Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Flowsurf (und weitere?) Problemverursacher Windows 7 (https://www.trojaner-board.de/161194-flowsurf-problemverursacher-windows-7-a.html)

feivel001 25.11.2014 14:35
Flowsurf (und weitere?) Problemverursacher Windows 7
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo zusammen,

ich bin hier das erste Mal unterwegs und hoffe, ich habe alles wie gewünscht durchgeführt.

Also gestern meldet mir avira den Virus? abengine und ich setz ihn in Quarantäne und lösch ihn, bringt aber scheinbar nichts. Beim googeln komm ich dann auf flowsurf und bin dann gestern nach dieser Anleitung vorgegangen http://www.trojaner-board.de/153197-...ntfernen.html.

Heute hab ich gelesen, dass ich vorab eigentlich erstmals die ganzen logscans machen muss und poste die jetzt mal hier im Anhang plus den schong gemachten Scans nach der oben erwähnten Anleitung. Zum Punkt Eset online Test bin ich jetzt noch nicht gekommen, muss weg und bin dann in zwei Stunden wieder da.

Soweit so gut?

Danke euch und schöne Grüße!
Christian

schrauber 25.11.2014 15:32
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

feivel001 25.11.2014 16:42
alles klar. dann versuch ich mal eines nach dem anderen hier reinzustellen.

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:52 on 25/11/2014 (me)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by me (administrator) on ME-HP on 25-11-2014 13:54:34
Running from C:\Users\me\Desktop
Loaded Profile: me (Available profiles: me)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(Dropbox, Inc.) C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-20] (IDT, Inc.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\windows\system32\M-AudioTaskBarIcon.exe [924464 2011-05-12] (Avid Technology, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\MountPoints2: D - D:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\MountPoints2: G - G:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\MountPoints2: {203b480a-7db2-11e1-bc17-001e101f2b52} - D:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\MountPoints2: {3c54b063-8321-11e1-bb77-001e101f7f74} - D:\AutoRun.exe
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\MountPoints2: {40598c3c-7f3d-11e1-be9d-001e101f7433} - I:\setup.exe
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\MountPoints2: {53964163-2e83-11e3-b3df-e4115b2cf356} - D:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\MountPoints2: {5396417b-2e83-11e3-b3df-e4115b2cf356} - G:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\MountPoints2: {6f57c511-7dab-11e1-b735-9cb70d3b8676} - D:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\MountPoints2: {78f7fc09-8258-11e1-863b-9cb70d3b8676} - D:\.\Autorun.exe AUTORUN=1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5CFC827D-8B1A-403F-AEC5-1213CFB52265}: [NameServer] 213.94.78.16 213.94.78.17

FireFox:
========
FF ProfilePath: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\m0axdbgg.default
FF Homepage: hxxp://www.goodnewsnetwork.org/
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 4001
FF NetworkProxy: "ssl", "localhost"
FF NetworkProxy: "ssl_port", 4001
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 -> C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\m0axdbgg.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\m0axdbgg.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF Extension: Avira Browser Safety - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\m0axdbgg.default\Extensions\abs@avira.com [2014-11-19]
FF Extension: DuckDuckGo Plus - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\m0axdbgg.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-09-12]
FF Extension: NoScript - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\m0axdbgg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-08-18]
FF Extension: HTTPS-Everywhere - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-04-23]
FF Extension: Cookie Monster - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2014-04-23]
FF Extension: DownloadHelper - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-23]
FF Extension: No Name - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-03-19]
FF Extension: NoScript - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-19]
FF Extension: Adblock Plus - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19]
FF Extension: ProfileSwitcher - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2014-03-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-13]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-09-20] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-09-14] (Qualcomm Atheros)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-09] (DT Soft Ltd)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2012-04-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [256000 2012-04-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2012-04-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2012-04-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-01-23] () [File not signed]
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2012-04-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2012-04-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 MAUSBJAMLAB; C:\Windows\System32\DRIVERS\MAudioJamLab.sys [189744 2011-05-12] (Avid Technology, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-05-23] (Sunplus)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 13:54 - 2014-11-25 13:55 - 00024492 _____ () C:\Users\me\Desktop\FRST.txt
2014-11-25 13:54 - 2014-11-25 13:54 - 00000000 ____D () C:\FRST
2014-11-25 13:52 - 2014-11-25 13:52 - 00000466 _____ () C:\Users\me\Desktop\defogger_disable.log
2014-11-25 13:52 - 2014-11-25 13:52 - 00000000 _____ () C:\Users\me\defogger_reenable
2014-11-25 13:50 - 2014-11-25 13:50 - 02118144 _____ (Farbar) C:\Users\me\Desktop\FRST64.exe
2014-11-25 13:50 - 2014-11-25 13:50 - 00380416 _____ () C:\Users\me\Desktop\Gmer-19357.exe
2014-11-25 13:50 - 2014-11-25 13:50 - 00050477 _____ () C:\Users\me\Desktop\Defogger.exe
2014-11-25 13:36 - 2014-11-25 13:36 - 02347384 _____ (ESET) C:\Users\me\Desktop\esetsmartinstaller_enu.exe
2014-11-24 22:34 - 2014-11-24 22:34 - 00001778 _____ () C:\sc-cleaner.txt
2014-11-24 22:28 - 2014-11-24 22:28 - 00002208 _____ () C:\Users\me\Desktop\JRT.txt
2014-11-24 22:21 - 2014-11-24 22:21 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\me\Desktop\sc-cleaner.exe
2014-11-24 21:02 - 2014-11-24 21:02 - 00005330 _____ () C:\Users\me\Desktop\AdwCleaner[R1].txt
2014-11-24 19:31 - 2014-11-24 19:31 - 00006972 _____ () C:\Users\me\Desktop\MBAW.txt
2014-11-24 19:07 - 2014-11-24 19:07 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 19:04 - 2014-11-24 19:04 - 00000000 __SHD () C:\Users\me\AppData\Local\EmieUserList
2014-11-24 19:04 - 2014-11-24 19:04 - 00000000 __SHD () C:\Users\me\AppData\Local\EmieSiteList
2014-11-24 19:04 - 2014-11-24 19:04 - 00000000 __SHD () C:\Users\me\AppData\Local\EmieBrowserModeList
2014-11-24 19:00 - 2014-11-24 21:02 - 00000000 ____D () C:\AdwCleaner
2014-11-24 19:00 - 2014-11-24 19:00 - 00000000 ____D () C:\windows\ERUNT
2014-11-24 18:59 - 2014-11-24 18:59 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-24 18:59 - 2014-11-24 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-24 18:59 - 2014-11-24 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-24 18:59 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-24 18:59 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-24 18:59 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-24 18:58 - 2014-11-24 18:59 - 01707532 _____ (Thisisu) C:\Users\me\Desktop\JRT.exe
2014-11-24 18:58 - 2014-11-24 18:58 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\me\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-24 18:58 - 2014-11-24 18:58 - 02148864 _____ () C:\Users\me\Desktop\AdwCleaner_4.102.exe
2014-11-22 11:44 - 2014-11-22 11:44 - 00000000 ____D () C:\Users\me\Downloads\Foo Fighters - Sonic Highways (2014) [FLAC] {HDtracks 24-44.1}
2014-11-20 15:55 - 2014-11-20 15:55 - 00003092 _____ () C:\windows\System32\Tasks\upfs7214
2014-11-13 08:03 - 2014-11-13 08:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-12 09:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-12 09:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-12 09:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 09:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-12 09:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-12 09:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-12 09:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-12 09:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-12 09:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-12 09:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-12 09:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-12 09:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-12 09:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 09:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 09:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 09:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-12 09:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 09:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-12 09:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-12 09:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 09:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 09:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 09:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 09:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-12 09:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 09:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 09:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 09:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 09:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 09:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 09:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 09:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-12 09:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 09:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-12 09:07 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 09:07 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 09:07 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-12 09:07 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 09:07 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 09:07 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 09:07 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-12 09:07 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-12 09:07 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 09:07 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 09:07 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 09:07 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-12 09:07 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-12 09:07 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 09:07 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-12 09:07 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-12 09:07 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 09:07 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 09:07 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-12 09:07 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 09:07 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 09:07 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:07 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 09:07 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 09:07 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 09:07 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 09:07 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-12 09:07 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 09:07 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 09:07 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 09:07 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 09:07 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 09:07 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 09:07 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 09:07 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 09:07 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-12 09:07 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 09:07 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 09:07 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 09:07 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 09:07 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 09:07 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-12 09:07 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 09:07 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 09:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 09:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 09:07 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 09:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 09:06 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 09:04 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 09:04 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 09:04 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 09:04 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-10 09:07 - 2014-11-10 09:32 - 00000000 ____D () C:\Users\me\Downloads\Dr. Med. Eckart Von Hirschhausen - Die Leber waechst mit ihren Aufgaben- Live-GR-2008
2014-11-10 09:01 - 2014-11-10 09:01 - 00018591 _____ () C:\Users\me\Downloads\Dr. Med. Eckart Von Hirschhausen - Die Leber waechst mit ihren Aufgaben- Live-GR-2008.torrent
2014-11-10 08:58 - 2014-11-10 09:02 - 00000000 ____D () C:\Users\me\Downloads\Bob Dylan - Tempest (2012) [EAC-FLAC]
2014-11-09 19:42 - 2014-11-09 19:42 - 00001125 _____ () C:\Users\me\Desktop\MAGIX Music Maker 2014 Premium (2).lnk
2014-11-09 19:03 - 2014-11-09 19:03 - 00274648 _____ () C:\windows\Minidump\110914-20311-01.dmp
2014-11-09 18:59 - 2014-11-09 18:59 - 00274648 _____ () C:\windows\Minidump\110914-19874-01.dmp
2014-11-09 10:37 - 2014-11-09 19:27 - 00000000 ____D () C:\Users\me\Documents\REAPER Media
2014-11-09 10:32 - 2014-11-09 18:46 - 00000000 ____D () C:\Users\me\AppData\Roaming\REAPER
2014-11-09 10:31 - 2014-11-09 10:31 - 00000828 _____ () C:\Users\Public\Desktop\REAPER (x64).lnk
2014-11-09 10:31 - 2014-11-09 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2014-11-09 10:31 - 2014-11-09 10:31 - 00000000 ____D () C:\Program Files\REAPER (x64)
2014-11-03 08:19 - 2014-11-03 08:19 - 00017961 ____N () C:\Users\me\Downloads\Eckart von Hirschhausen3.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 13:53 - 2013-02-14 10:26 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 13:52 - 2012-04-03 17:40 - 00000000 ____D () C:\Users\me
2014-11-25 13:34 - 2014-01-18 14:35 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 13:34 - 2012-04-03 17:51 - 00003906 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{7B12E373-DE87-4F2A-BE6E-F3B060AF73BC}
2014-11-25 13:34 - 2012-01-12 09:30 - 01763533 _____ () C:\windows\WindowsUpdate.log
2014-11-24 23:53 - 2013-02-14 10:26 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-24 21:11 - 2011-12-07 21:23 - 00703214 _____ () C:\windows\system32\perfh007.dat
2014-11-24 21:11 - 2011-12-07 21:23 - 00150822 _____ () C:\windows\system32\perfc007.dat
2014-11-24 21:11 - 2009-07-14 06:13 - 01629436 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-24 21:11 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 21:11 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 21:06 - 2012-04-09 16:07 - 00000000 ___RD () C:\Users\me\Dropbox
2014-11-24 21:05 - 2012-04-09 15:51 - 00000000 ____D () C:\Users\me\AppData\Roaming\Dropbox
2014-11-24 21:04 - 2014-02-22 11:21 - 00000431 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-11-24 21:03 - 2013-09-26 16:13 - 00000320 _____ () C:\windows\Tasks\GlaryInitialize.job
2014-11-24 21:03 - 2013-09-25 08:04 - 00179798 _____ () C:\windows\PFRO.log
2014-11-24 21:03 - 2013-09-14 18:05 - 00070167 _____ () C:\windows\setupact.log
2014-11-24 21:03 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-24 19:34 - 2012-04-09 14:43 - 00000000 ____D () C:\Users\me\AppData\Roaming\Skype
2014-11-24 18:59 - 2013-09-25 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 10:35 - 2013-07-30 21:30 - 00000000 ____D () C:\Users\me\AppData\Roaming\foobar2000
2014-11-22 11:51 - 2012-11-10 17:03 - 00000000 ____D () C:\Users\me\AppData\Roaming\vlc
2014-11-22 11:41 - 2014-02-21 17:39 - 00000000 _____ () C:\playlist.m3u
2014-11-21 12:24 - 2012-04-09 16:20 - 00000000 ____D () C:\Users\me\AppData\Roaming\uTorrent
2014-11-20 12:35 - 2012-04-09 15:02 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-11-20 12:34 - 2012-04-14 06:44 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-14 23:48 - 2013-02-14 10:26 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 23:48 - 2013-02-14 10:26 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 14:50 - 2012-04-09 15:51 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 16:14 - 2012-04-25 16:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 21:58 - 2014-01-18 14:35 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 21:58 - 2012-04-10 19:32 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 21:58 - 2011-12-07 23:12 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 15:52 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-12 10:26 - 2009-07-14 05:45 - 00426080 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-12 09:32 - 2012-04-09 19:40 - 00000000 ____D () C:\Users\me\lektüre
2014-11-12 09:18 - 2012-04-15 12:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 09:15 - 2013-07-16 16:36 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 09:09 - 2012-04-04 20:25 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 10:12 - 2012-06-21 20:26 - 00000000 ____D () C:\Users\me\AppData\Local\CrashDumps
2014-11-10 08:26 - 2012-04-15 19:21 - 00000000 ___RD () C:\Users\me\Desktop\progs
2014-11-09 21:04 - 2012-11-10 17:10 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-11-09 21:04 - 2012-11-10 17:09 - 00000000 ____D () C:\ProgramData\DivX
2014-11-09 21:03 - 2014-05-14 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-11-09 21:03 - 2012-11-10 17:14 - 00000000 ____D () C:\Program Files\DivX
2014-11-09 19:03 - 2014-06-21 01:28 - 611254610 _____ () C:\windows\MEMORY.DMP
2014-11-09 19:03 - 2014-06-21 01:28 - 00000000 ____D () C:\windows\Minidump
2014-11-06 19:45 - 2014-08-05 08:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-06 19:45 - 2012-10-19 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-06 19:45 - 2012-10-19 08:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\me\AppData\Local\Temp\avgnt.exe
C:\Users\me\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppkzdfb.dll
C:\Users\me\AppData\Local\Temp\Quarantine.exe
C:\Users\me\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\me\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 00:11

