FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Kati (administrator) on KATI-PC on 18-05-2014 14:32:59
Running from C:\Users\Kati\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BUP) C:\Users\Kati\AppData\Roaming\BupSystem\bup.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Facebook Inc.) C:\Users\Kati\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Spotify Ltd) C:\Users\Kati\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Kati\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGJE.EXE
(simplitec) C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe
(Dropbox, Inc.) C:\Users\Kati\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\POsd.exe
() C:\Users\Kati\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Kati\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Kati\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Kati\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Kati\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Farbar) C:\Users\Kati\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PHotkey] => C:\Program Files (x86)\PHotkey\PHotkey.exe [819720 2011-02-23] (Pegatron Corporation)
HKLM-x32\...\Run: [MsgTranAgt] => C:\Program Files (x86)\PHotkey\MsgTranAgt.exe [117256 2010-01-12] ()
HKLM-x32\...\Run: [MsgTranAgt64] => C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe [121864 2010-01-12] ()
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2548312011-2494454960-3164520827-1001\...\Run: [Facebook Update] => C:\Users\Kati\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-20] (Facebook Inc.)
HKU\S-1-5-21-2548312011-2494454960-3164520827-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2548312011-2494454960-3164520827-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-2548312011-2494454960-3164520827-1001\...\Run: [Spotify] => C:\Users\Kati\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-2548312011-2494454960-3164520827-1001\...\Run: [Spotify Web Helper] => C:\Users\Kati\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-2548312011-2494454960-3164520827-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-20] (Google Inc.)
HKU\S-1-5-21-2548312011-2494454960-3164520827-1001\...\Run: [EPSON BX305 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
Startup: C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kati\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9A119BA29CEBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\Users\Kati\AppData\LocalLow\systems ie bho\bho.dll ()
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\g2jmug2y.default
FF user.js: detected! => C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\g2jmug2y.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Kati\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Kati\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Foxy Security - C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\g2jmug2y.default\Extensions\sys@foxysecurity.com [2014-04-28]
FF Extension: DownloadHelper - C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\g2jmug2y.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-09-11]
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=FA2578929C739985&affID=121562&tt=250613_gr4&tsp=4928
CHR DefaultNewTabURL:
CHR Extension: (DVDVideoSoft) - C:\Users\Kati\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\Kati\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03]
CHR Extension: (Citavi Picker) - C:\Users\Kati\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2013-12-24]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-06-29]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [2013-06-29]
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2013-09-11]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 bupService; C:\Users\Kati\AppData\Roaming\BupSystem\bup.exe [642048 2014-04-14] (BUP)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-10-06] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
S2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [X]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-18 14:23 - 2014-05-18 14:23 - 02067456 _____ (Farbar) C:\Users\Kati\Downloads\FRST64(1).exe
2014-05-18 13:50 - 2014-05-18 13:50 - 00000000 ____D () C:\Users\Kati\AppData\Local\{422F2530-3EF2-4E9C-A789-485C1206D1AC}
2014-05-17 23:57 - 2014-05-17 23:59 - 00000000 ____D () C:\Users\Kati\Desktop\Fotos
2014-05-17 23:56 - 2014-05-17 23:58 - 00000000 ____D () C:\Users\Kati\Desktop\Kinderfotos
2014-05-17 23:51 - 2014-05-17 23:55 - 00000000 ____D () C:\Users\Kati\Downloads\Uni
2014-05-17 22:55 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-17 22:55 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-17 22:55 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-17 22:55 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-17 22:55 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-17 22:55 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-17 22:55 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-17 22:55 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-17 22:55 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-17 22:55 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-17 22:55 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-17 22:55 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-17 22:55 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-17 22:55 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-17 22:55 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-17 22:55 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-17 22:55 - 2013-10-01 22:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-17 22:55 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-17 22:54 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-17 22:54 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-17 22:08 - 2014-05-17 22:08 - 00000000 ____D () C:\Users\Kati\AppData\Local\{4BE87CCE-750B-4228-B62E-246699B53E05}
2014-05-17 20:59 - 2014-05-17 20:59 - 00383343 _____ () C:\Users\Kati\Desktop\Report.htm
