST.txt
2015-01-14 21:44 - 2015-01-14 21:44 - 00000498 _____ () C:\Users\Josephine Mireille\Downloads\defogger_disable.log
2015-01-14 21:44 - 2015-01-14 21:44 - 00000000 _____ () C:\Users\Josephine Mireille\defogger_reenable
2015-01-14 19:29 - 2015-01-14 21:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-14 19:09 - 2015-01-14 19:09 - 00852505 _____ () C:\Users\Josephine Mireille\Downloads\SecurityCheck.exe
2015-01-14 19:07 - 2015-01-14 19:08 - 02347384 _____ (ESET) C:\Users\Josephine Mireille\Downloads\esetsmartinstaller_deu.exe
2015-01-14 12:38 - 2015-01-14 12:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-14 12:31 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-01-14 12:19 - 2015-01-14 12:30 - 00000000 ____D () C:\AdwCleaner
2015-01-14 11:33 - 2015-01-14 19:00 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 11:31 - 2015-01-14 11:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 11:31 - 2015-01-14 11:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-14 11:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-14 11:31 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-14 11:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-14 11:22 - 2015-01-14 11:22 - 01707939 _____ (Thisisu) C:\Users\Josephine Mireille\Downloads\JRT.exe
2015-01-14 11:21 - 2015-01-14 11:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Josephine Mireille\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 11:21 - 2015-01-14 11:21 - 02191360 _____ () C:\Users\Josephine Mireille\Downloads\AdwCleaner_4.107.exe
2015-01-13 23:03 - 2015-01-14 21:46 - 00000000 ____D () C:\FRST
2015-01-13 22:59 - 2015-01-13 22:59 - 02124288 _____ (Farbar) C:\Users\Josephine Mireille\Downloads\FRST64.exe
2015-01-13 22:55 - 2015-01-13 22:55 - 00000000 ____D () C:\Users\Josephine Mireille\Downloads\10 WBC
2015-01-13 22:53 - 2015-01-13 22:54 - 00380416 _____ () C:\Users\Josephine Mireille\Downloads\Gmer-19357.exe
2015-01-13 22:45 - 2015-01-13 22:45 - 00050477 _____ () C:\Users\Josephine Mireille\Downloads\Defogger.exe
2015-01-12 15:19 - 2015-01-12 15:19 - 00000000 ____D () C:\Users\Josephine Mireille\Documents\TeraSAVES
2015-01-12 09:51 - 2015-01-12 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-12 09:51 - 2014-12-13 01:11 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-12 09:51 - 2014-12-13 01:11 - 02210040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-12 09:51 - 2014-12-13 01:11 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-12 09:51 - 2014-12-13 01:11 - 01291464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-12 09:50 - 2015-01-12 10:30 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-12 09:50 - 2015-01-12 10:30 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-12 09:50 - 2015-01-12 09:50 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-12 09:48 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 18594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 14128496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-01-12 09:48 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434709.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434709.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00399688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00391488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00346944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-01-12 09:48 - 2014-12-13 11:08 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-01-12 09:48 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-01-12 09:48 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-01-12 09:48 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-01-12 09:42 - 2015-01-12 09:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-12 09:42 - 2014-12-13 09:03 - 06859408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 03513488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 01097360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-12 09:42 - 2014-12-13 09:03 - 00386368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-01-12 09:42 - 2014-12-13 09:03 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-12 09:42 - 2014-12-13 00:11 - 04151176 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-12 03:17 - 2015-01-12 03:17 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\Panda Security
2015-01-12 03:16 - 2015-01-12 03:16 - 00000180 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-01-12 01:28 - 2015-01-12 01:28 - 00001298 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-01-12 01:28 - 2015-01-12 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-01-12 00:23 - 2015-01-12 00:23 - 00227096 _____ () C:\Users\Administrator\Downloads\avira_registry_cleaner_de.exe
2015-01-12 00:16 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-12 00:15 - 2015-01-12 01:28 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-12 00:15 - 2015-01-12 00:15 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Panda Security
2015-01-12 00:15 - 2015-01-12 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-12 00:13 - 2015-01-12 00:16 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-02 22:10 - 2015-01-13 22:58 - 00000000 ____D () C:\Users\Josephine Mireille\Downloads\Sims 4
2014-12-25 10:35 - 2014-12-25 10:35 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 22:43 - 2014-12-24 22:43 - 00000000 ____D () C:\Users\Josephine Mireille\Documents\Electronic Arts
2014-12-24 22:41 - 2014-12-24 22:41 - 00001362 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-12-24 22:41 - 2014-12-24 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-12-24 22:41 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2014-12-19 20:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 20:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-18 11:48 - 2014-12-18 11:48 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w95inf32.dll
