| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Plötzlich Ordner auf dem RechnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.05.2015, 10:59
| #1 |
 |  Plötzlich Ordner auf dem Rechner Guten Morgen bzw. Mittag, habe gerade durch Zufall entdeckt, dass sich plötzlich ein Neuer Ordner auf meinem Rechner befand. Allerdings nicht auf der Systempartition sondern auf D, die eigentlich nur mit Daten voll ist. Der Ordner wurde laut Eigenschaften heute morgen erstellt und ist leer. Habe ihn jetzt mal gelöscht, aber wäre doch interessant zu wissen, ob ich mir das irgendwas eingefangen habe. Macht es Sinn das WLAN-Passwort zu ändern? Oder lieber erst nach dem Scan ob alles okay ist? Achso: Avast und Malwarebytes haben nichts gefunden. Ergebnis des OTL Scans: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.05.2015 11:48:51 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17728) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 36,12% Memory free 7,71 Gb Paging File | 5,20 Gb Available in Paging File | 67,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 249,04 Gb Total Space | 87,16 Gb Free Space | 35,00% Space Free | Partition Type: NTFS Drive D: | 216,62 Gb Total Space | 44,74 Gb Free Space | 20,65% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 44,05 Gb Free Space | 4,73% Space Free | Partition Type: NTFS Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Andi\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\winamp.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\vis_milk2.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\vis_avs.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_local.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_pmp.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_disc.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_jumpex.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_wifi.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_ipod.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ombrowser.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_plg.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\dsp_sc.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_cloud.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_classicart.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_mp3.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_ff.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_ml.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_midi.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_android.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_mod.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_playlists.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\out_ds.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_wire.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_wm.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_cdda.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_online.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\dsp_sps.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_hotkeys.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_usb.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_nsv.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_skinmanager.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_vorbis.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_undo.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_timerestore.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_history.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_downloads.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_nopro.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_transcode.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_devices.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_tray.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\vis_nsfs.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_cloud.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\out_wave.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_crasher.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_autotag.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_wav.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_dshow.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_fhgaac.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\tagz.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\out_disk.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_wma.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_wave.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_flac.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_lame.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_rg.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_impex.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_bookmarks.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_mp4.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_avi.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_activesync.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_enqplay.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_wv.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_mkv.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\winampa.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_p4s.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_wav.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_vorbis.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_flac.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_njb.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_nowplaying.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_addons.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_swf.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_linein.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_flv.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\playlist.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\burnlib.lng () MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\auth.lng () MOD - C:\Program Files\AVAST Software\Avast\log.dll () MOD - C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll () MOD - C:\Users\Andi\AppData\Roaming\Thunderbird\Profiles\obvxzffo.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll () MOD - C:\Program Files\AVAST Software\Avast\libcef.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac () ========== Services (SafeList) ========== SRV:64bit: - (AvastVBoxSvc) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe File not found SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.) SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation) SRV:64bit: - (GfExperienceService) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (VBoxAswDrv) -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys File not found DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (Avast Software s.r.o.) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (Avast Software s.r.o.) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (Avast Software s.r.o.) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (Avast Software s.r.o.) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys () DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (Avast Software s.r.o.) DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation) DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 06 2A 32 8E B0 CE 01 [binary data] IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.region: "DE" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2 FF - prefs.js..extensions.enabledAddons: facepaste.firefox.addon%40azabani.com:2.8 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.18.1-signed FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.22.1-signed FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.2.0.187 FF - prefs.js..extensions.enabledAddons: zigboom%40ymail.com:2.3.7 FF - prefs.js..network.proxy.http: "www-proxy.t-online.de" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015.04.29 21:34:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015.04.22 09:05:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015.04.22 09:05:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.09.13 16:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions [2015.05.03 10:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\4zqaxbir.default\extensions [2013.11.26 18:30:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\4zqaxbir.