==================== End Of Log ============================
--- --- ---

feivel001 25.11.2014 16:42
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by me at 2014-11-25 13:55:27
Running from C:\Users\me\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.0.0 - )
µTorrent (HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{95AC3836-C8D1-6BE1-C4F0-101061A445E7}) (Version: 8.0.871.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.13 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.49.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dropbox (HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2133 - Steinberg Media Technologies GmbH)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.6 (HKLM-x32\...\{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}) (Version: 4.6.0.7670 - Evernote Corp.)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Free Audio Converter version 5.0.33.213 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.33.213 - DVDVideoSoft Ltd.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{5DCA44EB-03F6-44A3-A294-F3E5DE98D7F6}) (Version: 4.4.10.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{840021F2-FFC0-467A-BF85-29B8B7803717}) (Version: 2.0.8.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{EE5F1911-EA95-4F1A-AF97-495972F5032D}) (Version: 2.4.3.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6428.0 - IDT)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
JAP (HKLM-x32\...\JAP) (Version: 00.19.001 - JAP-Team)
Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
JonDo (HKLM-x32\...\JonDoUninstall) (Version:  - )
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
MAGIX Burn routines (HKLM\...\{72945A77-20ED-4507-B267-4771EDE4EE58}) (Version: 11.0.0.233 - MAGIX AG)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Demo songs) (HKLM-x32\...\MX.{B807FEBE-E253-4B7E-B23F-364873478065}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Demo songs) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM-x32\...\MX.{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Introductory videos) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM-x32\...\MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Visuals) (HKLM-x32\...\MX.{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Visuals) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Update (Version: 20.0.3.45 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
M-Audio JamLab 6.0.3 (x64) (HKLM\...\{0245E355-7B2A-441A-A4CE-DC2CF5D86F5D}) (Version: 6.0.3 - M-Audio)
Medal of Honor Pacific Assault(tm) (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.0 - Electronic Arts)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{F7930EE9-0929-439D-A57B-D40C2C69C890}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mike's Rhythm Control v1.0 (HKLM-x32\...\{FA556495-D888-4836-A5D0-FD3C3035C2D1}) (Version:  - M. Littwin)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\MyFreeCodec) (Version:  - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
PDF24 Creator 6.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
ScummVM 0.12.0 (HKLM-x32\...\ScummVM_is1) (Version:  - )
Sid Meier's Civilization V Brave New World (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uVg==_is1) (Version: 1 - )
SimCity 3000 (HKLM-x32\...\SimCity 3000) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4238942255-3180995338-2938082374-1001\...\Spotify) (Version: 0.9.1.53.g876fa9df - Spotify AB)
Steinberg Cubase LE AI Elements 7 64bit (HKLM\...\{67E7C608-D0EA-4273-B374-50ABE42FBE08}) (Version: 7.0.6 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Drum Engine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Jazz Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Pop Brass (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Power Guitar (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR Archivierer (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4238942255-3180995338-2938082374-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-11-2014 08:25:58 Windows Update
07-11-2014 08:28:58 Windows Update
11-11-2014 09:12:06 Windows Update
12-11-2014 08:08:26 Windows Update
19-11-2014 22:53:52 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {004BECD1-043A-47DF-9D7F-3A04DF757EB3} - System32\Tasks\{8DD8D8C2-B8CF-44DB-A152-AB92FF0E3A3D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {008D40B9-9A26-4855-BC49-40AE22AC9CB0} - System32\Tasks\{933FBE3A-2CA9-4BF3-9732-D1648D4F862D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0096F802-D422-4B06-BDE6-AFEDD7776CB1} - System32\Tasks\{19135C42-232D-448B-8476-95241BEDFE1B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {01BD4876-6DCD-402B-9CED-A22097954685} - System32\Tasks\{E0D1790C-2EEB-428E-B474-DB0A259E7A77} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {01F4631D-D664-484A-8ADE-8415175928DC} - System32\Tasks\{99C8576F-1601-449B-AAB4-30530580E340} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {039400FF-D946-471D-88B3-41FBC893A8FB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {03E3D6AB-56D4-4E24-8179-3F22E388F824} - System32\Tasks\{0E50E812-6697-4757-BA1F-14A97014D211} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {07405B15-4D59-4AC0-ADDE-5489BAB3DB25} - System32\Tasks\{D8D928C8-D423-4C28-A5CD-0FFCB1089007} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {08094EC5-1A9C-4DB0-B1EA-1999C359532C} - System32\Tasks\{0947A0D1-CDB0-42A2-ADBE-D9BF129CD686} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {09DD8BF3-2D73-4D82-A70C-2E45F64A296A} - System32\Tasks\{62439632-4851-423B-ADD4-BCD226CE51AD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0C253CD0-1CA5-4B25-9387-3670428A697C} - System32\Tasks\{2A171409-431F-47BB-97DE-F8DAF25AC826} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0DDF4977-E87F-493F-9F18-DF1D9B9A7B19} - System32\Tasks\{E3E3113D-70D8-4A6E-A100-11DA3EECFE76} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1048E95A-D2D3-4C11-A171-8E65F2C4733D} - System32\Tasks\{E2662C3B-8ED0-475B-9C29-590CA05C8EAC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {123F9B0D-C02F-4157-9B4C-17BFF31A7D37} - System32\Tasks\{3ACAA9FD-6BEA-473A-851D-3637C79DF8C0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {13900FB6-44B8-40DA-A3FD-229EA9B86190} - System32\Tasks\{30E20684-652B-402E-B4E4-F57657A3BF23} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {14C3A5E6-A17D-4C88-A6B2-E75BB6EDFADB} - System32\Tasks\{161A62B4-C902-4E8F-B34B-847EABFBC149} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {14DD05A3-1A60-4CC1-A045-6C08B29F6337} - System32\Tasks\{ABAB6FA4-546C-4ADC-9715-049E3210F850} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1744FAF1-AF62-4407-BC90-98C0DC5EE1A8} - System32\Tasks\{F2E82F18-EFE0-40AD-9E9C-1B21C420CDA0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1B5368F1-1F08-4BBE-B879-204AF25588D1} - System32\Tasks\{2ED6047E-CD63-4AB9-8685-78809822EB77} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1CA51DB6-2328-4AAB-A0C3-533E2415F667} - System32\Tasks\{EC8F031C-6968-4B3C-A695-48B510B3AF0C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1DE60579-4565-4145-B9DF-2F4E8D8E4BC6} - System32\Tasks\{924112FF-8527-43DA-A15B-32F03976BC96} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1E1D2FF5-333F-4C02-946E-1E55D664BD8D} - System32\Tasks\{37184666-FE2B-4A1F-9457-060F919193C7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1F1A0386-B83F-4340-A240-D854CEA0FAE0} - System32\Tasks\{9607B327-1D54-4107-A447-0FC8E170E812} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1F79B924-5843-4DD1-B1CB-6CEBB055155B} - System32\Tasks\{0AB17E42-8A03-45D2-8142-8A327BA28190} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {20A18D92-2A30-439C-A1EE-0725123D8E7E} - System32\Tasks\{9718DDDF-B92A-48D2-B8A6-285A3CDF7F91} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/go/help.faq.installer?LastError=1603
Task: {241BB8F5-3FAA-46F6-BBD0-9CE4BA0A4684} - System32\Tasks\{6661823A-7668-4DCF-A571-200BB5013258} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2638856B-4785-42B8-BC37-6EB3A4CB4F7F} - System32\Tasks\{A5EC60DC-D830-469D-BB32-1CD17A312737} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {26B4C7FC-4FEC-42B6-981A-6F3F8CA850A5} - System32\Tasks\{8F18142B-CC5A-42BD-AC80-B830DFB46B95} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2727AA35-BD10-46ED-8E2D-E1FB112BE433} - System32\Tasks\{58D24575-A06A-4C05-A2A4-A6517B9C3555} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {27AA8E3E-6475-4BE8-8BAA-32951771048F} - System32\Tasks\{BF9FF5B4-79A4-4084-8954-7A68CE40974C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2C4AF10C-EBC5-47E9-9F24-E4E20DB2C65C} - System32\Tasks\{2DE9C618-2E9A-47C0-BF60-4CB3FF542132} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2C58A5D3-D5D2-4DAB-93C2-1FABBB21BFDB} - System32\Tasks\{D4396B25-C3E5-4DF4-BAE6-C346E56898CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2EFD28F6-C3A3-4468-902B-F0146A308730} - System32\Tasks\{C8F806EF-7BAE-493A-9768-DE68BD2EDF97} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2F11C62A-B133-4DD1-9CAB-6B890736D650} - System32\Tasks\{D99E18B2-B0D6-41CD-BCCC-7493A794F6F5} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2F172DBA-567F-4523-9A93-7677F711EA0D} - System32\Tasks\{A82C8AFB-E5CF-406C-BB18-128068998A30} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {304C9A6B-6AAD-4B88-90C2-D289137A33A7} - System32\Tasks\{4535994C-46C0-429C-BB23-666A8ADE57