2014-12-18 11:48 - 2014-12-18 11:48 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w95inf16.dll
2014-12-18 11:48 - 1998-09-02 09:28 - 01088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\danim.dll
2014-12-18 11:48 - 1998-09-02 09:28 - 00155408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LMRT.dll
2014-12-18 11:48 - 1998-09-02 09:28 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unam4ie.exe
2014-12-18 11:48 - 1998-09-02 09:28 - 00038160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LMRTREND.dll
2014-12-18 11:48 - 1998-09-02 09:02 - 00194320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qcut.dll
2014-12-18 11:48 - 1998-08-27 05:51 - 00182032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft3.dll
2014-12-18 11:48 - 1998-08-20 12:02 - 00140800 _____ (The Duck Corporation) C:\WINDOWS\SysWOW64\tm20dec.ax
2014-12-18 11:48 - 1998-08-20 11:38 - 00217984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\strmdll.dll
2014-12-18 11:48 - 1998-08-17 10:21 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciqtz.drv
2014-12-18 11:48 - 1998-08-17 10:21 - 00010240 _____ () C:\WINDOWS\SysWOW64\vidx16.dll
2014-12-18 11:48 - 1998-08-17 10:21 - 00005672 _____ () C:\WINDOWS\SysWOW64\quartz.vxd
2014-12-18 11:24 - 2014-12-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Catan
2014-12-18 11:24 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\WINDOWS\IsUn0407.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 21:44 - 2014-05-31 23:06 - 00000000 ____D () C:\Users\Josephine Mireille
2015-01-14 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-14 20:53 - 2014-05-31 23:16 - 01460569 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-14 14:42 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 13:16 - 2014-06-01 09:37 - 00000000 ___DO () C:\Users\Josephine Mireille\OneDrive
2015-01-14 13:13 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-14 13:05 - 2014-06-03 22:48 - 00000000 ____D () C:\Users\Josephine Mireille\Downloads\Gameforge Live
2015-01-14 12:41 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-14 12:31 - 2014-03-18 02:51 - 00214458 _____ () C:\WINDOWS\PFRO.log
2015-01-13 23:24 - 2014-05-31 16:59 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Local\CrashDumps
2015-01-13 23:12 - 2014-03-18 11:04 - 01689572 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-13 23:12 - 2014-03-18 10:25 - 00728968 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-13 23:12 - 2014-03-18 10:25 - 00152122 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-13 23:07 - 2014-05-31 11:11 - 00000000 ____D () C:\Users\Josephine Mireille\Documents\Bluetooth Folder
2015-01-13 22:20 - 2014-06-02 13:48 - 00000000 ____D () C:\ProgramData\Origin
2015-01-13 22:19 - 2014-06-02 13:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-12 19:17 - 2014-11-11 11:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-12 10:07 - 2014-05-31 16:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-768070318-4204382875-4262773496-1001
2015-01-12 09:51 - 2014-06-01 07:22 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Local\NVIDIA Corporation
2015-01-12 09:51 - 2014-05-31 16:35 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-12 09:51 - 2014-05-31 16:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-12 09:50 - 2013-08-22 15:46 - 00008474 _____ () C:\WINDOWS\setupact.log
2015-01-12 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-12 09:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-01-12 09:40 - 2013-08-22 15:44 - 00384464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-12 00:34 - 2014-05-31 23:36 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-768070318-4204382875-4262773496-500
2015-01-12 00:21 - 2014-11-04 09:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-12 00:10 - 2014-05-31 23:06 - 00000000 ____D () C:\Users\Administrator
2015-01-12 00:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-11 00:33 - 2014-08-14 12:23 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\TS3Client
2014-12-28 20:10 - 2014-06-01 19:23 - 00007605 _____ () C:\Users\Josephine Mireille\AppData\Local\Resmon.ResmonCfg
2014-12-24 20:06 - 2014-06-02 13:50 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\Origin
2014-12-24 20:06 - 2014-06-02 13:50 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-21 17:28 - 2014-06-01 08:58 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Roaming\Atheros
2014-12-19 15:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-18 11:47 - 2013-08-22 12:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-12-18 11:47 - 2013-08-22 12:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-12-18 11:47 - 2013-08-22 12:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-12-18 11:47 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-12-18 11:47 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-12-18 11:47 - 2013-08-22 05:05 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-12-18 11:47 - 2013-08-22 05:03 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-12-18 11:47 - 2013-08-22 04:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-12-18 11:47 - 2013-08-22 04:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-12-18 11:47 - 2013-08-22 04:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-12-18 11:47 - 2013-08-22 04:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-12-18 11:47 - 2013-08-22 04:51 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-12-18 11:47 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-12-18 11:47 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-12-17 21:22 - 2014-05-31 16:09 - 00000000 ____D () C:\Users\Josephine Mireille\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\{8AE74035-125D-44A3-8BA6-7E8172E91058}.exe
C:\Users\Josephine Mireille\AppData\Local\Temp\avgnt.exe
C:\Users\Josephine Mireille\AppData\Local\Temp\Quarantine.exe
C:\Users\Josephine Mireille\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 13:16

