Dhl Pdf Datei geöffnet...Trojaner eingefangen?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2015
Ran by Uta (administrator) on UTA-VAIO on 07-06-2015 09:44:38
Running from C:\Users\Uta\Downloads
Loaded Profiles: Uta (Available Profiles: Uta)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-12-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2010-12-03] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2010-12-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673168 2010-11-17] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [VAIO Boot Manager] => C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe [734608 2010-12-08] (Sony Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2805887626-409114734-3965287795-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
HKU\S-1-5-21-2805887626-409114734-3965287795-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Uta\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2805887626-409114734-3965287795-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31283328 2015-04-17] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-04-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Uta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-04-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2805887626-409114734-3965287795-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEF&bmod=SVEF
HKU\S-1-5-21-2805887626-409114734-3965287795-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEF&bmod=SVEF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2805887626-409114734-3965287795-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2805887626-409114734-3965287795-1000 -> {543CE9B3-4B63-48D6-9742-01314C85E0F8} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKU\S-1-5-21-2805887626-409114734-3965287795-1000 -> {B3CBD2B7-3DD5-4428-8721-2FFD9D1C6E97} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-2805887626-409114734-3965287795-1000 -> {F8504951-796B-4913-8DBA-A1D94A3E65EB} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-16/4?mpre=hxxp://shop.ebay.de/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2805887626-409114734-3965287795-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62