2014-05-17 20:58 - 2014-05-17 20:58 - 00000000 ____D () C:\Users\Kati\Documents\EVEREST Reports
2014-05-17 20:41 - 2014-05-17 20:42 - 215448505 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\wlane6221_inw7.exe
2014-05-17 20:40 - 2014-05-17 20:40 - 18857054 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\tpde6221_se_wxpvstw7_32_64.exe
2014-05-17 20:40 - 2014-05-17 20:40 - 09144982 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\usb3e6221_e722xw7.exe
2014-05-17 20:39 - 2014-05-17 20:40 - 47783495 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\ske6221_e722x_cx_wxpw7(2).exe
2014-05-17 20:39 - 2014-05-17 20:39 - 31119378 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\mnme6221_e722xvstw7_w8.exe
2014-05-17 20:39 - 2014-05-17 20:39 - 02620971 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\lane6221_e722xxpvstw7.exe
2014-05-17 20:38 - 2014-05-17 20:38 - 10364287 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\keye6221_e722xw7w8(1).exe
2014-05-17 20:34 - 2014-05-17 20:37 - 195993064 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\vgae6221_e722x_in_w7_w8.exe
2014-05-17 20:34 - 2014-05-17 20:34 - 03987373 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\chpe6221_e722xxpvstw7.exe
2014-05-17 20:34 - 2014-05-17 20:34 - 01798895 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\bioe722x_p762x.exe
2014-05-17 20:33 - 2014-05-17 20:34 - 11290483 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\ahcie6221vstw7_w8.exe
2014-05-17 20:31 - 2014-05-17 20:31 - 10364287 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\keye6221_e722xw7w8.exe
2014-05-17 20:26 - 2014-05-17 20:26 - 47783495 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\ske6221_e722x_cx_wxpw7(1).exe
2014-05-17 20:25 - 2014-05-17 20:25 - 00229008 _____ () C:\Users\Kati\Downloads\MEDION_Treibersuche.exe
2014-05-17 20:18 - 2014-05-17 20:18 - 00001130 _____ () C:\Users\Kati\Desktop\EVEREST Ultimate Edition.lnk
2014-05-17 20:18 - 2014-05-17 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2014-05-17 20:18 - 2014-05-17 20:18 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-05-17 20:17 - 2014-05-17 20:17 - 10255080 _____ (Lavalys, Inc. ) C:\Users\Kati\Downloads\everestultimate550.exe
2014-05-17 18:20 - 2014-05-17 18:45 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-05-17 18:20 - 2014-05-17 18:20 - 00001266 _____ () C:\Users\Public\Desktop\NCH Software.lnk
2014-05-17 18:20 - 2014-05-17 18:20 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2014-05-17 18:20 - 2014-05-17 18:20 - 00001154 _____ () C:\Users\Public\Desktop\Express Burn.lnk
2014-05-17 18:20 - 2014-05-17 18:20 - 00001154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2014-05-17 18:20 - 2014-05-17 18:20 - 00001142 _____ () C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2014-05-17 18:20 - 2014-05-17 18:20 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-05-17 18:20 - 2014-05-17 18:20 - 00000000 ____D () C:\ProgramData\NCH Software
2014-05-17 18:19 - 2014-05-17 18:43 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\NCH Software
2014-05-17 18:19 - 2014-05-17 18:20 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-17 18:19 - 2014-05-17 18:19 - 00001130 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2014-05-17 18:19 - 2014-05-17 18:19 - 00001118 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2014-05-17 18:19 - 2014-05-17 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-05-17 18:18 - 2014-05-17 18:18 - 00961360 _____ (Chip Digital GmbH) C:\Users\Kati\Downloads\Debut Video Capture - CHIP-Downloader.exe
2014-05-16 22:17 - 2014-05-16 22:17 - 00000000 ____D () C:\Users\Kati\AppData\Local\{2611705F-FCFF-44F2-9C4B-EC29E5A67B46}
2014-05-16 09:09 - 2014-05-16 09:09 - 00000000 ____D () C:\Users\Kati\AppData\Local\{69A1EF25-1F79-4775-BA26-5F9375FE9B95}
2014-05-16 08:35 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 08:35 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 08:35 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 08:35 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 08:35 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 08:35 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 14:27 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 14:27 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 14:27 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 14:27 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 14:26 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 14:26 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 14:26 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 14:26 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 14:26 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 14:26 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 14:26 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 14:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 14:26 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 14:26 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 14:26 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 14:26 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 14:26 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 14:26 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 14:26 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 14:26 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 14:26 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 14:26 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 14:26 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 14:26 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 14:26 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 14:26 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 14:26 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 14:26 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 14:26 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 14:26 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 14:26 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 14:26 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 14:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 14:26 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 14:17 - 2014-05-15 14:18 - 00000000 ____D () C:\Users\Kati\AppData\Local\{4DD5F804-7106-4564-8BC2-F943268098E6}