ED} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {31C0BEFE-A914-482D-BB2C-5A49548828E8} - System32\Tasks\{BE0C5E4A-EB11-4A13-93A2-D28EAF6C406F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {31E13430-E7FB-4128-B20E-1A54A17D368F} - System32\Tasks\{2FF2CCBC-E3D5-45AC-B908-ADFCC55699CA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {32982F19-EFA6-4F9A-891E-1763DE22DA7C} - System32\Tasks\{08B7608B-F722-4E45-9AC4-FE4F026C3293} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3542BB3C-20BC-4DDB-811A-640AD5BF024D} - System32\Tasks\{585EB2B4-4835-4329-B86F-629769471DAF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {35740055-446D-48C3-8B98-EBB2503AEF10} - System32\Tasks\{FE16F55E-A311-4C5F-85C2-D39A014DBD54} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {35FC3568-D4CC-4646-AE41-8417B4008C50} - System32\Tasks\{C0ACB303-53B8-4415-9073-404416A61399} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3668C1EC-5DB9-470A-B6A8-B56E85A6BD07} - System32\Tasks\{2088082F-605A-47FE-A8BF-54DD0D65E508} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3676D176-A566-448A-B24C-6C811A860142} - System32\Tasks\{2FB5F680-5439-4B34-ADBB-B53C304BC288} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {36B1F650-5185-4376-8453-BB72A191F4BA} - System32\Tasks\{26899CAC-3457-48D4-A4D8-BE282B0EA1BC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {37321D3F-50B8-47B1-A302-70D4AFC88F4B} - System32\Tasks\{3378F8D5-4E94-40F5-9C06-861D0D9D5983} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {38E67344-FD36-49EA-B149-7CE4232B9A92} - System32\Tasks\{2F54F679-5FE7-4BF1-9684-D4C0E3640F98} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {38F4BCB8-1891-465B-98B6-D85694C64AF0} - System32\Tasks\{9D6FAACB-2229-4CD8-BF03-8FDDF6D66A76} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3928C6A0-ADD7-4A1F-9017-510D72A4DFA9} - System32\Tasks\upfs7214 => C:\PROGRA~2\Flowsurf\upfs7214.exe
Task: {3AC31ABD-41D0-4718-BE3B-201BA790817F} - System32\Tasks\{69E850A7-943E-485B-AFA7-47A81430DD6F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3BA4BCC2-1222-47ED-B7A9-32A45B47820B} - System32\Tasks\{8D0D2835-830E-47D3-87B3-0CC73449F39D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3C3EA688-D62C-4CBF-A097-781AF77A3E52} - System32\Tasks\{A9969E48-7F75-428D-B3E9-3B84F7F903F0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3FA3D027-01C7-48AD-BC34-1F7F2F59E935} - System32\Tasks\{83492CEF-7A45-4A98-B174-D530FB274DFF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {41A4C0EE-7DFC-4078-976B-EA33B3C91D95} - System32\Tasks\{9CE4735C-0BDE-4C0F-B5E0-D244C3A63B10} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {429701EE-7ED0-4032-99C4-45D92099EBA0} - System32\Tasks\{1609ED15-5134-4A9B-9457-C5229A611929} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {497BDCD5-F591-4EE8-BCBA-2FD2036021CA} - System32\Tasks\{2EC69B4E-7BDB-4831-A15E-3A4216266FBD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4B09C353-2644-4E28-A7E7-024D4D02861E} - System32\Tasks\{CF487B2F-2020-4EAA-A830-F464EB6255AC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4B811FC3-1749-4623-ABA3-F8E36B669CE2} - System32\Tasks\{87BD890E-123C-4EC0-9BB0-7B5549F37116} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4C3F3C44-0ABA-48E1-9AB5-17017A06FDD7} - System32\Tasks\{7DFA120B-4080-4B15-86FB-E317592D9FEA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4CE44324-A302-4A5E-A0F4-C09B969E1473} - System32\Tasks\{CBD30BDE-93CD-45E5-A352-5FFE0E95E156} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4DF1F7C5-0CB7-4A8D-BBBD-D8F5D9A0BA99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4E9B21C2-0329-4361-BC90-3995B059530F} - System32\Tasks\{F4906D30-CFB6-4787-9D43-D5A6877BAE62} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4EE51759-ACE5-459C-B1F2-1D8423DB851B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {5063B4A5-C5DC-403D-980D-30D021AAF510} - System32\Tasks\{05A9E43C-6855-4D96-8277-BB2D01FFB608} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {51991FC9-3578-4BE2-A34E-62209CDDC986} - System32\Tasks\{3FDF5FE7-775A-4901-A125-A977285886C2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {54536EE3-1549-4035-8588-70E374E9727A} - System32\Tasks\{92096556-2279-49E7-B0B4-C77D65A64514} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {55415083-FEDE-497F-90CD-1E8E7AB32C69} - System32\Tasks\{581CDC76-5A7C-49B8-A934-F8540EC8242D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {563071AF-9067-474C-935F-F979627DC1E9} - System32\Tasks\{F9DE91FD-B6B9-4BF0-A3CA-566B4E0D6B12} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {56B64A6B-5A67-4A76-A66D-5958BDE6F0EA} - System32\Tasks\{DC43D0D5-F4BD-4425-AAF9-0119255124ED} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {56CF5DC1-ECA4-4D00-8518-781F567EC298} - System32\Tasks\{A5ED242E-1D3C-4EFE-83AC-D25FEDCF9B1F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {57D7588F-FEB3-4878-B5A9-0072DD0F6AE3} - System32\Tasks\{510368ED-6860-4FA9-B939-885257EC69D1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {588C0AB8-0981-4754-A50C-E05D0EA2DD28} - System32\Tasks\{922805D2-6768-4FAB-B29F-65D888B66020} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5AD0E85A-3C54-4072-8784-6D764F5B155E} - System32\Tasks\{363601FE-2101-417A-BDEA-B7A17C7FE12D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5D518F0A-A458-4B33-AE2E-6DAE74597905} - System32\Tasks\{2CDEF5DB-5CD4-4CED-8074-A23E33D71D3E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5D79BFA1-C317-4E16-8600-78CD0BD23814} - System32\Tasks\{B79114DD-45F1-423D-9B3D-361135FD9E45} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5E217672-1070-498F-A3DE-024171D47C17} - System32\Tasks\{D563BC9C-6BE2-430E-B625-05137B2E9F2D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5ED9CDD4-16FE-49E3-9536-B8D4390CD076} - System32\Tasks\{A4A5F2E1-8110-43BC-ADAC-C42AE60E6774} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6017934C-6948-446A-A470-B8E44C1C5D42} - System32\Tasks\{F3EA1E06-E1D9-4EF2-BF89-C117B6143072} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {60670F04-2AC7-4F2D-B9DB-133207969224} - System32\Tasks\{6B806A81-D969-43A8-8DD6-1994A256AD9C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {64A6CCE3-498E-40A5-9746-E75038A36268} - System32\Tasks\{59B47F94-0129-410E-BF7B-F5B3AEA1A754} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {64D5B843-ECA2-4854-8529-097FCC2427DF} - System32\Tasks\{90E77B0C-363D-4C33-B055-AA2145EBCD6A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6C7A805B-3F0A-4E98-91DE-E1A7D71308D1} - System32\Tasks\{2B2B63E9-4422-4C08-90FA-A63AC3BA096C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6CF73E19-F03B-4408-A864-C3ED2DB75AD0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {6D35D924-B814-4C31-875A-C9F827C149F8} - System32\Tasks\{E3261339-1BE6-4A9F-A41E-848843988D06} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {706BFDD7-580A-4E2D-91C4-254F043906D6} - System32\Tasks\{1695DFBE-4FF7-4360-ADBF-AF91E32D1994} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {70E17574-8B18-4921-8707-D594A70F3735} - System32\Tasks\{1901F48B-F24A-4D9D-A8A0-99CDA8B2B0E8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7456A5B8-AB3E-41F0-BAE6-86AF38F07502} - System32\Tasks\{48BD50C9-E9CF-40C2-9B88-D16A1873664E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {74F857DB-4072-4F39-BFB0-0528F841E6EA} - System32\Tasks\{B0BD4178-3D64-4E4C-99D2-B750CA7059D9} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7766DA0B-4197-42D6-A75C-759B7007D391} - System32\Tasks\{20274E73-EA03-4218-914D-343A2C9B30E2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {776704A0-E288-45EF-ADC8-90072B4690D9} - System32\Tasks\{C167DF06-AD4F-4470-ABA0-A950F34E807A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {79EB2527-3172-4EE8-A72F-BA63D7613A92} - System32\Tasks\{3EBA58FA-334F-4EF7-B236-871DC26C5F07} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7B45238A-5AD7-4765-801F-AD5F58A53E5B} - System32\Tasks\{33BD33D6-3950-4824-937D-BCA73A3E0562} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {808CCCAD-C432-46EF-9636-EA4EA0E9A458} - System32\Tasks\{09C6D7FD-05AF-4872-B6A2-85073860A330} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {81EB41C3-8A84-44F8-BCAB-82EC9D0BCBBF} - System32\Tasks\{ED8EA84E-715F-42C3-BD31-D2587D94436D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {83494F9F-5F22-4EB9-A446-CDBEA87F703E} - System32\Tasks\{E62854CB-23A9-4F2F-BA51-4B855A7C11FE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {83AE5BF8-2204-43BA-84B1-C4FAB150ABDC} - System32\Tasks\{97A4599B-95F5-448D-A880-D091B7E9C4E9} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8460DCD9-BD4C-4F1D-B1AA-B13F11A07C22} - System32\Tasks\{CC0D76B8-0989-432F-A8D3-94888E4CE1C9} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {85247260-88A7-40A0-9BDD-23F75E343D4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {857AE212-0F93-41A3-8C36-29B436CB4BF5} - System32\Tasks\{AB56FB3C-833F-4BA4-86CD-2A0869C73A2F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {882F4EE5-1149-4EF9-9B97-2289FCD631A2} - System32\Tasks\{9F41FF25-0634-4C37-BC12-F9E0E5169087} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8AD49776-C5F3-4240-81A4-54E092382CA4} - System32\Tasks\{0282F78E-090F-452F-8840-DD581AF6919A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8B0EEDC8-DC21-45B4-BC14-4050C9AC4EAD} - System32\Tasks\{53BFC871-6BD6-4AAB-BB76-44020FBDD76A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