FireFox:
========
FF ProfilePath: C:\Users\Uta\AppData\Roaming\Mozilla\Firefox\Profiles\6qcpqonr.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: www.google.de
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=4bd4fd26-a0d2-4c31-a3e8-b8d432a4fda1&apn_ptnrs=%5EAGS&apn_sauid=CF16E304-3A28-4C49-9299-53DFF0E53845&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-06] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-06] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2805887626-409114734-3965287795-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Uta\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Extension: Adblock Plus - C:\Users\Uta\AppData\Roaming\Mozilla\Firefox\Profiles\6qcpqonr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-04-22] (Macrovision Europe Ltd.) [File not signed]
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed]
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 09:44 - 2015-06-07 09:44 - 00017708 _____ C:\Users\Uta\Downloads\FRST.txt
2015-06-07 09:44 - 2015-06-07 09:44 - 00000000 ____D C:\FRST
2015-06-07 09:43 - 2015-06-07 09:43 - 02108928 _____ (Farbar) C:\Users\Uta\Downloads\FRST64.exe
2015-06-07 09:42 - 2015-06-07 09:42 - 00000468 _____ C:\Users\Uta\Downloads\defogger_disable.log
2015-06-07 09:42 - 2015-06-07 09:42 - 00000000 _____ C:\Users\Uta\defogger_reenable
2015-06-07 09:41 - 2015-06-07 09:41 - 00050477 _____ C:\Users\Uta\Downloads\Defogger.exe
2015-06-06 21:00 - 2015-06-06 21:34 - 00000000 ____D C:\Users\Uta\Desktop\Johanna
2015-06-06 14:54 - 2015-06-06 20:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-21 10:10 - 2015-05-21 10:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 13:47 - 2015-05-23 23:13 - 00000000 ____D C:\Users\Uta\Desktop\Fallbesprechung
2015-05-12 19:53 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:53 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:51 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 19:51 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 19:51 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 19:51 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 19:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 19:51 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 19:51 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 19:51 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 19:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 19:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 19:51 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 19:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 19:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 19:51 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 19:51 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 19:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 19:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 19:51 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 19:51 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 19:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 19:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 19:51 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 19:51 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 19:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 19:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 19:51 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 19:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 19:51 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 19:51 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 19:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 19:51 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 19:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 19:51 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 19:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 19:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 19:51 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 19:51 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 19:51 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 19:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 19:51 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 19:51 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 19:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 19:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 19:51 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 19:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 19:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 19:51 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 19:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 19:51 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 19:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 19:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 19:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 19:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 19:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 19:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 19:51 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 19:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 19:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 19:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 19:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 19:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 19:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 19:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 19:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 19:51 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 19:51 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 19:51 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 19:51 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 19:51 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 19:51 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 19:51 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 19:51 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 19:51 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 19:51 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 19:51 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 19:51 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 19:51 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 19:51 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 19:51 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 19:51 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 19:51 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 19:51 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 19:51 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 19:51 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 19:51 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 19:51 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 19:51 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 19:51 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 19:51 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 19:51 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 19:51 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 19:51 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 19:51 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 19:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 19:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 19:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 19:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 19:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 19:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 19:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 19:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 19:50 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 19:50 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 09:45 - 2014-04-23 12:31 - 00000000 ____D C:\Users\Uta\AppData\Roaming\Skype
2015-06-07 09:42 - 2014-04-22 17:08 - 00000000 ____D C:\Users\Uta
2015-06-07 09:40 - 2009-07-14 06:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 09:40 - 2009-07-14 06:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 09:38 - 2014-04-22 16:43 - 00711694 _____ C:\Windows\system32\perfh007.dat
2015-06-07 09:38 - 2014-04-22 16:43 - 00152902 _____ C:\Windows\system32\perfc007.dat
2015-06-07 09:38 - 2009-07-14 07:13 - 01641600 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 09:37 - 2014-04-23 10:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-07 09:35 - 2014-04-23 17:59 - 00000000 ___RD C:\Users\Uta\Dropbox
2015-06-07 09:35 - 2014-04-23 17:57 - 00000000 ____D C:\Users\Uta\AppData\Roaming\Dropbox
2015-06-07 09:35 - 2014-04-22 15:51 - 02054440 _____ C:\Windows\WindowsUpdate.log
2015-06-07 09:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-07 09:32 - 2009-07-14 06:51 - 00080414 _____ C:\Windows\setupact.log
2015-06-06 20:45 - 2014-07-01 18:34 - 00000000 ____D C:\Users\Uta\AppData\Local\Adobe
2015-06-06 20:45 - 2014-04-23 10:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-06 20:45 - 2014-04-23 10:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-06 20:45 - 2014-04-23 10:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-06 20:43 - 2014-04-23 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-06 20:43 - 2014-04-22 16:40 - 00312398 _____ C:\Windows\PFRO.log
2015-06-06 14:07 - 2014-04-22 17:10 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{64BF49EE-7E92-4011-991B-AA1B9CED6B24}
2015-05-23 16:05 - 2015-04-14 11:10 - 00080896 ___SH C:\Users\Uta\Desktop\Thumbs.db
2015-05-22 11:05 - 2014-04-23 11:44 - 00000000 ____D C:\Users\Uta\AppData\Roaming\KeePass
2015-05-21 18:12 - 2015-01-14 15:35 - 00000000 ____D C:\Users\Uta\Desktop\Leopoldschule
2015-05-20 15:16 - 2014-04-22 16:33 - 00000000 ____D C:\ProgramData\Skype
2015-05-18 22:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-14 19:48 - 2014-04-23 10:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 19:33 - 2009-07-14 06:45 - 00328592 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-12 19:58 - 2014-04-23 11:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-12 19:58 - 2014-04-23 10:44 - 00000000 ____D C:\Windows\system32\MRT
2015-05-12 19:58 - 2011-01-13 14:21 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-12 19:55 - 2014-04-23 10:44 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-09 13:59 - 2014-04-23 17:59 - 00001011 _____ C:\Users\Uta\Desktop\Dropbox.lnk
2015-05-09 13:59 - 2014-04-23 17:57 - 00000000 ____D C:\Users\Uta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some files in TEMP:
====================
C:\Users\Uta\AppData\Local\Temp\avgnt.exe
C:\Users\Uta\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyavxta.dll
C:\Users\Uta\AppData\Local\Temp\ose00000.exe
C:\Users\Uta\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-18 21:53

==================== End of log ============================
         

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-06-2015
Ran by Uta at 2015-06-07 09:45:13
Running from C:\Users\Uta\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2805887626-409114734-3965287795-500 - Administrator - Disabled)
Gast (S-1-5-21-2805887626-409114734-3965287795-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2805887626-409114734-3965287795-1002 - Limited - Enabled)
Uta (S-1-5-21-2805887626-409114734-3965287795-1000 - Administrator - Enabled) => C:\Users\Uta