2014-05-14 19:25 - 2014-05-14 19:25 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\PDF Architect 2
2014-05-14 19:12 - 2014-05-14 19:12 - 00001021 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-05-14 19:12 - 2014-05-14 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-05-14 19:11 - 2014-05-14 19:12 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-05-14 19:11 - 2014-05-14 19:11 - 00000000 ____D () C:\Users\Kati\Documents\PDF Architect 2
2014-05-14 19:10 - 2014-05-14 19:12 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-14 19:10 - 2014-05-14 19:10 - 00001039 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-05-14 19:10 - 2014-05-14 19:10 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\pdfforge
2014-05-14 19:10 - 2014-05-14 19:10 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-05-14 19:10 - 2014-05-14 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-05-14 19:10 - 2014-04-25 17:44 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-05-14 19:10 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-05-14 19:10 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-05-14 19:10 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-05-14 19:10 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-05-14 19:10 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-05-14 19:10 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-05-14 19:10 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-05-14 19:07 - 2014-05-14 19:08 - 27843432 _____ (pdfforge ) C:\Users\Kati\Downloads\PDFCreator-1_7_3_setup.exe
2014-05-14 16:28 - 2014-05-14 16:28 - 00000000 ____D () C:\Users\Kati\AppData\Local\{AFF51EAF-1EEE-4D30-9A8D-532258456C17}
2014-05-13 17:17 - 2014-05-13 17:17 - 00000000 ____D () C:\Users\Kati\AppData\Local\{B0C594E1-1C40-46AD-9B29-7C5B4986A6E6}
2014-05-13 16:53 - 2014-05-13 16:54 - 00000000 ____D () C:\Users\Kati\AppData\Local\{98AC1C21-B103-44EE-AC7B-2C114FD85585}
2014-05-12 20:54 - 2014-05-12 20:54 - 00000000 ____D () C:\Users\Kati\AppData\Local\{BE16BDD7-B89C-4024-B9F6-AD6FF1E9E786}
2014-05-11 19:59 - 2014-05-11 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 19:46 - 2014-05-11 19:46 - 00000000 ____D () C:\Users\Kati\AppData\Local\{C2B4150E-0C6B-4799-9C08-B1E8DFC269ED}
2014-05-10 21:55 - 2014-05-10 21:55 - 00000000 ____D () C:\Users\Kati\AppData\Local\{9A0AD5CC-139C-491B-9266-50616B3EF2EC}
2014-05-09 17:57 - 2014-05-09 17:57 - 00000000 ____D () C:\Users\Kati\AppData\Local\{9C638A68-5F34-48C1-898B-3689CD978999}
2014-05-08 15:00 - 2014-05-08 15:00 - 00000000 ____D () C:\Users\Kati\AppData\Local\{B51A953C-DD2F-4FB8-AA87-F6AD0AFB9AC2}
2014-05-07 19:04 - 2014-05-16 08:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 19:04 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 19:04 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 19:04 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 19:04 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 19:04 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 19:04 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 19:04 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 19:04 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 19:04 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 19:04 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 19:04 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 19:04 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 19:04 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 19:04 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 19:04 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 19:04 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 19:04 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 19:04 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 19:04 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 19:04 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 19:04 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 19:04 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 19:04 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 19:04 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 19:04 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 19:04 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 19:04 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 19:04 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 19:04 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 19:04 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 19:04 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 19:04 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 19:04 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 19:04 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 19:04 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 19:04 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 19:04 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 19:04 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 19:04 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 19:04 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 19:04 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 19:04 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 19:04 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 19:04 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-07 19:02 - 2014-05-07 19:03 - 00000000 ____D () C:\Users\Kati\AppData\Local\{DFB33308-901D-4EAF-9C6E-A5DEA8364065}
2014-05-06 15:35 - 2014-05-06 15:35 - 00000000 ____D () C:\Users\Kati\AppData\Local\{01097470-E215-4F09-8B1E-B904D4356792}