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015.05.03 10:38:22 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\4zqaxbir.default\extensions\zigboom@ymail.com [2014.05.27 21:35:55 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\adblockpopups@jessehakanen.net.xpi [2015.04.11 17:05:39 | 000,008,860 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\facepaste.firefox.addon@azabani.com.xpi [2015.04.25 20:03:40 | 001,449,164 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\firefox@ghostery.com.xpi [2014.07.30 16:59:41 | 000,038,647 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2015.04.26 08:11:25 | 000,559,971 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015.05.01 18:50:00 | 000,123,476 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015.04.01 19:15:39 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015.04.26 08:11:25 | 000,665,939 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015.04.22 09:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015.04.22 09:05:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2015.04.29 21:34:12 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.08.29 21:08:36 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (Avast Software s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1129018005-183086456-2621111855-1000..\Run: [Spotify] C:\Users\Andi\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1129018005-183086456-2621111855-1000..\Run: [Spotify Web Helper] C:\Users\Andi\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16D925A1-593E-4875-8A61-10E3DF369911}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{491DD358-E061-403F-87AD-AEBE628B8A71}: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{678CD56A-61FA-4129-8AAF-E65A0A6E864E}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.09.16 12:50:54 | 000,000,040 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ] O33 - MountPoints2\{353f3bda-e01c-11e4-a82e-0024548915be}\Shell - "" = AutoRun O33 - MountPoints2\{353f3bda-e01c-11e4-a82e-0024548915be}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{353f3be9-e01c-11e4-a82e-0024548915be}\Shell - "" = AutoRun O33 - MountPoints2\{353f3be9-e01c-11e4-a82e-0024548915be}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.05.09 11:27:36 | 000,000,000 | -HSD | C] -- C:\Users\Andi\AppData\Local\EmieBrowserModeList [2015.05.09 08:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode [2015.05.08 20:56:44 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Spotify [2015.05.08 20:56:11 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Spotify [2015.05.05 19:26:08 | 005,569,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2015.05.05 19:26:08 | 001,254,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll [2015.05.05 19:26:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll [2015.05.05 19:26:07 | 003,989,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2015.05.05 19:26:07 | 003,934,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2015.05.05 19:26:07 | 001,728,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2015.05.05 19:26:07 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2015.05.05 19:26:07 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2015.05.05 19:26:07 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2015.05.05 19:26:07 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2015.05.05 19:26:06 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2015.05.05 19:26:06 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2015.05.05 19:26:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2015.05.05 19:26:06 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe [2015.05.05 19:26:06 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe [2015.05.05 19:26:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2015.05.05 19:26:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2015.05.05 19:26:06 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2015.05.05 19:26:06 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe [2015.05.05 19:26:06 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2015.05.05 19:26:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2015.05.05 19:26:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2015.05.05 19:26:06 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll [2015.05.05 19:26:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2015.05.05 19:26:06 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe [2015.05.05 19:26:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe [2015.05.05 19:26:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe [2015.05.05 19:26:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll [2015.05.05 19:26:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe [2015.05.05 19:26:06 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe [2015.05.05 19:26:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2015.05.05 19:26:06 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe [2015.05.05 19:26:06 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe [2015.05.05 19:26:06 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe [2015.05.05 19:26:06 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2015.05.05 19:26:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2015.05.05 19:26:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2015.05.05 19:26:06 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe [2015.05.05 19:26:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe [2015.05.05 19:26:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2015.05.05 19:26:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2015.05.05 19:26:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2015.05.05 19:26:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2015.05.05 19:26:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2015.05.05 19:26:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2015.05.05 19:26:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2015.05.05 19:26:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2015.05.05 19:26:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2015.05.05 19:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2015.05.05 19:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2015.05.05 19:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2015.05.05 19:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2015.05.05 19:26:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2015.05.05 19:26:05 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll [2015.05.05 19:26:05 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll [2015.05.05 19:26:05 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll [2015.05.05 19:26:05 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll [2015.05.05 19:26:05 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll [2015.05.05 19:26:05 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll [2015.05.05 19:26:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2015.05.05 19:26:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2015.05.05 19:26:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2015.05.05 19:26:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2015.05.05 19:26:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2015.05.05 19:26:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2015.05.05 19:26:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2015.05.05 19:26:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2015.05.05 19:26:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2015.05.05 19:22:55 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\.elfohilfe [2015.04.29 21:34:15 | 000,364,472 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\aswBoot.exe [2015.04.29 21:34:13 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr [2015.04.29 21:30:25 | 001,632,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll [2015.04.29 21:30:25 | 001,372,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll [2015.04.29 21:30:25 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmapi.dll [2015.04.29 21:30:15 | 002,543,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll [2015.04.29 21:30:14 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2015.04.29 21:30:14 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2015.04.29 21:30:12 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll [2015.04.29 21:30:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe [2015.04.29 21:30:12 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe [2015.04.29 21:30:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll [2015.04.22 09:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2015.04.15 16:15:20 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2015.04.15 16:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2015.04.15 07:22:57 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2015.04.15 07:22:57 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015.04.15 07:22:57 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015.04.15 07:22:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2015.04.15 07:22:57 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2015.04.15 07:22:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2015.04.15 07:22:56 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2015.04.15 07:22:56 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2015.04.15 07:22:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2015.04.15 