Trojaner-Board - Plötzlich Ordner auf dem Rechner

Guten Morgen bzw. Mittag,

habe gerade durch Zufall entdeckt, dass sich plötzlich ein Neuer Ordner auf meinem Rechner befand. Allerdings nicht auf der Systempartition sondern auf D, die eigentlich nur mit Daten voll ist. Der Ordner wurde laut Eigenschaften heute morgen erstellt und ist leer.
Habe ihn jetzt mal gelöscht, aber wäre doch interessant zu wissen, ob ich mir das irgendwas eingefangen habe.
Macht es Sinn das WLAN-Passwort zu ändern? Oder lieber erst nach dem Scan ob alles okay ist?

Achso: Avast und Malwarebytes haben nichts gefunden.

Ergebnis des OTL Scans:

OTL Logfile:

Code:

OTL logfile created on: 09.05.2015 11:48:51 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17728)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,86 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 36,12% Memory free

7,71 Gb Paging File | 5,20 Gb Available in Paging File | 67,40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 249,04 Gb Total Space | 87,16 Gb Free Space | 35,00% Space Free | Partition Type: NTFS

Drive D: | 216,62 Gb Total Space | 44,74 Gb Free Space | 20,65% Space Free | Partition Type: NTFS

Drive H: | 931,51 Gb Total Space | 44,05 Gb Free Space | 4,73% Space Free | Partition Type: NTFS

 

Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\Andi\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)

PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)

PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\winamp.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\vis_milk2.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\vis_avs.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_local.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_pmp.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_disc.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_jumpex.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_wifi.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_ipod.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ombrowser.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_plg.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\dsp_sc.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_cloud.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_classicart.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_mp3.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_ff.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_ml.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_midi.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_android.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_mod.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_playlists.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\out_ds.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_wire.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_wm.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_cdda.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_online.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\dsp_sps.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_hotkeys.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_usb.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_nsv.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_skinmanager.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_vorbis.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_undo.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_timerestore.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_history.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_downloads.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_nopro.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_transcode.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_devices.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_tray.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\vis_nsfs.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_cloud.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\out_wave.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\gen_crasher.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_autotag.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_wav.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_dshow.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_fhgaac.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\tagz.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\out_disk.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_wma.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_wave.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_flac.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_lame.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_rg.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_impex.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_bookmarks.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_mp4.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_avi.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_activesync.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_enqplay.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_wv.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_mkv.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\winampa.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_p4s.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_wav.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_vorbis.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\enc_flac.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\pmp_njb.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_nowplaying.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\ml_addons.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_swf.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_linein.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\in_flv.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\playlist.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\burnlib.lng ()

MOD - C:\Users\Andi\AppData\Local\Temp\WDE90AD.tmp\auth.lng ()

MOD - C:\Program Files\AVAST Software\Avast\log.dll ()

MOD - C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll ()

MOD - C:\Users\Andi\AppData\Roaming\Thunderbird\Profiles\obvxzffo.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll ()

MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()

MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()

MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()

MOD - C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ()

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()

MOD - C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AvastVBoxSvc) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe File not found

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.)

SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)

SRV:64bit: - (GfExperienceService) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation)

SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)

SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (VBoxAswDrv) -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys File not found

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (Avast Software s.r.o.)

DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()

DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (Avast Software s.r.o.)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (Avast Software s.r.o.)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (Avast Software s.r.o.)

DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()

DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (Avast Software s.r.o.)

DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)

DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 06 2A 32 8E B0 CE 01  [binary data]

IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

IE - HKU\S-1-5-21-1129018005-183086456-2621111855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.countryCode: "DE"

FF - prefs.js..browser.search.isUS: false

FF - prefs.js..browser.search.region: "DE"

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118

FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2

FF - prefs.js..extensions.enabledAddons: facepaste.firefox.addon%40azabani.com:2.8

FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.18.1-signed

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.22.1-signed

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.2.0.187

FF - prefs.js..extensions.enabledAddons: zigboom%40ymail.com:2.3.7

FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)

FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015.04.29 21:34:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015.04.22 09:05:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015.04.22 09:05:20 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2013.09.13 16:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions

[2015.05.03 10:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\4zqaxbir.default\extensions

[2013.11.26 18:30:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\4zqaxbir.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2015.05.03 10:38:22 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\4zqaxbir.default\extensions\zigboom@ymail.com

[2014.05.27 21:35:55 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\adblockpopups@jessehakanen.net.xpi

[2015.04.11 17:05:39 | 000,008,860 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\facepaste.firefox.addon@azabani.com.xpi

[2015.04.25 20:03:40 | 001,449,164 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\firefox@ghostery.com.xpi

[2014.07.30 16:59:41 | 000,038,647 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi

[2015.04.26 08:11:25 | 000,559,971 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2015.05.01 18:50:00 | 000,123,476 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi

[2015.04.01 19:15:39 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2015.04.26 08:11:25 | 000,665,939 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