2014-05-05 18:20 - 2014-05-05 18:20 - 00000000 ____D () C:\Users\Kati\AppData\Local\{8837D2BF-2261-45A5-975D-F775DFD9FD39}
2014-05-04 21:59 - 2014-05-04 21:59 - 00000000 ____D () C:\Users\Kati\AppData\Local\{30370F42-121E-48B3-B315-481D08085F3A}
2014-05-03 21:27 - 2014-05-03 21:28 - 00000000 ____D () C:\Users\Kati\AppData\Local\{DB63567F-3788-43B8-BCFB-ED07BD306540}
2014-05-03 02:36 - 2014-05-03 02:36 - 00000000 ____D () C:\Users\Kati\AppData\Local\{3CD5C54C-8659-40F2-AE16-BB7B404718E6}
2014-05-03 01:56 - 2014-05-03 01:56 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-05-03 01:56 - 2014-05-03 01:56 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-05-02 14:35 - 2014-05-02 14:36 - 00000000 ____D () C:\Users\Kati\AppData\Local\{DC60EB2C-B723-4FA9-A38E-31AC1A6775EA}
2014-05-01 13:21 - 2014-05-01 13:21 - 00000000 ____D () C:\Users\Kati\AppData\Local\{B1833989-708E-4FC2-AADF-908BFAC0A56F}
2014-04-30 18:53 - 2014-04-30 18:53 - 00000000 ____D () C:\Users\Kati\AppData\Local\{5EF441A7-91AC-4C8E-9DF8-3CA8C25B701E}
2014-04-29 16:21 - 2014-04-29 16:21 - 00000000 ____D () C:\Users\Kati\AppData\Local\{6AB88698-1939-4E66-BCF8-9C5E2800911A}
2014-04-28 17:05 - 2014-04-28 17:05 - 00128000 ____H () C:\Users\Kati\Desktop\photothumb.db
2014-04-28 17:04 - 2014-04-28 17:06 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\PhotoScape
2014-04-28 17:04 - 2014-04-28 17:04 - 00001039 _____ () C:\Users\Kati\Desktop\PhotoScape.lnk
2014-04-28 17:04 - 2014-04-28 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-04-28 17:03 - 2014-04-28 17:04 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\Security Systems
2014-04-28 17:03 - 2014-04-28 17:04 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-04-28 17:03 - 2014-04-28 17:03 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\BupSystem
2014-04-28 17:02 - 2014-04-28 17:03 - 21331096 _____ (Mooii) C:\Users\Kati\Desktop\PhotoScape_V3-6-5.exe
2014-04-28 17:00 - 2014-04-28 17:00 - 00386904 _____ (Softonic ) C:\Users\Kati\Downloads\SoftonicDownloader_fuer_photoscape.exe
2014-04-28 16:22 - 2014-04-28 16:22 - 00000000 ____D () C:\Users\Kati\AppData\Local\{E6EF1C33-8457-4043-B475-28B37C804CF7}
2014-04-27 12:51 - 2014-04-27 12:51 - 00000000 ____D () C:\Users\Kati\AppData\Local\{50566B36-6424-40FE-8E57-875DA3FE0D99}
2014-04-26 20:36 - 2014-04-26 20:36 - 00000000 ____D () C:\Users\Kati\AppData\Local\{3B71D42C-D487-4B7F-A90D-DF6ABC7D9BEE}
2014-04-26 02:43 - 2014-04-26 02:44 - 00000000 ____D () C:\Users\Kati\AppData\Local\{B4704FBF-46C6-4E83-9C9B-F811FBCF29C8}
2014-04-25 14:36 - 2014-04-25 14:37 - 00000000 ____D () C:\Users\Kati\AppData\Local\{3D4FFA91-C31D-42D3-98D3-55D24540A116}
2014-04-24 20:48 - 2014-04-24 20:48 - 00000000 ____D () C:\Users\Kati\AppData\Local\{6B75591B-A85D-449D-8566-C3803B21D41A}
2014-04-23 19:06 - 2014-04-23 19:06 - 00000000 ____D () C:\Users\Kati\AppData\Local\{05C9CB18-5353-481E-B307-AC526C8EAD50}
2014-04-22 17:25 - 2014-04-22 17:25 - 00000000 ____D () C:\Users\Kati\AppData\Local\{DEA26C1D-154A-44C1-B6B0-8D0C9CE3E56A}
2014-04-22 01:11 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-22 01:11 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-22 01:11 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-22 01:11 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-22 01:11 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-22 01:11 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-22 01:11 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-22 01:11 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-22 01:11 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-22 01:11 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-22 01:11 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-22 01:11 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-22 01:11 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-22 01:11 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-22 01:11 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-22 01:11 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-22 01:11 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-22 00:59 - 2014-04-22 00:59 - 00000000 ____D () C:\Users\Kati\AppData\Local\{5A0297BB-2640-42E9-B94D-6AD8D30F5957}
==================== One Month Modified Files and Folders =======
2014-05-18 14:33 - 2013-11-29 01:51 - 00019052 _____ () C:\Users\Kati\Downloads\FRST.txt
2014-05-18 14:32 - 2013-11-26 14:29 - 00000000 ____D () C:\FRST
2014-05-18 14:27 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 14:27 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 14:23 - 2014-05-18 14:23 - 02067456 _____ (Farbar) C:\Users\Kati\Downloads\FRST64(1).exe
2014-05-18 14:19 - 2012-09-20 19:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 14:08 - 2012-09-20 21:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 14:03 - 2013-07-24 18:55 - 01992708 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 13:50 - 2014-05-18 13:50 - 00000000 ____D () C:\Users\Kati\AppData\Local\{422F2530-3EF2-4E9C-A789-485C1206D1AC}
2014-05-18 13:36 - 2012-11-10 23:07 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\Spotify
2014-05-18 13:24 - 2012-09-20 22:19 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2548312011-2494454960-3164520827-1001UA.job
2014-05-18 13:06 - 2012-09-20 19:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 13:05 - 2012-09-21 13:58 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\SoftGrid Client
2014-05-18 12:34 - 2014-02-24 22:49 - 00000000 ____D () C:\Users\Kati\AppData\Local\Windows Live
2014-05-18 12:07 - 2011-05-16 16:04 - 00699794 _____ () C:\Windows\system32\perfh007.dat
2014-05-18 12:07 - 2011-05-16 16:04 - 00149644 _____ () C:\Windows\system32\perfc007.dat
2014-05-18 12:07 - 2009-07-14 07:13 - 01620836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 12:04 - 2014-01-27 22:53 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2014-05-18 12:03 - 2014-01-08 01:02 - 00000000 ___RD () C:\Users\Kati\Dropbox
2014-05-18 12:03 - 2014-01-08 01:00 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\Dropbox