8BAC3E16-EA34-4B57-9590-B07491ACF6BC} - System32\Tasks\{64D701AC-7209-4528-819F-A6E1B325BA5C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8C6857A1-68E3-4878-A2DF-00035EC7C547} - System32\Tasks\{A8E2CA0A-50B1-4616-A6C6-E3E5D2EE00C6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8C9485D3-C135-4546-B7CA-F6576F032C60} - System32\Tasks\{CAB2741C-3A9B-4903-8970-E13519C4F74D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8E805025-D894-4852-B510-F7D5ECE16838} - System32\Tasks\{4B461E58-3858-43A8-8A46-2DBD2F35F921} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8EA77A13-A639-42B6-9A99-E463D4D389A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {902715BA-B420-42BC-9E12-4E87978839ED} - System32\Tasks\{FF41BC55-A47F-4A9D-A5A6-3B7CE6B17288} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {903A2048-15DD-4697-A7E8-145162834CBB} - System32\Tasks\{DAA20724-57C6-4F81-9FF5-E47F40BD38B2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {905E402D-0686-4AC5-9D46-92472D923508} - System32\Tasks\{FC347048-E222-4AF2-9D43-870C7AF027E1} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {933C785E-2A46-4FE5-AFC5-AC0F8237E46F} - System32\Tasks\{B28B319A-2C31-40D2-8EA1-D7C9652FC9ED} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {960F0C94-F4D5-411A-A6B4-BF05C92FC536} - System32\Tasks\{766B3D5E-B2C4-4981-8116-1BA81AC7D376} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {980823F1-67B9-47DE-852B-FE13D989164A} - System32\Tasks\{264D5DF1-433E-48DC-8C0F-99FA23C210A4} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {985A82D0-9937-4A02-A1F2-84157AE20646} - System32\Tasks\{F0F81C28-23B0-4F65-BDFF-AE9973DB0762} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9962D4AB-2896-4835-A522-354C06B07EED} - System32\Tasks\{313A5802-64FD-4E90-BE5C-E9343DDCCB1A} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {9E7B0576-2753-45C3-8BF9-84178F452A54} - System32\Tasks\{4EA17FE8-50FC-40BC-9A78-259A671BDDF7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A06FB7EA-DE9F-40CC-B2D3-34E63DCAC6CF} - System32\Tasks\{A1F0423F-7A0E-47FE-AC59-A48AF5E50746} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A3DA43B0-975F-4DBE-B75C-888133BF22A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-21] (Microsoft)
Task: {A62C0D8F-0422-471F-89E0-462F0093080B} - System32\Tasks\{F7B5D0E0-D476-4581-8AF3-7D353458D39F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A6AC03C8-2274-4750-8305-87AD5B783F56} - System32\Tasks\{6E1F7757-A55F-4822-8A06-04ABDA09DE42} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A8B00343-6F88-4566-AF63-C896C182054B} - System32\Tasks\{44B1B654-832D-4E93-B991-4305F44A9FF7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A9A33A11-7EC9-4EAC-A986-1F26F7A6AABE} - System32\Tasks\{E9785F42-C73D-4050-957C-4989279974E0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AA354506-2C1F-4059-88A5-8B035FC6170A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {AB06C21B-2A77-4EF9-8260-0B9F9375C2C5} - System32\Tasks\{A2C14D7E-87B1-4AA4-84E9-4108B32D3BD6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {ABAC843C-0FB3-4137-B930-51E076991A10} - System32\Tasks\{9FAEBDCB-DF18-43EB-AE02-3FFE2C95E1CB} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {ABFD9C79-3B94-43BB-844D-09DE796A6E41} - System32\Tasks\{8ADE6137-0BEE-4D16-9B76-A321F7935A9B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {ACB69DFD-13F0-4591-B9B2-4D18E667270E} - System32\Tasks\{84A14DD9-3A64-4955-B03A-6A33CE7C80D5} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AD1EDA18-E688-42EA-ADBA-9FF73C34A620} - System32\Tasks\{9129A24D-C11B-4879-ACC4-E43AA5B35256} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AD2149BC-0510-48C6-9743-C244E72E49A6} - System32\Tasks\{27F89A39-AE2F-4E47-B1AF-EC541F15EDCD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AE89B1CF-6621-4182-B5E3-B45AA4FC34BB} - System32\Tasks\{782BB18D-A09A-465E-869A-9CD868915FCB} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AF96E315-DC48-46A1-A492-9DE837F6DCDC} - System32\Tasks\{26C66D18-AC27-45F3-BBC6-14CE0DFE7EEC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B234FE94-57CC-4577-8CB3-352C55AFDEAB} - System32\Tasks\{F6F047F0-B381-4D63-B8BF-212194F02C2D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B3B92424-5621-4FE2-B989-9C37E09C4ECF} - System32\Tasks\{474DCF3B-E8F1-433D-A097-E8DE90F02DA1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B4FCE446-910E-4A7E-8ED5-40D769353664} - System32\Tasks\{BDE923C3-FBC8-4BEB-BC43-3175A0680C13} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B57ADC53-9991-4DA7-995C-8151459D10DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {B5E3EF6D-376F-4EFE-9F58-2CF8455637E2} - System32\Tasks\{2A930F5B-61BD-4200-A54F-BD3E1721CBE2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B6A1F457-EB44-4AF7-AF30-8375F887D2C3} - System32\Tasks\{25CE3A42-8F59-4A54-839B-6B2F4D835B89} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B709ED06-4E7F-4A0C-8D20-83F2580F7907} - System32\Tasks\{CB99ABAB-1451-42F1-BF9C-44FDF887C697} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B7CF1584-85CD-4994-B220-4906580EBD83} - System32\Tasks\{185B7677-1663-4A41-9813-594FED18777E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B85F712C-8A91-4158-A140-0F1CDF7455B2} - System32\Tasks\{EC689A76-19F6-43AF-BDCF-154D9A70F79C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {B90371E6-9DB0-487B-A98E-C1FF759AFEAE} - System32\Tasks\{75A00090-59B1-4307-9CFA-9D0DD9C2F42A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BAA16E4C-43F5-41E2-9A0D-E5EBE55E1BD5} - System32\Tasks\{95261B47-D1DC-4881-8B2A-3C52D2C8563D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BCCC219B-F128-44FC-A3F4-866102CA322D} - System32\Tasks\{A76F5A84-3340-4568-9B86-4CDB51C7EC08} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BD9DA273-6CE0-41DC-A13F-E96426DDFDEC} - System32\Tasks\{603D9C2B-1989-467D-9E0A-5B0B5360F805} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C0792363-9383-4D69-90C6-CC3F68EFEB0F} - System32\Tasks\{15F7504E-3D92-4E2C-9E3D-CE5A0520B0DE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C0B37393-6E0F-4274-BB7B-18EA5D70AD70} - System32\Tasks\{5A4627F9-EA31-4060-8237-1ECE34FAE39B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C12599F3-AA6E-46DC-8E7A-E9C00DC0D390} - System32\Tasks\{241A732A-442E-4746-8860-79E42FEDC72A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C23A10C8-23B1-4628-A3AB-321A7C27DACF} - System32\Tasks\{8013DD6F-B847-4AE6-A47F-865C21C8C631} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C3FE05B6-077D-493E-8953-99120B2E1E6B} - System32\Tasks\{266C6F62-2577-4B34-951E-B7605613A2FD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C4AB0765-4E09-44F5-B41E-47C4AFA21E75} - System32\Tasks\{4E3C6FEF-D365-4F48-A4D5-C6A64306461E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C4DC888C-E13D-47CB-83DE-ED4FCFEDAC3A} - System32\Tasks\{26D27455-577A-4898-A77C-A02D41291794} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C56C3600-A450-481D-A1A8-78BC627660AC} - System32\Tasks\{2B8500FB-D485-4D83-9C2F-00661D658BAE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C744FC04-5725-47AC-8284-B0C2BB5A5668} - System32\Tasks\{BDFD9A8E-43FB-4E65-BF82-0392ED0EDF38} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CAE1234B-D7C4-45F2-809E-FB880DB7BA62} - System32\Tasks\{40C50984-59AE-4C1C-B3FA-1F79CF7402C0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CB04739E-50E9-4A3C-899C-7D00FD3FF118} - System32\Tasks\{9861D654-115E-44C3-B0A4-F2BF93BA1D5A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CC239DF2-55E6-463F-9E72-F3F1573CADBC} - System32\Tasks\{495A5B9C-A958-4830-B8C0-79666D17CC70} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CCDA7332-86CC-431E-B475-37C3E519278D} - System32\Tasks\{58B8353D-6168-4453-AC68-860FD0CCFE63} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CE2E4445-272A-4DA0-ACA3-5D844E4C1ABA} - System32\Tasks\{909CB1BA-7A21-4A8A-8D4F-CBFC85316127} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CF04E8DF-9829-4DC2-8940-6B137ED38240} - System32\Tasks\{73C0F919-71A3-4FC7-A995-F0D8F0752C18} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CF7B0EE9-0C6D-45B2-9EFE-208D7E771AB3} - System32\Tasks\{BC1D007F-04B6-4772-AD55-80B49DAB2CB0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D2192C78-950D-45F8-B593-C161EC296254} - System32\Tasks\{23AAAACE-91E3-4B8B-84BB-BC144A3E8207} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D2BCC403-D06F-4F41-89EC-190C4972887D} - System32\Tasks\{506E65A2-062C-4F6B-B45A-C63FC5486519} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D387A31B-D1CA-41C4-B759-727E68373349} - System32\Tasks\{F0FFA69A-60ED-4065-B029-90BE5325D18E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D450F601-3060-4B8A-B8C6-CDC4E28E6F8C} - System32\Tasks\{995C4E4D-5F42-491E-A07E-984BC0563A83} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D4DC03A5-DB5A-4496-AE3C-7A8464AF0FA8} - System32\Tasks\{44637EEE-CCDE-4B06-8616-5CF9B3EC70AA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D5925471-65EE-4B4D-88D9-74E596366025} - System32\Tasks\{34D1DAAC-80DF-4FE5-AA0E-7E1337B2E670} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D8894467-E6E2-4544-B3DA-77D375A14DF2} - System32\Tasks\{28A0D818-84A7-4AC3-A27E-6C2B58AD031E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D8CDB540-C777-4354-8450-BF776A642858} - System32\Tasks\{4BA2971D-AFF3-4C75-A441-B2F2C7875226} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D99279BF-2D9C-40D5