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2805887626-409114734-3965287795-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.134 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.369 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{124C73A8-5C1B-EF26-867B-5B77F9BC4D07}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )
ccc-core-static (x32 Version: 2011.0106.1235.22490 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2805887626-409114734-3965287795-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Media Gallery (Version: 1.4.0.11300 - Your Company Name) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.00.11260 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.4.00.10090 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.4.00.11290 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.4.00.09190 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.4.00.11300 - Sony Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.0.12170 - Sony Corporation) Hidden
Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06210 - Sony Corporation)
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210 - Sony Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
simfy (HKLM-x32\...\Simfy) (Version: 1.7.6 - simfy AG)
simfy (x32 Version: 1.7.6 - simfy AG) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VAIO - Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.4.0.11300 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{FF1FC66F-536F-46BD-98E3-D8DA127A810E}) (Version: 1.4.00.10090 - Sony Corporation)
VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.4.00.11300 - Sony Corporation)
VAIO - Remote-Tastatur  (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.0.0.12170 - Sony Corporation)
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.4.0.11260 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.5.0.10140 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.5.0.10140 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.3.0.11090 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.3.0.11220 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.1.0.10120 - Sony Corporation) Hidden
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.23300 - Sony Corporation)
VAIO Media plus (Version: 2.1.0.23300 - Your Company Name) Hidden
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 2.1.0.13220 - Sony Corporation)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.5.1 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.4.5.1 - Sony Corporation) Hidden
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.4.0.12090 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.2.0.11040 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.3.0.11250 - Sony Corporation)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2805887626-409114734-3965287795-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2805887626-409114734-3965287795-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2805887626-409114734-3965287795-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2805887626-409114734-3965287795-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2805887626-409114734-3965287795-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2805887626-409114734-3965287795-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2805887626-409114734-3965287795-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2805887626-409114734-3965287795-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2805887626-409114734-3965287795-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2805887626-409114734-3965287795-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Uta\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12277ABE-B9A4-4DA9-8625-36A8AED9AC9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {15DD0A60-781E-44A5-9331-E770DBBCD762} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-12-23] (Sony Corporation)
Task: {265C36D7-E549-4DA7-A84C-53CF92F172A1} - System32\Tasks\SONY\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {2682B844-C2B1-4E16-A699-505CA871AAA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-06] (Adobe Systems Incorporated)
Task: {2796359A-9180-41E6-87E1-271C544B4212} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {2EE85287-71A9-4B22-9387-D69627E2787D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {359A95CE-7D33-4DD0-8144-613F814E8520} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation)
Task: {49093969-41D6-4DD6-82EF-D21640300F50} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {495A45A3-B46E-4F68-A847-8FCB70D021C2} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {58162095-ECA9-4169-A015-6E39485D0FD6} - System32\Tasks\Sony Corporation\VAIO Boot Manager\VAIO Boot Manager => C:\Program Files (x86)\Sony\VAIO Boot Manager\SetProcessTask.exe [2010-12-08] (Sony Corporation)
Task: {5D4ABE60-6191-42E5-888B-304E159F701E} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8F555F47-259F-4F1D-908F-644C10372D82} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-12-23] (Sony Corporation)
Task: {931AE619-7AC8-493F-A7DF-BD76407EE88A} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {9B904434-0AA0-4C2E-9456-15E18C7F9C0E} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation)