2014-05-18 12:01 - 2014-01-27 22:53 - 00000478 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job
2014-05-18 12:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 12:01 - 2009-07-14 06:51 - 02331598 _____ () C:\Windows\setupact.log
2014-05-17 23:59 - 2014-05-17 23:57 - 00000000 ____D () C:\Users\Kati\Desktop\Fotos
2014-05-17 23:58 - 2014-05-17 23:56 - 00000000 ____D () C:\Users\Kati\Desktop\Kinderfotos
2014-05-17 23:55 - 2014-05-17 23:51 - 00000000 ____D () C:\Users\Kati\Downloads\Uni
2014-05-17 23:52 - 2013-11-24 21:13 - 00000000 ____D () C:\Users\Kati\Downloads\verschiedene Bilder
2014-05-17 22:24 - 2012-09-20 22:19 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2548312011-2494454960-3164520827-1001Core.job
2014-05-17 22:08 - 2014-05-17 22:08 - 00000000 ____D () C:\Users\Kati\AppData\Local\{4BE87CCE-750B-4228-B62E-246699B53E05}
2014-05-17 20:59 - 2014-05-17 20:59 - 00383343 _____ () C:\Users\Kati\Desktop\Report.htm
2014-05-17 20:58 - 2014-05-17 20:58 - 00000000 ____D () C:\Users\Kati\Documents\EVEREST Reports
2014-05-17 20:48 - 2012-09-23 18:09 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\Skype
2014-05-17 20:42 - 2014-05-17 20:41 - 215448505 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\wlane6221_inw7.exe
2014-05-17 20:42 - 2013-12-16 20:47 - 00000000 ____D () C:\Medion
2014-05-17 20:40 - 2014-05-17 20:40 - 18857054 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\tpde6221_se_wxpvstw7_32_64.exe
2014-05-17 20:40 - 2014-05-17 20:40 - 09144982 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\usb3e6221_e722xw7.exe
2014-05-17 20:40 - 2014-05-17 20:39 - 47783495 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\ske6221_e722x_cx_wxpw7(2).exe
2014-05-17 20:39 - 2014-05-17 20:39 - 31119378 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\mnme6221_e722xvstw7_w8.exe
2014-05-17 20:39 - 2014-05-17 20:39 - 02620971 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\lane6221_e722xxpvstw7.exe
2014-05-17 20:38 - 2014-05-17 20:38 - 10364287 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\keye6221_e722xw7w8(1).exe
2014-05-17 20:37 - 2014-05-17 20:34 - 195993064 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\vgae6221_e722x_in_w7_w8.exe
2014-05-17 20:34 - 2014-05-17 20:34 - 03987373 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\chpe6221_e722xxpvstw7.exe
2014-05-17 20:34 - 2014-05-17 20:34 - 01798895 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\bioe722x_p762x.exe
2014-05-17 20:34 - 2014-05-17 20:33 - 11290483 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\ahcie6221vstw7_w8.exe
2014-05-17 20:31 - 2014-05-17 20:31 - 10364287 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\keye6221_e722xw7w8.exe
2014-05-17 20:26 - 2014-05-17 20:26 - 47783495 _____ (SWE Sven Ritter ) C:\Users\Kati\Downloads\ske6221_e722x_cx_wxpw7(1).exe
2014-05-17 20:25 - 2014-05-17 20:25 - 00229008 _____ () C:\Users\Kati\Downloads\MEDION_Treibersuche.exe
2014-05-17 20:18 - 2014-05-17 20:18 - 00001130 _____ () C:\Users\Kati\Desktop\EVEREST Ultimate Edition.lnk
2014-05-17 20:18 - 2014-05-17 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2014-05-17 20:18 - 2014-05-17 20:18 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-05-17 20:17 - 2014-05-17 20:17 - 10255080 _____ (Lavalys, Inc. ) C:\Users\Kati\Downloads\everestultimate550.exe
2014-05-17 18:45 - 2014-05-17 18:20 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-05-17 18:43 - 2014-05-17 18:19 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\NCH Software
2014-05-17 18:20 - 2014-05-17 18:20 - 00001266 _____ () C:\Users\Public\Desktop\NCH Software.lnk
2014-05-17 18:20 - 2014-05-17 18:20 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2014-05-17 18:20 - 2014-05-17 18:20 - 00001154 _____ () C:\Users\Public\Desktop\Express Burn.lnk
2014-05-17 18:20 - 2014-05-17 18:20 - 00001154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2014-05-17 18:20 - 2014-05-17 18:20 - 00001142 _____ () C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2014-05-17 18:20 - 2014-05-17 18:20 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-05-17 18:20 - 2014-05-17 18:20 - 00000000 ____D () C:\ProgramData\NCH Software
2014-05-17 18:20 - 2014-05-17 18:19 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-17 18:19 - 2014-05-17 18:19 - 00001130 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2014-05-17 18:19 - 2014-05-17 18:19 - 00001118 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2014-05-17 18:19 - 2014-05-17 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-05-17 18:18 - 2014-05-17 18:18 - 00961360 _____ (Chip Digital GmbH) C:\Users\Kati\Downloads\Debut Video Capture - CHIP-Downloader.exe
2014-05-16 22:17 - 2014-05-16 22:17 - 00000000 ____D () C:\Users\Kati\AppData\Local\{2611705F-FCFF-44F2-9C4B-EC29E5A67B46}
2014-05-16 10:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 09:12 - 2013-01-07 00:52 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-16 09:12 - 2011-06-28 21:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 09:09 - 2014-05-16 09:09 - 00000000 ____D () C:\Users\Kati\AppData\Local\{69A1EF25-1F79-4775-BA26-5F9375FE9B95}
2014-05-16 09:06 - 2012-09-20 18:26 - 00000000 ___RD () C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 09:06 - 2012-09-20 18:26 - 00000000 ___RD () C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 08:55 - 2014-05-07 19:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 08:34 - 2013-07-29 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 08:31 - 2013-07-25 12:48 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-16 00:24 - 2012-09-20 19:21 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 15:18 - 2012-11-10 23:07 - 00000000 ____D () C:\Users\Kati\AppData\Local\Spotify
2014-05-15 14:18 - 2014-05-15 14:17 - 00000000 ____D () C:\Users\Kati\AppData\Local\{4DD5F804-7106-4564-8BC2-F943268098E6}
2014-05-14 19:25 - 2014-05-14 19:25 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\PDF Architect 2