-8534-347230E55748} - System32\Tasks\{D8748E8F-4BEA-426F-99A1-1316643E61FF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DA053071-BE2E-48A0-A653-B8665D0761A3} - System32\Tasks\{38316B2A-4FE5-43ED-9B75-A0D9973B2C32} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DAB97059-2F32-456A-93CA-29BC1FF41475} - System32\Tasks\{8C3F7D18-6892-4705-A949-D0567D95E715} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DD0B5C94-3B5E-4C97-85E1-8B8D4F48A034} - System32\Tasks\{E8DEE24C-DAC2-4A74-B9A1-A30483BEB9FC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DDF7DCEB-A231-45DA-9750-4A5B9CB08272} - System32\Tasks\{57B5D86D-2D46-4B28-ACAC-9B1BBCB71E6D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DEB59A51-E699-4BCC-8D05-C1EFCD4E08A9} - System32\Tasks\{9AB7F4AC-76FC-4235-B2C0-468EA0AF5AD5} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DF084D32-9970-4E70-A6D6-874E35C9C431} - System32\Tasks\{27321B25-414F-4BDD-AB19-AB000BAC68F7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DF71F7B3-70E7-4B6E-8F4E-11996DDB36CC} - System32\Tasks\{82BC6C6B-B834-44D2-9A4C-778D9EF84A78} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {DFE60A88-7322-4AB6-A04D-55F810C8E819} - System32\Tasks\{9FF8405D-C8F8-4EAE-B4F4-C89FAB434E23} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E007F2E9-0541-453B-85E2-C6C4B4432168} - System32\Tasks\{9245323D-CBA1-4D77-8AEF-3F7185818A52} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E0B063F2-2CDD-40F2-8C58-4C1EB2CCEDB9} - System32\Tasks\{8478E285-375D-44C7-BF83-580385D65293} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E2713044-653F-4959-8B48-704DEF038248} - System32\Tasks\{ED899E74-25AB-4A8A-9C24-D7C3869BA21F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E2906C16-BF30-4377-8E59-82E7D3E410F5} - System32\Tasks\{76E8D007-1647-4E2C-A088-DE414D4328ED} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E2E77184-A0AE-4063-978A-194202173C9E} - System32\Tasks\{59B0C8B3-17D9-40F2-B1DF-78B614CB4278} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E4FC6931-FCD5-4051-89DA-7F5F64692EE9} - System32\Tasks\{7C01661F-008A-4CB8-839A-F74B2E0E4D18} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E6BC02AD-BA0D-411D-B6C1-13ABC4AA2FAB} - System32\Tasks\{3C0A9DB0-FE4B-4B3A-ABC6-50DD7BFBC22A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E72C8F82-F4B1-4DA7-A9D3-121766774F6E} - System32\Tasks\{56554C2B-0A52-4E47-91EE-6A2F39CC1F31} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E76DF96E-BA1F-4503-9A33-89EF192FB98E} - System32\Tasks\{C021EBB1-503E-496E-B048-EAC34CCBB228} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E97004A7-CD11-4052-B485-947441F11254} - System32\Tasks\{E2F32F0B-1B20-48EC-817D-4196120FDECD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {EDAA38F1-B486-4134-A686-D10F81E150EC} - System32\Tasks\{82255E0B-838B-4E6C-9415-2AF36B9133FC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F0312439-D7F0-4F49-8E74-67EAD3541888} - System32\Tasks\{5C17640A-44FE-4C37-BBEA-8511BF4C2588} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F1AC323A-3D35-413D-890E-E763AE8B43DA} - System32\Tasks\{EBEC61E2-23FC-4160-80D2-F61FAB8FD715} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F32FADDB-C6A9-4F46-A624-9B497BFF9FD4} - System32\Tasks\{58A69A6C-C3D4-4EAE-B9D3-272C2EF33E9C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F3A8EA4F-19AA-476D-B5D9-865395511E0F} - System32\Tasks\{C27F9239-8B9B-4728-8641-CBEA01BC99A3} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F50CB904-ADB9-4BF1-AA01-EFE6FCF4DF61} - System32\Tasks\{2E8970E4-E6BC-4C8F-BEF9-C197010D1D45} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F535EF5A-0FFE-4E89-AF25-CD6FF6AE71A8} - System32\Tasks\{FB2065E8-C7AE-4677-9304-29A925021F83} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F5F11B7E-8FE6-4BD3-B30D-5000641C87CB} - System32\Tasks\{33435084-5C3D-47B0-8414-CF9B77AD46CA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F65099CF-B22D-483B-B128-E4139770DBDF} - System32\Tasks\{2D4FE70A-3218-42FF-B568-54016A43FBF8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F7411A4B-EE88-42A3-AB64-686FA9F915E7} - System32\Tasks\{6D0A983E-4C68-4B82-AF9C-C32C91C9058F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F7DF0815-2A01-4716-8432-EA2538F9F052} - System32\Tasks\{7D81E358-E49F-4B9E-9846-435B35B2EC51} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F7E71EAA-C79A-46E7-AA8B-D380BA717D39} - System32\Tasks\{6C929A11-5FF6-4F69-962D-C8CADC529DCB} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F8B251B7-0B9C-4236-BE26-517F09D23FB0} - System32\Tasks\{69FA53C4-654E-44E1-9C9B-2CD774484340} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F8F1C19A-7418-49D3-B17C-E8E3F1738009} - System32\Tasks\{61D54DCF-307A-453B-983E-B21904212B9B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F9E60A38-891F-4246-A598-DC9AF26BB087} - System32\Tasks\{B74AF19D-C452-46E9-A473-D4D1339F97F2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FA7E9324-15B9-4BBC-91F2-3E1E9BD1B8CE} - System32\Tasks\{86125ADC-54BE-48BC-839C-A2C58B7A4E45} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FAD643D4-C1FE-41E3-9676-3B75A23C6608} - System32\Tasks\{A840D2FD-550C-42AD-BDCA-1CE2F265DB21} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FC7B9D1C-5CEF-4EC1-B622-F3A9498645A2} - System32\Tasks\{1E59095F-F5BD-4BB2-BB82-16C11CCC2447} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FE51824C-3872-4210-BD95-13E07A38ACFE} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-14 11:42 - 2012-09-14 11:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-14 11:37 - 2012-09-14 11:37 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-04-09 15:02 - 2010-04-03 13:05 - 00380928 _____ () C:\Program Files (x86)\Launchy\Launchy.exe
2012-11-11 15:08 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00098888 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2014-07-08 18:34 - 2013-11-14 13:59 - 00031304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2014-07-08 18:34 - 2008-11-25 16:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2014-07-08 18:34 - 2004-10-05 02:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00029768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00050248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2014-07-08 18:34 - 2014-01-13 17:06 - 00105544 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00030280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00293960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00578632 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00468040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00192072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2014-07-08 18:34 - 2013-12-23 10:01 - 00281672 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00068680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00069192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00022600 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00115784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00192584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00135752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2014-07-08 18:34 - 2013-10-22 16:31 - 00037960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00135240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2014-07-08 18:34 - 2013-12-24 16:42 - 00017992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00096840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2014-07-08 18:34 - 2013-09-04 10:19 - 00249928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
2012-04-09 15:02 - 2009-12-16 22:13 - 08314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll
2012-04-09 15:02 - 2009-12-16 21:54 - 02236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll
2012-04-09 15:02 - 2009-12-16 21:56 - 00712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll
2012-04-09 15:02 - 2009-12-17 00:18 - 00233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
2012-04-09 15:02 - 2010-04-03 21:40 - 00081920 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll
2012-04-09 15:02 - 2010-04-03 13:05 - 00090112 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll
2012-04-09 15:02 - 2010-04-03 13:06 - 00024064 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll
2012-04-09 15:02 - 2010-04-03 13:06 - 00094208 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll
2012-04-09 15:02 - 2010-04-03 13:05 - 00057344 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll
2012-04-09 15:02 - 2010-04-03 13:05 - 00122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll
2014-11-24 21:05 - 2014-11-24 21:05 - 00043008 _____ () c:\users\me\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppkzdfb.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\me\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-13 08:03 - 2014-11-13 08:03 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-12 21:58 - 2014-11-12 21:58 - 16840880 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2011-05-26 20:18 - 2011-05-26 20:18 - 00136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\me\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-4238942255-3180995338-2938082374-500 - Administrator - Disabled)
Gast (S-1-5-21-4238942255-3180995338-2938082374-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4238942255-3180995338-2938082374-1003 - Limited - Enabled)
me (S-1-5-21-4238942255-3180995338-2938082374-1001 - Administrator - Enabled) => C:\Users\me