==================== End Of Log ============================
--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Josephine Mireille at 2015-01-14 21:47:05
Running from C:\Users\Josephine Mireille\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Disabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.01.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
DigimonMasters Online (HKLM-x32\...\DigimonMasters) (Version:  - Move games)
DigimonMasters Online Launcher (HKLM-x32\...\DigimonMasters Launcher) (Version:  - Move games)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.0 - pdfforge)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.320 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.31 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28130 - Realtek Semiconductor Corp.)
ServiceInstaller (HKLM-x32\...\ServiceInstaller) (Version:  - )
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.59 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
Unity Web Player (HKU\S-1-5-21-768070318-4204382875-4262773496-1001\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-768070318-4204382875-4262773496-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

28-12-2014 19:12:00 Removed Java 8 Update 5
07-01-2015 13:07:14 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4F0F85C3-4DFA-44AF-A3FD-E3F618B0D5EB} - System32\Tasks\{0BFEC8A9-7CA1-4DF0-8B13-D074D1A03D80} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_223_Plugin.exe -c -maintain plugin
Task: {E2600F8A-C7E0-43A7-B24F-25CF05F98856} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2015-01-12 09:42 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-02 01:25 - 2014-04-02 01:25 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-02 01:22 - 2014-04-02 01:22 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-02 01:28 - 2014-04-02 01:28 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-10-13 02:49 - 2014-06-20 07:42 - 00401280 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2014-12-24 14:00 - 2014-12-24 14:01 - 00130048 _____ () C:\Program Files\WindowsApps\Disney.FrozenFreeFall_2.2.0.2_x86__6rarf9sa4v8jt\Template.exe
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-06-01 21:39 - 2014-06-01 21:36 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-13 02:49 - 2014-03-04 12:20 - 00117760 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2014-10-13 02:49 - 2014-04-22 03:14 - 00065536 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QHttpServer.dll
2014-10-13 02:49 - 2014-05-06 06:39 - 00861184 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\platforms\qwindows.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00021504 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qgif.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00020992 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qico.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00204800 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00218112 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qmng.dll
2014-10-13 02:49 - 2014-05-06 06:58 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00015360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtga.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00307712 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00014848 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll
2014-10-13 02:49 - 2014-05-06 07:31 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00036352 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00038912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll
2014-12-28 11:55 - 2014-12-28 11:55 - 00631296 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\Template\9748bd14ef7fee75b77b5b0e7330ddc5\Template.ni.exe
2014-11-07 15:55 - 2014-11-07 15:55 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
2014-12-18 01:10 - 2014-12-18 01:10 - 00043520 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\UnityPlayer\6644fd283d03b173b04793e3f7cab104\UnityPlayer.ni.dll
2014-12-17 21:21 - 2014-12-17 21:21 - 09444864 _____ () C:\Program Files\WindowsApps\Disney.FrozenFreeFall_2.2.0.2_x86__6rarf9sa4v8jt\UnityPlayer.dll
2014-11-07 15:55 - 2014-11-07 15:55 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
2014-12-18 01:10 - 2014-12-18 01:10 - 00278016 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\WinRTBridge\9c224632a4a33a069ec8ed50c19df73e\WinRTBridge.ni.dll
2014-12-18 01:10 - 2014-12-18 01:10 - 00090624 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\BridgeInterface\25bf1662b32ccc264f2da294bc6896ec\BridgeInterface.ni.dll
2014-12-28 11:55 - 2014-12-28 11:55 - 09838592 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\Assembly-CSharp\d18c142758317484d989eae95a2ddd85\Assembly-CSharp.ni.dll
2014-12-28 11:59 - 2014-12-28 11:59 - 04752384 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\UnityEngine\cf478b7f7cdb1ccd3cdb1b61f7f7f6dc\UnityEngine.ni.dll
2014-11-07 15:55 - 2014-11-07 15:55 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
2014-11-07 15:55 - 2014-11-07 15:55 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
2014-11-07 15:55 - 2014-11-07 15:55 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-12-28 11:59 - 2014-12-28 11:59 - 00798208 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\Assembly-CS2939542b#\538bb6e5ed99ec142e6d7e5e8ff4ddb8\Assembly-CSharp-firstpass.ni.dll
2014-12-18 01:10 - 2014-12-18 01:10 - 01344512 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\UnityEngineProxy\d9a01b0aacca4c66aa1addc8d0c9df5c\UnityEngineProxy.ni.dll
2014-12-18 01:10 - 2014-12-18 01:10 - 00048640 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\Assembly-UnityScript\a16f7fa5fbee6508005894f4f32fddc7\Assembly-UnityScript.ni.dll
2014-12-18 01:10 - 2014-12-18 01:10 - 00373248 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\Boo.Lang\1a505c25dbc999e80a3d53db2c2c2188\Boo.Lang.ni.dll
2014-12-18 01:10 - 2014-12-18 01:10 - 00053760 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\UnityScript.Lang\3676a9e2a3613f59dd04f167ecb3912c\UnityScript.Lang.ni.dll
2014-12-17 21:21 - 2014-12-17 21:21 - 00394752 _____ () C:\Program Files\WindowsApps\Disney.FrozenFreeFall_2.2.0.2_x86__6rarf9sa4v8jt\UnityEngineDelegates.dll
2014-12-18 01:10 - 2014-12-18 01:10 - 01572352 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\WinRTLegacy\2d1583f5f8d48b800b5d7f16f5ce5699\WinRTLegacy.ni.dll
2014-11-07 19:24 - 2014-11-07 19:24 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2014-12-28 11:55 - 2014-12-28 11:55 - 01582592 _____ () C:\Users\Josephine Mireille\AppData\Local\Packages\Disney.FrozenFreeFall_6rarf9sa4v8jt\AC\Microsoft\CLR_v4.0_32\NativeImages\msdk\8c9036e07e84b6490677f0b2690630b2\msdk.ni.dll
2014-11-07 15:55 - 2014-11-07 15:55 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
2014-11-07 19:24 - 2014-11-07 19:24 - 00402432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\ade4f25e9d8384f190ede9eb090281cb\Windows.Security.ni.dll
2014-11-07 19:24 - 2014-11-07 19:24 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Josephine Mireille\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "DXM6Patch_981116"