2014-05-14 19:12 - 2014-05-14 19:12 - 00001021 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-05-14 19:12 - 2014-05-14 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-05-14 19:12 - 2014-05-14 19:11 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-05-14 19:12 - 2014-05-14 19:10 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-14 19:11 - 2014-05-14 19:11 - 00000000 ____D () C:\Users\Kati\Documents\PDF Architect 2
2014-05-14 19:10 - 2014-05-14 19:10 - 00001039 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-05-14 19:10 - 2014-05-14 19:10 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\pdfforge
2014-05-14 19:10 - 2014-05-14 19:10 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-05-14 19:10 - 2014-05-14 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-05-14 19:08 - 2014-05-14 19:07 - 27843432 _____ (pdfforge ) C:\Users\Kati\Downloads\PDFCreator-1_7_3_setup.exe
2014-05-14 17:08 - 2013-12-16 21:08 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 17:08 - 2012-09-20 21:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:08 - 2011-07-18 19:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 16:28 - 2014-05-14 16:28 - 00000000 ____D () C:\Users\Kati\AppData\Local\{AFF51EAF-1EEE-4D30-9A8D-532258456C17}
2014-05-14 16:06 - 2014-01-08 01:02 - 00001017 _____ () C:\Users\Kati\Desktop\Dropbox.lnk
2014-05-14 16:06 - 2014-01-08 01:01 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-13 17:17 - 2014-05-13 17:17 - 00000000 ____D () C:\Users\Kati\AppData\Local\{B0C594E1-1C40-46AD-9B29-7C5B4986A6E6}
2014-05-13 16:54 - 2014-05-13 16:53 - 00000000 ____D () C:\Users\Kati\AppData\Local\{98AC1C21-B103-44EE-AC7B-2C114FD85585}
2014-05-13 16:49 - 2014-01-29 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 20:54 - 2014-05-12 20:54 - 00000000 ____D () C:\Users\Kati\AppData\Local\{BE16BDD7-B89C-4024-B9F6-AD6FF1E9E786}
2014-05-11 22:59 - 2013-09-30 12:13 - 00000000 ____D () C:\Users\Kati\Documents\Citavi 4
2014-05-11 19:59 - 2014-05-11 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 19:46 - 2014-05-11 19:46 - 00000000 ____D () C:\Users\Kati\AppData\Local\{C2B4150E-0C6B-4799-9C08-B1E8DFC269ED}
2014-05-10 21:55 - 2014-05-10 21:55 - 00000000 ____D () C:\Users\Kati\AppData\Local\{9A0AD5CC-139C-491B-9266-50616B3EF2EC}
2014-05-09 17:57 - 2014-05-09 17:57 - 00000000 ____D () C:\Users\Kati\AppData\Local\{9C638A68-5F34-48C1-898B-3689CD978999}
2014-05-09 08:14 - 2014-05-15 14:27 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 14:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 15:00 - 2014-05-08 15:00 - 00000000 ____D () C:\Users\Kati\AppData\Local\{B51A953C-DD2F-4FB8-AA87-F6AD0AFB9AC2}
2014-05-07 20:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-07 19:03 - 2014-05-07 19:02 - 00000000 ____D () C:\Users\Kati\AppData\Local\{DFB33308-901D-4EAF-9C6E-A5DEA8364065}
2014-05-06 15:35 - 2014-05-06 15:35 - 00000000 ____D () C:\Users\Kati\AppData\Local\{01097470-E215-4F09-8B1E-B904D4356792}
2014-05-06 06:40 - 2014-05-16 08:35 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 08:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 08:35 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 08:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 08:35 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 08:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:14 - 2012-09-20 19:21 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-05 23:14 - 2012-09-20 19:21 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-05 18:20 - 2014-05-05 18:20 - 00000000 ____D () C:\Users\Kati\AppData\Local\{8837D2BF-2261-45A5-975D-F775DFD9FD39}
2014-05-04 21:59 - 2014-05-04 21:59 - 00000000 ____D () C:\Users\Kati\AppData\Local\{30370F42-121E-48B3-B315-481D08085F3A}
2014-05-03 21:28 - 2014-05-03 21:27 - 00000000 ____D () C:\Users\Kati\AppData\Local\{DB63567F-3788-43B8-BCFB-ED07BD306540}
2014-05-03 02:36 - 2014-05-03 02:36 - 00000000 ____D () C:\Users\Kati\AppData\Local\{3CD5C54C-8659-40F2-AE16-BB7B404718E6}
2014-05-03 01:56 - 2014-05-03 01:56 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-05-03 01:56 - 2014-05-03 01:56 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-05-03 01:55 - 2013-04-19 13:10 - 00000000 ____D () C:\ProgramData\Sony Ericsson
2014-05-03 01:55 - 2013-04-19 13:10 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson
2014-05-02 14:36 - 2014-05-02 14:35 - 00000000 ____D () C:\Users\Kati\AppData\Local\{DC60EB2C-B723-4FA9-A38E-31AC1A6775EA}
2014-05-01 13:21 - 2014-05-01 13:21 - 00000000 ____D () C:\Users\Kati\AppData\Local\{B1833989-708E-4FC2-AADF-908BFAC0A56F}
2014-04-30 18:53 - 2014-04-30 18:53 - 00000000 ____D () C:\Users\Kati\AppData\Local\{5EF441A7-91AC-4C8E-9DF8-3CA8C25B701E}
2014-04-29 16:21 - 2014-04-29 16:21 - 00000000 ____D () C:\Users\Kati\AppData\Local\{6AB88698-1939-4E66-BCF8-9C5E2800911A}
2014-04-28 17:06 - 2014-04-28 17:04 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\PhotoScape
2014-04-28 17:05 - 2014-04-28 17:05 - 00128000 ____H () C:\Users\Kati\Desktop\photothumb.db
2014-04-28 17:04 - 2014-04-28 17:04 - 00001039 _____ () C:\Users\Kati\Desktop\PhotoScape.lnk
2014-04-28 17:04 - 2014-04-28 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-04-28 17:04 - 2014-04-28 17:03 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\Security Systems
2014-04-28 17:04 - 2014-04-28 17:03 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-04-28 17:03 - 2014-04-28 17:03 - 00000000 ____D () C:\Users\Kati\AppData\Roaming\BupSystem
2014-04-28 17:03 - 2014-04-28 17:02 - 21331096 _____ (Mooii) C:\Users\Kati\Desktop\PhotoScape_V3-6-5.exe
2014-04-28 17:03 - 2012-09-20 18:26 - 00000000 ____D () C:\Users\Kati\AppData\Local\Google
2014-04-28 17:00 - 2014-04-28 17:00 - 00386904 _____ (Softonic ) C:\Users\Kati\Downloads\SoftonicDownloader_fuer_photoscape.exe
2014-04-28 16:22 - 2014-04-28 16:22 - 00000000 ____D () C:\Users\Kati\AppData\Local\{E6EF1C33-8457-4043-B475-28B37C804CF7}
2014-04-27 12:51 - 2014-04-27 12:51 - 00000000 ____D () C:\Users\Kati\AppData\Local\{50566B36-6424-40FE-8E57-875DA3FE0D99}