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3011 Bluetooth 3.0 + HS Adapter
Description: Qualcomm Atheros AR3011 Bluetooth 3.0 + HS Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2014 01:36:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/25/2014 01:36:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (11/25/2014 01:34:12 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/25/2014 01:34:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (11/25/2014 01:34:04 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (11/25/2014 01:34:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/24/2014 10:33:32 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


Microsoft Office Sessions:
=========================
Error: (09/20/2013 08:30:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3448 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (06/15/2013 08:18:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-02-22 11:59:01.598
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-22 11:59:01.357
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-22 11:58:58.704
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-22 11:58:58.504
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-22 11:58:56.242
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-22 11:58:56.031
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-22 11:58:53.781
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-22 11:58:53.597
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-22 11:58:51.327
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-22 11:58:51.130
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 31%
Total physical RAM: 7648.17 MB
Available physical RAM: 5206.81 MB
Total Pagefile: 15294.52 MB
Available Pagefile: 12190.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:675.85 GB) (Free:298.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:17.49 GB) (Free:2.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:4.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 285D9F81)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================

feivel001 25.11.2014 16:46
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-25 14:18:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000073 ST975042 rev.0003 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\me\AppData\Local\Temp\uxldypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 738                                                                                                                                            fffff800033ef0d2 12 bytes [4C, 8B, 4C, 24, 70, 44, 38, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 751                                                                                                                                            fffff800033ef0df 7 bytes [74, 08, 41, 89, 06, E9, A0]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                          0000000077411401 2 bytes JMP 765cb21b C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                            0000000077411419 2 bytes JMP 765cb346 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                          0000000077411431 2 bytes JMP 76648ea9 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                          000000007741144a 2 bytes CALL 765a48ad C:\windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                            * 9
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                            00000000774114dd 2 bytes JMP 766487a2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                      00000000774114f5 2 bytes JMP 76648978 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                            000000007741150d 2 bytes JMP 76648698 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                      0000000077411525 2 bytes JMP 76648a62 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                            000000007741153d 2 bytes JMP 765bfca8 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                0000000077411555 2 bytes JMP 765c68ef C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                          000000007741156d 2 bytes JMP 76648f61 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                            0000000077411585 2 bytes JMP 76648ac2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                              000000007741159d 2 bytes JMP 7664865c C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                            00000000774115b5 2 bytes JMP 765bfd41 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                          00000000774115cd 2 bytes JMP 765cb2dc C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                      00000000774116b2 2 bytes JMP 76648e24 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe[2640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                      00000000774116bd 2 bytes JMP 766485f1 C:\windows\syswow64\kernel32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                                                                        00000000706d11a8 2 bytes [6D, 70]
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248                                                                                                      00000000706d127d 2 bytes CALL 765a14b9 C:\windows\syswow64\kernel32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395                                                                                                      00000000706d1310 2 bytes CALL 765a14b9 C:\windows\syswow64\kernel32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                                                                  00000000706d13a8 2 bytes [6D, 70]
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                                                                      00000000706d1422 2 bytes [6D, 70]
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                                                              00000000706d1498 2 bytes [6D, 70]
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4                                                                                            00000000704f1825 2 bytes JMP 774d6125 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4                                                                                          00000000704f1830 2 bytes JMP 774d6145 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4                                                                                        00000000704f183b 2 bytes JMP 774d6165 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4                                                                                          00000000704f1846 2 bytes JMP 774d5a05 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4                                                                                00000000704f1851 2 bytes JMP 774d6185 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4                                                                                        00000000704f185c 2 bytes JMP 774d6265 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4                                                                                                  00000000704f1867 2 bytes JMP 774d6285 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4                                                                                            00000000704f1872 2 bytes JMP 774d62a5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4                                                                                          00000000704f187d 2 bytes JMP 774d62c5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4                                                                                                      00000000704f1888 2 bytes JMP 774d5a25 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4                                                                                        00000000704f1893 2 bytes JMP 774d62e5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4                                                                                          00000000704f189e 2 bytes JMP 774d5aa5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4                                                                                              00000000704f18a9 2 bytes JMP 774d6305 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4                                                                                          00000000704f18b4 2 bytes JMP 774d6325 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4                                                                                    00000000704f18bf 2 bytes JMP 774a1fcb C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4                                                                                              00000000704f18ca 2 bytes JMP 774d6365 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4                                                                                            00000000704f18d5 2 bytes JMP 774d5ac5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4                                                                                          00000000704f18e0 2 bytes JMP 774d5b45 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4                                                                                      00000000704f18eb 2 bytes JMP 774d5b65 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4                                                                                    00000000704f18f6 2 bytes JMP 774d68c5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4                                                                                      00000000704f1901 2 bytes JMP 774d5a85 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4                                                                                          00000000704f190c 2 bytes JMP 774d68e5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4                                                                                            00000000704f1917 2 bytes JMP 774d6925 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4                                                                                            00000000704f1922 2 bytes JMP 774d5ae5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4                                                                                            00000000704f192d 2 bytes JMP 774d6945 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4                                                                                                      00000000704f1938 2 bytes JMP 774d6965 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4                                                                                          00000000704f1943 2 bytes JMP 774d6985 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4                                                                                      00000000704f194e 2 bytes JMP 774d69a5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4                                                                                              00000000704f1959 2 bytes JMP 774d69c5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4                                                                                                    00000000704f1964 2 bytes JMP 774d69e5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4                                                                                            00000000704f196f 2 bytes JMP 774d6a05 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4                                                                                            00000000704f197a 2 bytes JMP 774d6a25 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4                                                                                              00000000704f1985 2 bytes JMP 774d6a45 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4                                                                                            00000000704f1990 2 bytes JMP 774d6a65 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4                                                                                    00000000704f199b 2 bytes JMP 774d6a85 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4                                                                                        00000000704f19a6 2 bytes JMP 774d6aa5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4                                                                                          00000000704f19b1 2 bytes JMP 774d6ac5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4                                                                                            00000000704f19bc 2 bytes JMP 774d6ae5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4                                                                                              00000000704f19c7 2 bytes JMP 774d6b05 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4                                                                                                      00000000704f19d2 2 bytes JMP 774d6b25 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4                                                                                                  00000000704f19dd 2 bytes JMP 774d5b85 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4                                                                                    00000000704f19e8 2 bytes JMP 774d6b65 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4                                                                                        00000000704f19f3 2 bytes JMP 774d6b85 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4                                                                                  00000000704f19fe 2 bytes JMP 774d6bc3 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4                                                                                                00000000704f1a09 2 bytes JMP 774d6be3 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4                                                                                              00000000704f1a14 2 bytes JMP 774d6c03 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4                                                                                              00000000704f1a1f 2 bytes JMP 774d5b05 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4                                                                                              00000000704f1a2a 2 bytes JMP 774d6c23 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4                                                                                          00000000704f1a35 2 bytes JMP 774d6c43 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4                                                                                              00000000704f1a40 2 bytes JMP 774d6c63 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4                                                                                        00000000704f1a4b 2 bytes JMP 774d6c83 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4                                                                                          00000000704f1a56 2 bytes JMP 774d6ca3 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4                                                                                                    00000000704f1a61 2 bytes JMP 774d6cc3 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4                                                                                                00000000704f1a6c 2 bytes JMP 774d5ba5 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4                                                                                            00000000704f1a77 2 bytes JMP 774d6ce3 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4                                                                                      00000000704f1a82 2 bytes JMP 774d6d03 C:\windows\syswow64\GDI32.dll
.text    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2832] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52                                                                                    00000000704f1ab2 2 bytes JMP 75bedc75 C:\windows\syswow64\msvcrt.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                      0000000077411401 2 bytes JMP 765cb21b C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                        0000000077411419 2 bytes JMP 765cb346 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                      0000000077411431 2 bytes JMP 76648ea9 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                      000000007741144a 2 bytes CALL 765a48ad C:\windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                            * 9
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                          00000000774114dd 2 bytes JMP 766487a2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                  00000000774114f5 2 bytes JMP 76648978 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                          000000007741150d 2 bytes JMP 76648698 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                  0000000077411525 2 bytes JMP 76648a62 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                        000000007741153d 2 bytes JMP 765bfca8 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                              0000000077411555 2 bytes JMP 765c68ef C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                      000000007741156d 2 bytes JMP 76648f61 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                        0000000077411585 2 bytes JMP 76648ac2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                            000000007741159d 2 bytes JMP 7664865c C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                        00000000774115b5 2 bytes JMP 765bfd41 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                      00000000774115cd 2 bytes JMP 765cb2dc C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                  00000000774116b2 2 bytes JMP 76648e24 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                  00000000774116bd 2 bytes JMP 766485f1 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                      0000000077411401 2 bytes JMP 765cb21b C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                        0000000077411419 2 bytes JMP 765cb346 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                      0000000077411431 2 bytes JMP 76648ea9 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                      000000007741144a 2 bytes CALL 765a48ad C:\windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                            * 9
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                          00000000774114dd 2 bytes JMP 766487a2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                  00000000774114f5 2 bytes JMP 76648978 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                          000000007741150d 2 bytes JMP 76648698 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                  0000000077411525 2 bytes JMP 76648a62 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                        000000007741153d 2 bytes JMP 765bfca8 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                              0000000077411555 2 bytes JMP 765c68ef C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                      000000007741156d 2 bytes JMP 76648f61 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                        0000000077411585 2 bytes JMP 76648ac2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                            000000007741159d 2 bytes JMP 7664865c C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                        00000000774115b5 2 bytes JMP 765bfd41 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                      00000000774115cd 2 bytes JMP 765cb2dc C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                  00000000774116b2 2 bytes JMP 76648e24 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launchy\Launchy.exe[4192] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                  00000000774116bd 2 bytes JMP 766485f1 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                                                                              0000000077411401 2 bytes JMP 765cb21b C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17                                                                                                0000000077411419 2 bytes JMP 765cb346 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17                                                                                              0000000077411431 2 bytes JMP 76648ea9 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42                                                                                              000000007741144a 2 bytes CALL 765a48ad C:\windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                            * 9
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                                                                                00000000774114dd 2 bytes JMP 766487a2 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                          00000000774114f5 2 bytes JMP 76648978 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                                                                                000000007741150d 2 bytes JMP 76648698 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                          0000000077411525 2 bytes JMP 76648a62 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                                                                                000000007741153d 2 bytes JMP 765bfca8 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17                                                                                                    0000000077411555 2 bytes JMP 765c68ef C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                                                                              000000007741156d 2 bytes JMP 76648f61 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                                                                                0000000077411585 2 bytes JMP 76648ac2 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                                                                  000000007741159d 2 bytes JMP 7664865c C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                                                                                00000000774115b5 2 bytes JMP 765bfd41 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                                                                              00000000774115cd 2 bytes JMP 765cb2dc C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                                                                          00000000774116b2 2 bytes JMP 76648e24 C:\windows\syswow64\kernel32.dll
.text    C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe[4328] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                                                                          00000000774116bd 2 bytes JMP 766485f1 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                          0000000077411401 2 bytes JMP 765cb21b C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                            0000000077411419 2 bytes JMP 765cb346 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                          0000000077411431 2 bytes JMP 76648ea9 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                          000000007741144a 2 bytes CALL 765a48ad C:\windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                            * 9
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                            00000000774114dd 2 bytes JMP 766487a2 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                      00000000774114f5 2 bytes JMP 76648978 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                            000000007741150d 2 bytes JMP 76648698 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                      0000000077411525 2 bytes JMP 76648a62 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                            000000007741153d 2 bytes JMP 765bfca8 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                0000000077411555 2 bytes JMP 765c68ef C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                          000000007741156d 2 bytes JMP 76648f61 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                            0000000077411585 2 bytes JMP 76648ac2 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                              000000007741159d 2 bytes JMP 7664865c C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                            00000000774115b5 2 bytes JMP 765bfd41 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                          00000000774115cd 2 bytes JMP 765cb2dc C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                      00000000774116b2 2 bytes JMP 76648e24 C:\windows\syswow64\kernel32.dll
.text    C:\program files (x86)\avira\antivir desktop\ipmGui.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                      00000000774116bd 2 bytes JMP 766485f1 C:\windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Library  C:\Users\me\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe [4328](2014-11-13 06:49:58)                                                00000000040a0000
Library  c:\users\me\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppkzdfb.dll (*** suspicious ***) @ C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe [4328](2014-11-24 20:05:46)  00000000044e0000
Library  C:\Users\me\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe [4328](2013-08-23 19:01:44)                                                      00000000611a0000
Library  C:\Users\me\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe [4328] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                        00000000602d0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70d3b8676                                                                                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70d3b8676 (not active ControlSet)                                                                                                               