========================= Accounts: ==========================

Administrator (S-1-5-21-768070318-4204382875-4262773496-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-768070318-4204382875-4262773496-501 - Limited - Disabled)
Josephine Mireille (S-1-5-21-768070318-4204382875-4262773496-1001 - Administrator - Enabled) => C:\Users\Josephine Mireille

==================== Faulty Device Manager Devices =============

Name: Broadcom NetLink (TM)-Gigabit-Ethernet
Description: Broadcom NetLink (TM)-Gigabit-Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom Corporation
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2015 09:36:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/14/2015 08:21:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/14/2015 08:21:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/14/2015 08:15:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/14/2015 08:15:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/14/2015 08:10:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/14/2015 07:30:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/14/2015 07:30:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/14/2015 07:29:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/14/2015 07:29:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (01/14/2015 01:13:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/14/2015 00:48:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/14/2015 00:42:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================
Error: (01/14/2015 09:36:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/14/2015 08:21:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Josephine Mireille\Downloads\esetsmartinstaller_deu.exe

Error: (01/14/2015 08:21:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Josephine Mireille\Downloads\esetsmartinstaller_deu.exe

Error: (01/14/2015 08:15:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Josephine Mireille\Downloads\esetsmartinstaller_deu.exe

Error: (01/14/2015 08:15:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Josephine Mireille\Downloads\esetsmartinstaller_deu.exe

Error: (01/14/2015 08:10:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Josephine Mireille\Downloads\esetsmartinstaller_deu.exe

Error: (01/14/2015 07:30:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Josephine Mireille\Downloads\esetsmartinstaller_deu.exe

Error: (01/14/2015 07:30:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Josephine Mireille\Downloads\esetsmartinstaller_deu.exe

Error: (01/14/2015 07:29:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Josephine Mireille\Downloads\esetsmartinstaller_deu.exe

Error: (01/14/2015 07:29:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Josephine Mireille\Downloads\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 3976.36 MB
Available physical RAM: 2090.06 MB
Total Pagefile: 5832.36 MB
Available Pagefile: 3718.9 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:304.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9550422)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 15.01.2015, 07:09   #7
schrauber
/// the machine
/// TB-Ausbilder
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


Sieht gut aus. Bestehen noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.01.2015, 11:42   #8
LuffyXD
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


An sich denke ich, dass es keine Probleme sind, die mit Adware, Malware oder sonstigen schädlichen Programmen zu tun hat.

Wahrscheinlich bleibt mir nichts anderes, als das Gerät einzuschicken, da eventuell Hardwareprobleme Ursache sein können.

Das Seltsame ist halt, dass es immer wunderbar geklappt hat, bis zu einem gewissen Punkt, möglicherweise auch ein Problem verursacht durch ein Update des Spieleherstellers. Firefox schwächelt auch ab und an noch. Sind die Programme eventuell beschädigt, durch die Malware und unerwünschten Programme, die sich auf meinem Laptop tummelten?

Vielen Dank aufjedenfall für die Bemühungen und Hilfe, der Systemstart z.B ist deutlich schneller und andere Anwendungen laufen auch wieder flüssiger.