07:22:56 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2015.04.15 07:22:54 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015.04.15 07:22:54 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2015.04.15 07:22:54 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2015.04.15 07:22:54 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2015.04.15 07:22:54 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2015.04.15 07:22:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2015.04.15 07:22:53 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2015.04.15 07:22:53 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2015.04.15 07:22:53 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2015.04.15 07:22:53 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2015.04.15 07:22:52 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2015.04.15 07:22:52 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2015.04.15 07:22:52 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2015.04.15 07:22:51 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2015.04.15 07:22:51 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2015.04.15 07:22:50 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2015.04.15 07:22:50 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2015.04.15 07:22:50 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2015.04.15 07:22:50 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2015.04.15 07:22:49 | 006,025,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2015.04.15 07:22:49 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2015.04.15 07:22:49 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2015.04.15 07:22:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2015.04.15 07:22:48 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2015.04.15 07:22:48 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2015.04.15 07:22:48 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2015.04.15 07:22:47 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2015.04.15 07:21:18 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2015.04.15 07:21:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2015.04.15 07:21:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2015.04.15 07:20:33 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clfsw32.dll [2015.04.15 07:20:33 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll [2015.04.11 18:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ZDSupport [2015.04.11 09:27:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser [2015.04.11 08:51:13 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe [2015.04.11 08:51:13 | 000,957,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll [2015.04.11 08:51:13 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll [2015.04.11 08:51:13 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll [2015.04.11 08:51:13 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll [2015.04.11 08:51:13 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll [2015.04.11 08:51:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll [2015.04.11 08:51:12 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2015.04.11 08:51:12 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2015.04.11 08:51:01 | 003,298,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2015.04.11 08:51:01 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2015.04.11 08:51:01 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2015.04.11 08:51:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2015.04.11 08:51:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2015.04.11 08:51:01 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2015.04.11 08:51:01 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll [2015.04.11 08:51:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2015.04.11 08:51:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2015.04.11 08:51:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2015.04.11 08:51:00 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2015.04.11 08:51:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2015.04.11 08:51:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2015.04.11 08:51:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2015.04.11 08:51:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll [2014.04.09 11:48:46 | 000,237,568 | ---- | C] (www.CompulsiveCode.com) -- C:\Program Files (x86)\JPEGtoPDF37.exe [2013.12.23 20:26:57 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Andi\AppData\Roaming\pcouffin.sys [2013.08.17 16:44:04 | 000,812,544 | ---- | C] (Big Bang enterprises) -- C:\Program Files (x86)\DoubleKiller.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.05.09 11:27:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015.05.09 11:15:58 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.05.09 08:57:07 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015.05.09 08:57:07 | 000,699,666 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2015.05.09 08:57:07 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015.05.09 08:57:07 | 000,149,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2015.05.09 08:57:07 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015.05.09 07:41:43 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015.05.09 07:41:43 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015.05.09 07:35:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.05.08 20:56:43 | 000,001,762 | ---- | M] () -- C:\Users\Andi\Desktop\Spotify.lnk [2015.04.29 21:34:14 | 000,442,264 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswSP.sys [2015.04.29 21:34:14 | 000,364,472 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\aswBoot.exe [2015.04.29 21:34:14 | 000,272,248 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2015.04.29 21:34:14 | 000,137,288 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswStm.sys [2015.04.29 21:34:14 | 000,093,528 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2015.04.29 21:34:14 | 000,089,944 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2015.04.29 21:34:14 | 000,065,736 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2015.04.29 21:34:14 | 000,029,168 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2015.04.29 21:34:13 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr [2015.04.29 21:34:12 | 001,047,320 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswSnx.sys [2015.04.27 21:28:36 | 005,569,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2015.04.27 21:26:21 | 001,728,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2015.04.27 21:23:45 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2015.04.27 21:23:45 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2015.04.27 21:23:45 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2015.04.27 21:23:45 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2015.04.27 21:23:32 | 001,254,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll [2015.04.27 21:23:29 | 000,879,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2015.04.27 21:23:29 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2015.04.27 21:23:29 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2015.04.27 21:23:27 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2015.04.27 21:23:27 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll [2015.04.27 21:23:26 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll [2015.04.27 21:23:26 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2015.04.27 21:23:22 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2015.04.27 21:23:22 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2015.04.27 21:23:19 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2015.04.27 21:23:19 | 001,162,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2015.04.27 21:23:19 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2015.04.27 21:23:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2015.04.27 21:23:11 | 000,879,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2015.04.27 21:22:57 | 000,404,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe [2015.04.27 21:22:57 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe [2015.04.27 21:22:53 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2015.04.27 21:22:47 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe [2015.04.27 21:22:46 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe [2015.04.27 21:22:34 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe [2015.04.27 21:22:26 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe [2015.04.27 21:22:08 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2015.04.27 21:21:37 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe [2015.04.27 21:18:37 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll [2015.04.27 21:18:25 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll [2015.04.27 21:16:38 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2015.04.27 