Task: {A52C0D2E-1021-464D-9721-E05C7DB1FBFA} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
Task: {ACF452F0-10A6-4555-8F97-98D13AE07139} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {AD62DC60-6FAB-4EDF-8440-C6E2634616DD} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {B7CEEA89-DC92-419D-9F48-7A19FF18CE20} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {B9C448BE-5555-4891-94C8-3CFC46A327D9} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BC4DCBDE-E4FC-428A-A470-F55C947A37B7} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BD7361B5-628D-49A2-83E3-616D7F7F7432} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C5494544-9217-49B9-BBA1-41E8EB790485} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation)
Task: {CCB52ECD-F2FD-4D50-895C-46E66423F086} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E4D1426E-AEE0-49C1-B4A9-DF4FEDE05CF0} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E90DDD03-F668-4009-A79A-9121A040E69F} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {FE30BF2F-20E5-484C-98BD-8A46A1A74B6A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2010-11-02 12:58 - 2010-11-02 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-04-24 10:48 - 2010-08-10 21:37 - 00334848 _____ () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
2011-01-14 10:20 - 2011-01-14 09:03 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-02 12:58 - 2010-11-02 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-01-06 12:33 - 2011-01-06 12:33 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-12-10 10:25 - 2010-12-10 10:25 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-04-22 16:05 - 2010-12-23 16:24 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2014-10-25 22:08 - 2014-10-25 22:08 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2014-04-22 15:57 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-06-07 09:34 - 2015-06-07 09:34 - 00043008 _____ () c:\users\uta\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyavxta.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Uta\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Uta\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Uta\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Uta\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-05-06 20:53 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2805887626-409114734-3965287795-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Uta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.212.62.62 - 78.42.43.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{872D254D-A427-4C54-8630-5D2B68FC76E5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3222E02B-3170-437B-9F33-A748549AE0BF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2FF28E8F-DE03-4629-98D1-24469F94D1EF}] => (Allow) LPort=2869
FirewallRules: [{56221D30-0850-4A53-849D-457CE7158417}] => (Allow) LPort=1900
FirewallRules: [{32719D3E-B634-4861-81FA-CD6DF7325311}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FF2AD911-5EE8-42F1-9292-5ED740444475}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{022CC415-9614-4762-9085-E600077ED054}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3E2C23D0-9B55-46B5-AE0E-5481B06B87C9}] => (Allow) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7BC94A96-FC44-4135-96DD-D1A1531A2343}] => (Allow) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C25EB72D-EF00-477E-8352-C27D06CEE639}] => (Allow) C:\Users\Uta\AppData\Local\Temp\pftF3D5.tmp\Printer.exe
FirewallRules: [{7AE10207-CECE-453C-ACA8-3A885B51B96E}] => (Allow) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
FirewallRules: [{F0D892B3-3148-4E29-8A49-FA85BC6C0FA4}] => (Allow) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
FirewallRules: [{3E48E3FC-39B2-4567-B65D-735779ABB9F2}] => (Allow) C:\Users\Uta\AppData\Local\Temp\pftF3D5.tmp\Printer.exe
FirewallRules: [{722D4657-8400-4749-BA69-AE9D644E434B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{F493B5A0-15BD-43EC-8445-A5E66FF6CF6E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D7D671E0-A186-4FED-8B85-4E3D24F021A2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{B7459C2B-F319-494B-8087-62CFBF56AF61}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{9CC46F07-90E4-4144-A0E0-E6A640870CBB}C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4FFD815D-00B7-4214-9C8F-BD46DFDF0A01}C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{DF429550-F10B-41C7-811A-11C5FA12C936}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AFEAE417-4CEA-4867-89B2-CDD9D3BAB546}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{84F1F09A-B73A-467B-80B0-5B452EB92A72}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{123BC9EA-5752-4E08-B6BB-C8F2FA533041}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{EE055C44-5909-4C4E-A937-3EB33647327E}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{AA86529B-4BB6-4CE1-8E90-A5C1EB0D68BD}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [TCP Query User{71C4528B-DF17-4972-BCC9-7E93619C31BE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9367E812-C11F-4049-B8AB-A08B008F69F5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2015 09:29:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007ff00159a94
ID des fehlerhaften Prozesses: 0x818
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3