Mit freundlichem Gruß,
LuffyXD

Alt 15.01.2015, 12:47   #9
schrauber
/// the machine
/// TB-Ausbilder
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


dann sag mir doch mal im Klartext was noch nicht 100% passt, dann kann ich dazu evtl mehr sagen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.01.2015, 16:35   #10
LuffyXD
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


Hallo schrauber,

Firefox
Firefox brauch teilweise sehr lange um Websites zu laden. Besonders auffällig ist auch, die lange Ladezeiten von Grafiken, Videos etc. Jedoch kommt dies immer nur in unregelmäßigen Abständen vor. Deswegen habe ich schon mehrfach den Firefox vollständig deinstalliert, die Daten in Ausführen>%appdata% von Firefox gelöscht und auch in der Registry nach der Deinstallation die Daten in den Bereichen HKEY_CURRENT_USER & HKEY_LOCALE_MACHINE > Software > Mozilla & Mozilla Plugins gelöscht. Danach hatte ich den Firefox neuinstalliert & neu eingerichtet, Adblock & Noscript hinzugefügt. Wobei ich Noscript später wieder entfernt hatte, da meine Frau damit schlecht zurecht gekommen ist.

Damit war dann vorübergehend das Problem gelöst, jedoch nicht allzu lange, eventuell auch durch die Malware, PUP's etc was halt durch deine Hilfe bereits entfernt wurde. Nach deinen Anweisungen habe ich an Firefox noch keine Veränderungen getätigt, vor alle auch deswegen, da hier im Forum oft darüber informiert wurde, die Registry unangetastet zu lassen.

Ich habe nie Tuning Programme oder CCleaner auf dem Laptop angewendet.

Tera Rising (MMORPG)

Hier tritt halt seit kurzer Zeit immer häufiger das Problem auf, dass ich extreme FPS Einbrüche habe. Vor allem in den sogenannten Schlachtgruppen. Das sind Gebiete wo bis zu 20 gegen 20 Spieler gegeneinander antreten. Natürlich wird dort einiges an Speicherverbrauch abverlangt. Mein Notebook hat dies aber relativ gut gemeistert, so dass das Spiel noch spielbar war. Doch seit kurzer Zeit sinkt die FPS bis auf 0, ich hab ständig Standbilder, immer längere Ladebildschirme, Abstürze im Minuten takt usw. Daraufhin habe ich getestet, ob die Grafikeinstellungen eventuell zu hoch eingestellt sind und diese bis auf das Minimum gesenkt. Doch selbst dann ist die FPS nicht mal minimal besser.

Um mal die wichtigsten Daten aufzuführen:
- Acer Aspire V3-772G
- Intel i5-4200M 2.5GHz bis zu 3.1 GHz
- Nvidia Geforce GTX 760M 2GB
- 4 GB Ram von Kingston
- 16000er Leitung wovon aber vll 10000-11000 ankommen nach Straßenarbeiten vor unserer Wohnung

Natürlich ist das nicht das Beste vom Besten, dass ist mir bewusst, jedoch wenn ich von Spielern höre, die deutlich schlechtere Ressourcen haben, aber das Spiel besser läuft als bei mir, dann kommt das einem sehr fragwürdig vor. Und wie schon erläutert, hatte ich anfangs nicht das Problem. Ich habe zu dem Ressourcenmonitor vom Taskmanager nebenbei beobachtet, weder Ram noch CPU waren stark ausgelastet, lediglich die Festplatte lief meist auf 99-100%. Jedoch habe ich diese Probleme kaum noch, seit dem ich statt Avira Antiviren neuerdings Panda Free Antivir benutze. Den Ping habe ich mit CMD getestet und dabei sind mir nur zwischendurch ein hoher Ping aufgefallen von bis zu 480ms. Normalerweise lag dieser bei 2-18ms.

Als Gegenmaßnahme habe ich dann Lösungvorschläge ausprobiert:
- Auslagerungsdatei festlegen 4096-8192
- Reparaturfunktion des Spiels benutzen
- Daten aus dem Spielordner löschen (Tera>Client>S1Game>alle Daten die mit S1Game beginnen)

Einem Cleaninstall bin ich bisher aus dem Weg gegangen, da dieser bis zu 2 Tage dauert.