2014-04-26 20:36 - 2014-04-26 20:36 - 00000000 ____D () C:\Users\Kati\AppData\Local\{3B71D42C-D487-4B7F-A90D-DF6ABC7D9BEE}
2014-04-26 02:44 - 2014-04-26 02:43 - 00000000 ____D () C:\Users\Kati\AppData\Local\{B4704FBF-46C6-4E83-9C9B-F811FBCF29C8}
2014-04-25 17:44 - 2014-05-14 19:10 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-04-25 17:44 - 2014-05-14 19:10 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-04-25 17:44 - 2014-05-14 19:10 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-04-25 17:44 - 2014-05-14 19:10 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-04-25 17:44 - 2014-05-14 19:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-04-25 14:37 - 2014-04-25 14:36 - 00000000 ____D () C:\Users\Kati\AppData\Local\{3D4FFA91-C31D-42D3-98D3-55D24540A116}
2014-04-24 20:48 - 2014-04-24 20:48 - 00000000 ____D () C:\Users\Kati\AppData\Local\{6B75591B-A85D-449D-8566-C3803B21D41A}
2014-04-23 19:06 - 2014-04-23 19:06 - 00000000 ____D () C:\Users\Kati\AppData\Local\{05C9CB18-5353-481E-B307-AC526C8EAD50}
2014-04-22 17:25 - 2014-04-22 17:25 - 00000000 ____D () C:\Users\Kati\AppData\Local\{DEA26C1D-154A-44C1-B6B0-8D0C9CE3E56A}
2014-04-22 01:00 - 2011-07-18 18:45 - 00298486 _____ () C:\Windows\DPINST.LOG
2014-04-22 00:59 - 2014-04-22 00:59 - 00000000 ____D () C:\Users\Kati\AppData\Local\{5A0297BB-2640-42E9-B94D-6AD8D30F5957}
Some content of TEMP:
====================
C:\Users\Kati\AppData\Local\Temp\avgnt.exe
C:\Users\Kati\AppData\Local\Temp\burnsetup.exe
C:\Users\Kati\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0pu8zb.dll
C:\Users\Kati\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\Kati\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Kati\AppData\Local\Temp\Quarantine.exe
C:\Users\Kati\AppData\Local\Temp\sjy8mvbh.dll
C:\Users\Kati\AppData\Local\Temp\vpsetup.exe
C:\Users\Kati\AppData\Local\Temp\_is6454.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-15 14:26] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 20:47
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Kati at 2014-05-18 14:33:29
Running from C:\Users\Kati\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.8.1217.36096 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.1.0.3 - Swiss Academic Software)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
Druckerdeinstallation für EPSON BX305 Series (HKLM\...\EPSON BX305 Series) (Version: - SEIKO EPSON Corporation)
EPSON BX305 Series Handbuch (HKLM-x32\...\EPSON BX305 Series Manual) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxy Security (HKLM-x32\...\Foxy Security) (Version: - )
Free YouTube to MP3 Converter version 3.12.4.622 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.4.622 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Media Go (HKLM-x32\...\{8D92969D-A6A3-44C8-9D63-D377E94F44B5}) (Version: 2.6.205 - Sony)
Media Go Video Playback Engine 2.0.114.09020 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.114.09020 - Sony)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0032 - Pegatron Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
simplitec simplicheck (HKLM-x32\...\{DF103EDA-7937-4966-8EFB-5EF5C38301F2}) (Version: 1.3.9.0 - simplitec GmbH)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.6.201404170858 - Sony Mobile Communications AB)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.43 - NCH Software)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
11-05-2014 17:01:12 Windows-Sicherung
13-05-2014 15:43:54 Windows Update
14-05-2014 17:11:10 Installed PDF Architect 2 View Module
15-05-2014 23:55:09 Windows Update
17-05-2014 20:54:20 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-11-27 19:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {034DE29C-F314-4EF6-AA30-F41EA690459A} - System32\Tasks\{2F89727A-459E-4B4D-930C-BBE1BB2B89DA} => D:\DRIVERS\09 Hotkey\Hotkey_V1.00.0032\setup.exe [2007-04-05] (Macrovision Corporation)
Task: {0E6756EC-AB9F-457D-9E13-8B7E0DE552CE} - System32\Tasks\{C8B02F6F-26AA-4C1E-9F11-A74638E25655} => D:\DRIVERS\09 Hotkey\Hotkey_V1.00.0032\setup.exe [2007-04-05] (Macrovision Corporation)
Task: {1DDFF83B-A000-44B2-BABD-F93C569357AB} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {6909DD31-57AE-41BD-AC1D-5BB68BD52DF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-20] (Google Inc.)
Task: {72FBA1FA-6555-474E-839A-DE1345DDAEB2} - System32\Tasks\NCH Software\ExpressBurnSevenDays => C:\Program Files (x86)\NCH Software\ExpressBurn\ExpressBurn.exe [2013-10-22] (NCH Software)
Task: {7D992CC4-E9F7-45EE-BD1C-A7BAF9709211} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2548312011-2494454960-3164520827-1001Core => C:\Users\Kati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-20] (Facebook Inc.)
Task: {888E1D6E-F6CA-41D9-B12E-6AA1735CEABE} - System32\Tasks\NCH Software\VideoPadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2014-05-14] (NCH Software)
Task: {90ECD563-BF9E-4787-A09A-067D6B852D30} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {9315BE9E-067E-4E6D-8342-9AF58AA3CB58} - System32\Tasks\{1213522D-9C14-4C2F-92C8-B7642739D3F0} => D:\DRIVERS\09 Hotkey\Hotkey_V1.00.0032\setup.exe [2007-04-05] (Macrovision Corporation)
Task: {9419C930-531A-487B-AA2A-99024DC7722F} - System32\Tasks\{F45986F9-5137-4AEB-8D01-99429AFE06F1} => D:\DRIVERS\09 Hotkey\Hotkey_V1.00.0032\setup.exe [2007-04-05] (Macrovision Corporation)
Task: {A1B1F5E3-6EF9-401F-AD53-236250C780B5} - System32\Tasks\{AF42A676-BE29-4A78-8F78-1D534D9F6083} => D:\DRIVERS\09 Hotkey\Hotkey_V1.00.0032\setup.exe [2007-04-05] (Macrovision Corporation)
Task: {A6DCC19F-03AF-4EBF-8580-2B05A6868616} - System32\Tasks\{A7A76573-64B0-4C4E-8E1E-14D4EF6C8DFA} => D:\DRIVERS\09 Hotkey\Hotkey_V1.00.0032\setup.exe [2007-04-05] (Macrovision Corporation)
Task: {B9F43966-B617-4C1A-B8A5-3E2F75F89F93} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2548312011-2494454960-3164520827-1001UA => C:\Users\Kati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-20] (Facebook Inc.)