Error: (06/07/2015 09:29:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()

Error: (06/06/2015 09:35:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007ff00159624
ID des fehlerhaften Prozesses: 0x1978
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3

Error: (06/06/2015 09:35:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()

Error: (06/06/2015 03:24:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007ff00169d44
ID des fehlerhaften Prozesses: 0xbdc
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3

Error: (06/06/2015 03:24:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()

Error: (05/23/2015 11:13:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007ff00169f54
ID des fehlerhaften Prozesses: 0x964
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3

Error: (05/23/2015 11:13:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()

Error: (05/23/2015 04:08:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007ff00149624
ID des fehlerhaften Prozesses: 0x154c
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3

Error: (05/23/2015 04:08:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()


System errors:
=============
Error: (06/07/2015 09:34:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Energy Server Service" wurde mit folgendem Fehler beendet: 
%%268439612

Error: (06/07/2015 09:32:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom
PxHlpa64

Error: (06/07/2015 09:13:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Energy Server Service" wurde mit folgendem Fehler beendet: 
%%268439612

Error: (06/07/2015 09:11:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom
PxHlpa64

Error: (06/06/2015 08:45:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Energy Server Service" wurde mit folgendem Fehler beendet: 
%%268439612

Error: (06/06/2015 08:43:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom
PxHlpa64

Error: (06/06/2015 02:06:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Energy Server Service" wurde mit folgendem Fehler beendet: 
%%268439612

Error: (05/23/2015 09:24:56 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error: (05/23/2015 09:12:56 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error: (05/23/2015 09:00:56 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.