Das Notebook ist gerade mal 6-7 Monate alt.

Ich hoffe, dass die Informationen soweit eventuell weiterhelfen.

Mit freundlichem Gruß
Geändert von LuffyXD (15.01.2015 um 16:49 Uhr)

Alt 15.01.2015, 17:14   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Standard

Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


Zitat:
Firefox
FF zurücksetzen:

https://support.mozilla.org/de/kb/fi...einfach-loesen

Dann die Hardwarebeschleunigung in FF abschalten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen
adware, antivir, avg, avira, browser, cpu, device driver, dllhost.exe, fehler, firefox, flash player, frage, installation, mozilla, problem, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, viren, windows, wlan


« Proxy-Server verweigert die Verbindung; Interneteinstellungen werden automatisch wieder geändert | Auf jeden Browser öffnen sich Popups. »


Ähnliche Themen: Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen


  1. Windows 8: verschiedene Meldungen, extrem langsamer Laptop
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (1)
  2. Windows 8: Notebook wird zunehmend langsamer
    Log-Analyse und Auswertung - 28.01.2015 (7)
  3. Ich habe windows 8.1 wen ich internet öffne öffnet sich tap und laptop geht langsamer
    Plagegeister aller Art und deren Bekämpfung - 13.01.2015 (1)
  4. Windows 7 Laptop noch langsamer
    Log-Analyse und Auswertung - 28.11.2014 (13)
  5. Fehlermeldung rundll - c:\program beim Start von Windows + extrem langsamer Laptop
    Plagegeister aller Art und deren Bekämpfung - 17.11.2014 (15)
  6. Windows 8: Laptop langsamer
    Log-Analyse und Auswertung - 30.07.2014 (7)
  7. Windows 8: System wird immer langsamer, speziell der Webbrowser.
    Log-Analyse und Auswertung - 13.07.2014 (17)
  8. Laptop wird immer langsamer nach Virus funde (Windows 8)
    Log-Analyse und Auswertung - 10.07.2014 (7)
  9. Windows 8: Laptop plötzlich deutlich langsamer
    Log-Analyse und Auswertung - 22.03.2014 (7)
  10. Windows 7: Virenbefall, Trojaner, Laptop wird immer langsamer.
    Log-Analyse und Auswertung - 14.02.2014 (13)
  11. WIN XP zunehmend langsamer, Verzögerungen bei Firefox
    Log-Analyse und Auswertung - 06.02.2014 (11)
  12. Lollipop Virus auf Laptop , Laptop wird immer Langsamer! Deinstellieren fehlerhaft
    Log-Analyse und Auswertung - 03.02.2014 (3)
  13. Windows 7 PRO, SP1 wird zunehmend langsamer! Gefunden "DealPly", "HideIcon" und andere
    Log-Analyse und Auswertung - 06.11.2013 (19)
  14. Windows XP nach Schädlingsbefall /system und Prgramme stetig langsamer
    Log-Analyse und Auswertung - 07.08.2013 (10)
  15. System langsam unter bestimmten Bedingungen
    Log-Analyse und Auswertung - 16.11.2012 (9)
  16. Hilfe !!! Mein Laptop 64bit, Google Chrom, Windows 7 wird immer langsamer
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (1)
  17. Windows XP - Laptop wird immer langsamer
    Log-Analyse und Auswertung - 18.09.2008 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen - Hallo liebe Helfer/Helferinnen, Seit einigen Wochen ist mein Laptop zunehmend langsamer geworden. Dies ist besonders auffällig bei Benutzung von Internetbrowsern(überwiegend Firefox bis ausschließlich), MMORPGS(Aion und vor allem Tera Rising) und - Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen...
Archiv
Du betrachtest: Laptop - Windows 8.1 Pro 64 Bit: System zunehmend langsamer in bestimmten Bereichen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131