---- EOF - GMER 2.1 ----
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24.11.2014
Scan Time: 19:10:47
Logfile: MBAW.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.24.07
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: me

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338082
Time Elapsed: 20 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C321541F-B22D-4593-AC1A-9634812A4E40}, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A8018C54-B702-4D52-9ACC-8CA78911E633}, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C6A846C5-D67F-48B4-8552-C22354E56966}, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A8018C54-B702-4D52-9ACC-8CA78911E633}, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C6A846C5-D67F-48B4-8552-C22354E56966}, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C321541F-B22D-4593-AC1A-9634812A4E40}, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-4238942255-3180995338-2938082374-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-4238942255-3180995338-2938082374-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.FlowSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF, , [ecab65da512ba78f806663476c9825db],
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-4238942255-3180995338-2938082374-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF, , [c4d3da655f1d1c1a31b5fcae08fc8f71],

Registry Values: 3
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|jid1-tofUlNEIFlkUIA@jetpack, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack, , [64336bd4314b85b16cc4d79543c0b44c]
PUP.Optional.FlowSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, , [ecab65da512ba78f806663476c9825db]
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-4238942255-3180995338-2938082374-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, , [c4d3da655f1d1c1a31b5fcae08fc8f71]

Registry Data: 0
(No malicious items detected)

Folders: 11
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\defaults, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\defaults\preferences, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\locale, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\addon-sdk, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\addon-sdk\lib, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf\data, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf\lib, , [0790b48b46365dd91dc6e5c5cf3543bd],

Files: 15
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\flowsurf.dll, , [8314fe41d7a540f62ac005bc23df8e72],
PUP.Optional.Bandoo, C:\Users\me\AppData\Local\Temp\GIIl7j5U.exe.part, , [d3c4e857cfad9e98d9b2aa7a13ee6898],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\install.ico, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\atl110.dll, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\fsupd.exe, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\msvcr110.dll, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\upfs7214.exe, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\bootstrap.js, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\harness-options.json, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\icon.png, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\icon64.png, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\install.rdf, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\locales.json, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\defaults\preferences\prefs.js, , [0790b48b46365dd91dc6e5c5cf3543bd],
PUP.Optional.FlowSurf.A, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf\lib\main.js, , [0790b48b46365dd91dc6e5c5cf3543bd],

Physical Sectors: 0
(No malicious items detected)


(end)
Code:
# AdwCleaner v4.102 - Bericht erstellt am 24/11/2014 um 20:58:47
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-24.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : me - ME-HP
# Gestartet von : C:\Users\me\Desktop\AdwCleaner_4.102.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Ordner Gefunden : C:\Users\me\AppData\Roaming\pdfforge

***** [ Tasks ] *****

Task Gefunden : fsupdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Schlüssel Gefunden : [x64] HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Schlüssel Gefunden : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 de)

[JonDoFox] - Zeile gefunden : user_pref("pttl.menu-search-groups-tab", false);
[JonDoFox] - Zeile gefunden : user_pref("pttl.menu-search-groups-win", false);

*************************

AdwCleaner[R0].txt - [5270 octets] - [24/11/2014 19:34:40]
AdwCleaner[R1].txt - [5110 octets] - [24/11/2014 20:58:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5170 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by me on 24.11.2014 at 22:23:44,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{11E69D26-4768-40CA-85E4-93908918BAAE}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{1E3EE51A-1FA1-4435-BDC3-41B5BFC14CB9}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{246FFD0B-D95D-4412-B7EC-975EDC36E50F}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{2692EE9B-5929-4C41-9DE9-1DF7144EA6B2}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{3ACD9B83-135B-4BF0-B18F-A90D39EFCE21}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{69C2BC25-90DB-4984-B8A1-9BBDC661D351}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{700BF096-23F4-427B-9A18-BAC6F702581A}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{8550D672-D66C-4981-801F-11BECDC55954}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{9207E18B-6B3F-4073-B450-911E3F7B5218}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{99F751F2-778B-442A-990C-C016ADB565C7}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{D183EE99-A3B9-4C65-B3CC-A37FFEC0E1E6}
Successfully deleted: [Empty Folder] C:\Users\me\appdata\local\{E9ABC72A-CB16-4D41-B8C7-899892E95460}



~~~ FireFox

Emptied folder: C:\Users\me\AppData\Roaming\mozilla\firefox\profiles\m0axdbgg.default\minidumps [119 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.11.2014 at 22:28:50,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Shortcut Cleaner 1.3.4 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 11/25/2014 02:23:51 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\me\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\me\Desktop


0 bad shortcuts found.

Program finished at: 11/25/2014 02:23:52 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)

schrauber 26.11.2014 08:51
Wurden die Funde von MBAM und AdwCleaner auch gelöscht? In welchem Browser besteht das Problem? Besteht es nur in diesem browser oder auch in anderen?

feivel001 26.11.2014 09:48
hallo schrauber, danke für deine hilfe!

ja die funde wurden gelöscht. der ESET online Test hat auch keine Bedrohung mehr ergeben. Das gravierendste Firefox Problem war, dass es sich immer wieder aufgehängt hat wenn ich viel gestreamt hab (youtube) und dass es irgendwie unnatürlich langsam war oft. Werd jetzt mal beobachten.

Wie gesagt, die scans ergeben keine Bedrohung mehr.

Liebe Grüße
Christian

schrauber 27.11.2014 08:06
Schalte mal die Hardwarebeschleunigung in FF ab.

feivel001 27.11.2014 17:15
mach ich

schrauber 28.11.2014 13:14
und berichte dann wie sich der Rechner und FF verhalten :)

feivel001 01.12.2014 21:17
hi schrauber,

war am WE nicht am rechner. also er läuft und es kommt keine virenmeldung mehr. mein firefox streamt jetzt etwas instabiler (vor allem liveübertragungen), aber aufgehängt hat er sich nicht beim ausprobieren. scheint alles zu passen denk ich.

schönen abend!

schrauber 02.12.2014 17:45
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

feivel001 19.01.2015 17:45
hallo schrauber,

jetzt hats leider etwas länger gedauert bis ich wieder dazu kam. hat alles geklappt. vielen dank und somit ist das thema erledigt.

vielen dank nochmals für die gute und schnelle hilfe!

schrauber 19.01.2015 20:22
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131