Microsoft Office:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 49%
Total physical RAM: 4011.86 MB
Available physical RAM: 2034.78 MB
Total Pagefile: 8021.91 MB
Available Pagefile: 5506.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:311.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E71EE11)
Partition 1: (Active) - (Size=400 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-07 09:57:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.EXT0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Uta\AppData\Local\Temp\pwldapow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                                                                0000000077201401 2 bytes JMP 7586b1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                                                                  0000000077201419 2 bytes JMP 7586b31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                                                                0000000077201431 2 bytes JMP 758e8f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                                                                000000007720144a 2 bytes CALL 75844885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                                                                   00000000772014dd 2 bytes JMP 758e8802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                                            00000000772014f5 2 bytes JMP 758e89d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                                                                   000000007720150d 2 bytes JMP 758e86f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                                            0000000077201525 2 bytes JMP 758e8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                                                                  000000007720153d 2 bytes JMP 7585fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                                                       0000000077201555 2 bytes JMP 758668bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                                                                000000007720156d 2 bytes JMP 758e8fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                                                                  0000000077201585 2 bytes JMP 758e8b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                                                                     000000007720159d 2 bytes JMP 758e86bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                                                                  00000000772015b5 2 bytes JMP 7585fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                                                                00000000772015cd 2 bytes JMP 7586b2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                                                            00000000772016b2 2 bytes JMP 758e8e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1912] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                                                            00000000772016bd 2 bytes JMP 758e8651 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                            0000000077201401 2 bytes JMP 7586b1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                              0000000077201419 2 bytes JMP 7586b31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                            0000000077201431 2 bytes JMP 758e8f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                            000000007720144a 2 bytes CALL 75844885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                               00000000772014dd 2 bytes JMP 758e8802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                        00000000772014f5 2 bytes JMP 758e89d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                               000000007720150d 2 bytes JMP 758e86f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                        0000000077201525 2 bytes JMP 758e8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                              000000007720153d 2 bytes JMP 7585fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                   0000000077201555 2 bytes JMP 758668bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                            000000007720156d 2 bytes JMP 758e8fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                              0000000077201585 2 bytes JMP 758e8b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                 000000007720159d 2 bytes JMP 758e86bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                              00000000772015b5 2 bytes JMP 7585fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                            00000000772015cd 2 bytes JMP 7586b2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                        00000000772016b2 2 bytes JMP 758e8e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                        00000000772016bd 2 bytes JMP 758e8651 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                            0000000077201401 2 bytes JMP 7586b1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                              0000000077201419 2 bytes JMP 7586b31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                            0000000077201431 2 bytes JMP 758e8f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                            000000007720144a 2 bytes CALL 75844885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                   * 9
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                               00000000772014dd 2 bytes JMP 758e8802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                        00000000772014f5 2 bytes JMP 758e89d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                               000000007720150d 2 bytes JMP 758e86f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                        0000000077201525 2 bytes JMP 758e8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                              000000007720153d 2 bytes JMP 7585fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                   0000000077201555 2 bytes JMP 758668bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                            000000007720156d 2 bytes JMP 758e8fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                              0000000077201585 2 bytes JMP 758e8b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                 000000007720159d 2 bytes JMP 758e86bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                              00000000772015b5 2 bytes JMP 7585fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                            00000000772015cd 2 bytes JMP 7586b2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                        00000000772016b2 2 bytes JMP 758e8e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                        00000000772016bd 2 bytes JMP 758e8651 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                                                                                                                    0000000073ec11a8 2 bytes [EC, 73]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248                                                                                                                                                   0000000073ec127d 2 bytes CALL 758414b9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395                                                                                                                                                   0000000073ec1310 2 bytes CALL 758414b9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                                                                                                              0000000073ec13a8 2 bytes [EC, 73]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                                                                                                                  0000000073ec1422 2 bytes [EC, 73]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3572] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                                                                                                           0000000073ec1498 2 bytes [EC, 73]
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                                                                                                                    0000000077201401 2 bytes JMP 7586b1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17                                                                                                                                      0000000077201419 2 bytes JMP 7586b31a C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17                                                                                                                                    0000000077201431 2 bytes JMP 758e8f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42                                                                                                                                    000000007720144a 2 bytes CALL 75844885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                   * 9
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                                                                                                                       00000000772014dd 2 bytes JMP 758e8802 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                                                00000000772014f5 2 bytes JMP 758e89d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                                                                                                                       000000007720150d 2 bytes JMP 758e86f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                                                0000000077201525 2 bytes JMP 758e8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                                                                                                                      000000007720153d 2 bytes JMP 7585fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17                                                                                                                                           0000000077201555 2 bytes JMP 758668bf C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                                                                                                                    000000007720156d 2 bytes JMP 758e8fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                                                                                                                      0000000077201585 2 bytes JMP 758e8b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                                                                                                         000000007720159d 2 bytes JMP 758e86bc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                                                                                                                      00000000772015b5 2 bytes JMP 7585fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                                                                                                                    00000000772015cd 2 bytes JMP 7586b2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                                                                                                                00000000772016b2 2 bytes JMP 758e8e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                                                                                                                00000000772016bd 2 bytes JMP 758e8651 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                        0000000077201401 2 bytes JMP 7586b1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                          0000000077201419 2 bytes JMP 7586b31a C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                        0000000077201431 2 bytes JMP 758e8f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                        000000007720144a 2 bytes CALL 75844885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                   * 9
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                           00000000772014dd 2 bytes JMP 758e8802 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                    00000000772014f5 2 bytes JMP 758e89d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                           000000007720150d 2 bytes JMP 758e86f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                    0000000077201525 2 bytes JMP 758e8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                          000000007720153d 2 bytes JMP 7585fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                               0000000077201555 2 bytes JMP 758668bf C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                        000000007720156d 2 bytes JMP 758e8fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                          0000000077201585 2 bytes JMP 758e8b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                             000000007720159d 2 bytes JMP 758e86bc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                          00000000772015b5 2 bytes JMP 7585fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                        00000000772015cd 2 bytes JMP 7586b2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                    00000000772016b2 2 bytes JMP 758e8e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\RunDll32.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                    00000000772016bd 2 bytes JMP 758e8651 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Library  c:\users\uta\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyavxta.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460](2015-06-07 07:34:37)                                       0000000004ed0000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24)           0000000063a80000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004a900000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30)                                                         0000000005e60000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004ad00000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)        0000000063660000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            0000000063370000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460](2015-03-04 21:45:30)                                                                                        00000000632b0000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)        00000000625e0000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         00000000604c0000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)          00000000602a0000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            000000005fe80000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            0000000064d90000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460](2015-03-04 21:45:30)                                                                                           0000000074e10000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)  00000000646b0000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         000000005fa90000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)   000000005fa40000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460](2015-03-04 21:45:30)                                                                       000000005f960000
Library  C:\Users\Uta\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460](2015-03-04 21:45:30)                                                                       000000005ea90000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ef3252f                                                                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ef3252f (not active ControlSet)                                                                                                                                                       

---- EOF - GMER 2.1 ----