Task: {C121E428-A976-49B6-86CA-98384607FBAA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E6701FA2-AD4F-4801-B4FD-906F04400206} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-20] (Google Inc.)
Task: {EB68740B-AD6D-4AEB-84BD-22535DC745B1} - System32\Tasks\{1E1D7AC9-1B64-4443-B674-9C49CA794A03} => D:\DRIVERS\09 Hotkey\Hotkey_V1.00.0032\setup.exe [2007-04-05] (Macrovision Corporation)
Task: {ED7DCDD3-8E7C-43D6-AC25-91AF9B1E5A46} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files (x86)\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2548312011-2494454960-3164520827-1001Core.job => C:\Users\Kati\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2548312011-2494454960-3164520827-1001UA.job => C:\Users\Kati\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
==================== Loaded Modules (whitelisted) =============
2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-12-28 22:48 - 2010-10-06 18:46 - 00159752 ____R () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-07-18 18:12 - 2011-03-06 21:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-17 11:25 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2013-12-28 22:48 - 2010-01-12 18:36 - 00117256 ____R () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2013-12-28 22:48 - 2010-01-12 18:36 - 00121864 ____R () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2013-12-28 22:48 - 2010-12-01 12:36 - 00589320 ____R () C:\Program Files (x86)\PHotkey\PVDesktop.exe
2013-12-28 22:48 - 2010-12-01 12:37 - 00462344 ____R () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2013-09-25 00:35 - 2014-05-15 15:17 - 00598072 _____ () C:\Users\Kati\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2012-11-04 22:30 - 2012-09-19 20:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-28 17:04 - 2014-04-28 17:04 - 00374272 _____ () C:\Users\Kati\AppData\Roaming\BupSystem\sub\default.dll
2013-03-17 11:25 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-03-17 11:25 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-04-19 13:08 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-03-06 15:42 - 2014-03-06 15:42 - 00528384 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2012-11-10 23:07 - 2014-05-15 15:17 - 36966968 _____ () C:\Users\Kati\AppData\Roaming\Spotify\Data\libcef.dll
2014-05-18 12:02 - 2014-05-18 12:02 - 00041984 _____ () c:\users\kati\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0pu8zb.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Kati\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-12-28 22:48 - 2009-12-18 16:36 - 00973432 ____R () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-12-28 22:48 - 2009-12-18 16:41 - 00129544 ____R () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-09-25 00:35 - 2014-05-15 15:17 - 00886840 _____ () C:\Users\Kati\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-25 00:35 - 2014-05-15 15:17 - 00108600 _____ () C:\Users\Kati\AppData\Roaming\Spotify\Data\libegl.dll
2014-05-11 19:59 - 2014-05-11 19:59 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-13 17:27 - 2014-02-13 17:27 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-07-18 18:18 - 2010-11-06 08:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-14 17:08 - 2014-05-14 17:08 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/18/2014 00:02:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/17/2014 10:58:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/17/2014 10:58:36 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/17/2014 08:46:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/17/2014 08:45:55 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/17/2014 07:35:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 29.0.1.5239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1cec
Startzeit: 01cf71f2740894dd
Endzeit: 60
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: ac8d6dfc-dde9-11e3-9365-e840f22b5625
Error: (05/17/2014 07:07:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 29.0.1.5239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14e0
Startzeit: 01cf70d59421dcd1
Endzeit: 252
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: a46d7c2f-dde5-11e3-9365-e840f22b5625
Error: (05/16/2014 08:57:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 08:57:11 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/15/2014 03:18:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/18/2014 00:02:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/18/2014 00:02:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht.
Error: (05/18/2014 00:01:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASLDR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/18/2014 11:57:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (05/18/2014 11:57:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
Error: (05/17/2014 10:58:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASLDR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/17/2014 10:57:04 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (05/17/2014 08:45:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASLDR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/17/2014 11:14:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/17/2014 11:14:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WinHttpAutoProxySvc erreicht.
Microsoft Office Sessions:
=========================
Error: (05/18/2014 00:02:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/17/2014 10:58:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/17/2014 10:58:36 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/17/2014 08:46:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/17/2014 08:45:55 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/17/2014 07:35:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.52391cec01cf71f2740894dd60C:\Program Files (x86)\Mozilla Firefox\firefox.exeac8d6dfc-dde9-11e3-9365-e840f22b5625
Error: (05/17/2014 07:07:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.523914e001cf70d59421dcd1252C:\Program Files (x86)\Mozilla Firefox\firefox.exea46d7c2f-dde5-11e3-9365-e840f22b5625
Error: (05/16/2014 08:57:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 08:57:11 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/15/2014 03:18:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-11-27 18:30:17.824
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:30:17.777
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 57%
Total physical RAM: 4007.12 MB
Available physical RAM: 1704.9 MB
Total Pagefile: 8012.42 MB
Available Pagefile: 5114.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:414.66 GB) (Free:334.63 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:0.02 GB) NTFS
Drive e: (EPSON) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B2ED04DC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================ Ehm, ich war so intelligent den Stick beim Scan gar nicht dran gehabt zu haben. Ich mache dann nochmal nen Scan mit Stick und poste es neu :-) Sorry |