21:16:37 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2015.04.27 21:16:37 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2015.04.27 21:16:37 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2015.04.27 21:16:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2015.04.27 21:16:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2015.04.27 21:16:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2015.04.27 21:16:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2015.04.27 21:16:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2015.04.27 21:16:36 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2015.04.27 21:16:36 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2015.04.27 21:16:33 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll [2015.04.27 21:11:55 | 003,934,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2015.04.27 21:11:54 | 003,989,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2015.04.27 21:05:34 | 000,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2015.04.27 21:05:19 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2015.04.27 21:04:24 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe [2015.04.27 21:04:24 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe [2015.04.27 21:04:19 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2015.04.27 21:04:12 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe [2015.04.27 21:04:04 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe [2015.04.27 21:03:58 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe [2015.04.27 21:03:52 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe [2015.04.27 21:03:36 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2015.04.27 21:01:33 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll [2015.04.27 21:01:22 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll [2015.04.27 20:59:41 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2015.04.27 20:59:41 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2015.04.27 20:59:41 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2015.04.27 20:59:41 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2015.04.27 20:59:41 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2015.04.27 20:59:41 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2015.04.27 20:59:41 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2015.04.27 20:59:41 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2015.04.27 20:59:41 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2015.04.27 20:59:41 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2015.04.27 20:59:41 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2015.04.27 20:59:41 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2015.04.27 20:59:41 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2015.04.27 20:59:41 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2015.04.27 20:59:40 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2015.04.27 20:59:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2015.04.27 20:59:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2015.04.27 20:59:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2015.04.27 20:59:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2015.04.27 20:59:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2015.04.27 20:59:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2015.04.27 20:59:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2015.04.27 20:59:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2015.04.27 20:59:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2015.04.27 20:59:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2015.04.27 20:59:36 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll [2015.04.27 20:06:48 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll [2015.04.27 19:57:32 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2015.04.27 19:57:31 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2015.04.27 19:55:03 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2015.04.27 19:55:03 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2015.04.27 19:55:03 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2015.04.27 19:55:03 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2015.04.15 16:16:16 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2015.04.15 16:16:16 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2015.04.15 16:15:04 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2015.04.15 07:29:42 | 001,594,892 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.05.08 20:56:43 | 000,001,762 | ---- | C] () -- C:\Users\Andi\Desktop\Spotify.lnk [2015.05.08 20:56:43 | 000,001,748 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2015.04.15 07:22:57 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2015.04.15 07:22:56 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2015.03.30 18:45:43 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2014.03.03 16:06:06 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2014.03.01 18:31:40 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2014.03.01 18:31:40 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2014.03.01 18:31:40 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2014.03.01 18:31:40 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2014.03.01 18:31:40 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2014.03.01 18:31:40 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll [2014.01.23 18:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2014.01.23 18:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2014.01.23 18:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2014.01.23 18:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2013.12.23 20:26:57 | 000,099,384 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\inst.exe [2013.12.23 20:26:57 | 000,007,859 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\pcouffin.cat [2013.12.23 20:26:57 | 000,001,167 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\pcouffin.inf [2013.09.20 23:26:57 | 000,030,208 | ---- | C] () -- C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.09.16 12:50:44 | 001,571,160 | ---- | C] () -- C:\Windows\TotalUninstaller.exe [2013.09.13 16:58:34 | 001,594,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.08.05 08:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2013.08.05 08:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.02.13 07:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.06.18 18:21:30 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\AVAST Software [2014.03.12 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\AVG [2013.11.14 11:53:02 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\BANDISOFT [2015.04.06 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Battle.net [2013.09.13 18:26:17 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Boilsoft [2014.03.25 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\calibre [2013.12.22 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Canneverbe Limited [2015.05.06 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools Lite [2015.02.25 17:24:06 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\elsterformular [2015.02.10 16:58:25 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\FileZilla [2014.04.03 21:13:37 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\IrfanView [2013.11.09 17:02:23 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\KRKsoft [2013.10.22 15:54:34 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\OfficeRecovery [2013.09.13 22:07:30 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\OpenOffice [2013.09.27 12:54:31 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Oracle [2014.04.15 14:25:25 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Samsung [2015.05.09 11:12:26 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Spotify [2014.09.05 21:52:16 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Steam [2013.09.13 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Thunderbird [2014.09.06 22:33:18 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TumblRipper2 [2014.03.12 12:56:34 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TuneUp Software [2014.03.01 21:31:19 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ulead Systems [2013.12.24 11:42:55 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Vso [2014.04.03 21:13:37 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\XMedia Recode [2014.03.24 10:28:41 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2014.03.24 10:28:41 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Geändert von sniper2013 (09.05.2015 um 10:41 Uhr) |
| Themen zu Plötzlich Ordner auf dem Rechner |
| daten, eigenschaften, eingefangen, entdeck, entdeckt, erstell, erstellt, gefangen, gelöscht, guten, heute, interessant, lieber, morgen, neuer, ordner, plötzlich, rechner, scan, schaf, systempartition, tracker, voll, wissen, zufall, ändern |
Baum-Darstellung