[2015.04.22 09:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2015.04.22 09:05:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2015.04.29 21:34:12 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2013.08.29 21:08:36 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (Avast Software s.r.o.)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1129018005-183086456-2621111855-1000..\Run: [Spotify] C:\Users\Andi\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-1129018005-183086456-2621111855-1000..\Run: [Spotify Web Helper] C:\Users\Andi\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16D925A1-593E-4875-8A61-10E3DF369911}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{491DD358-E061-403F-87AD-AEBE628B8A71}: DhcpNameServer = 192.168.0.1 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{678CD56A-61FA-4129-8AAF-E65A0A6E864E}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013.09.16 12:50:54 | 000,000,040 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]

O33 - MountPoints2\{353f3bda-e01c-11e4-a82e-0024548915be}\Shell - "" = AutoRun

O33 - MountPoints2\{353f3bda-e01c-11e4-a82e-0024548915be}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{353f3be9-e01c-11e4-a82e-0024548915be}\Shell - "" = AutoRun

O33 - MountPoints2\{353f3be9-e01c-11e4-a82e-0024548915be}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2015.05.09 11:27:36 | 000,000,000 | -HSD | C] -- C:\Users\Andi\AppData\Local\EmieBrowserModeList

[2015.05.09 08:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode

[2015.05.08 20:56:44 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Spotify

[2015.05.08 20:56:11 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Spotify

[2015.05.05 19:26:08 | 005,569,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2015.05.05 19:26:08 | 001,254,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll

[2015.05.05 19:26:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll

[2015.05.05 19:26:07 | 003,989,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2015.05.05 19:26:07 | 003,934,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2015.05.05 19:26:07 | 001,728,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2015.05.05 19:26:07 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2015.05.05 19:26:07 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll

[2015.05.05 19:26:07 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll

[2015.05.05 19:26:07 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll

[2015.05.05 19:26:06 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2015.05.05 19:26:06 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2015.05.05 19:26:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2015.05.05 19:26:06 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe

[2015.05.05 19:26:06 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe

[2015.05.05 19:26:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2015.05.05 19:26:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2015.05.05 19:26:06 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2015.05.05 19:26:06 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe

[2015.05.05 19:26:06 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2015.05.05 19:26:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2015.05.05 19:26:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2015.05.05 19:26:06 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll

[2015.05.05 19:26:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2015.05.05 19:26:06 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe

[2015.05.05 19:26:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe

[2015.05.05 19:26:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe

[2015.05.05 19:26:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll

[2015.05.05 19:26:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe

[2015.05.05 19:26:06 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe

[2015.05.05 19:26:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2015.05.05 19:26:06 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe

[2015.05.05 19:26:06 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe

[2015.05.05 19:26:06 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe

[2015.05.05 19:26:06 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2015.05.05 19:26:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2015.05.05 19:26:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2015.05.05 19:26:06 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe

[2015.05.05 19:26:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe

[2015.05.05 19:26:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2015.05.05 19:26:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2015.05.05 19:26:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2015.05.05 19:26:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2015.05.05 19:26:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2015.05.05 19:26:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2015.05.05 19:26:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2015.05.05 19:26:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2015.05.05 19:26:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2015.05.05 19:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2015.05.05 19:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2015.05.05 19:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2015.05.05 19:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2015.05.05 19:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2015.05.05 19:26:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2015.05.05 19:26:05 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll

[2015.05.05 19:26:05 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll

[2015.05.05 19:26:05 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll

[2015.05.05 19:26:05 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll

[2015.05.05 19:26:05 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll

[2015.05.05 19:26:05 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll

[2015.05.05 19:26:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2015.05.05 19:26:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2015.05.05 19:26:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll

[2015.05.05 19:26:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2015.05.05 19:26:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2015.05.05 19:26:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2015.05.05 19:26:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2015.05.05 19:26:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2015.05.05 19:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2015.05.05 19:26:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2015.05.05 19:22:55 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\.elfohilfe

[2015.04.29 21:34:15 | 000,364,472 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\aswBoot.exe

[2015.04.29 21:34:13 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr

[2015.04.29 21:30:25 | 001,632,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll

[2015.04.29 21:30:25 | 001,372,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll

[2015.04.29 21:30:25 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmapi.dll

[2015.04.29 21:30:15 | 002,543,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll

[2015.04.29 21:30:14 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2015.04.29 21:30:14 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2015.04.29 21:30:12 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll

[2015.04.29 21:30:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe

[2015.04.29 21:30:12 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe

[2015.04.29 21:30:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll

[2015.04.22 09:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2015.04.15 16:15:20 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2015.04.15 16:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2015.04.15 07:22:57 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe

[2015.04.15 07:22:57 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2015.04.15 07:22:57 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll

[2015.04.15 07:22:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll

[2015.04.15 07:22:57 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2015.04.15 07:22:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2015.04.15 07:22:56 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2015.04.15 07:22:56 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll

[2015.04.15 07:22:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2015.04.15 07:22:56 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2015.04.15 07:22:54 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2015.04.15 07:22:54 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2015.04.15 07:22:54 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2015.04.15 07:22:54 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2015.04.15 07:22:54 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2015.04.15 07:22:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll

[2015.04.15 07:22:53 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2015.04.15 07:22:53 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2015.04.15 07:22:53 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2015.04.15 07:22:53 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2015.04.15 07:22:52 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2015.04.15 07:22:52 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2015.04.15 07:22:52 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2015.04.15 07:22:51 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2015.04.15 07:22:51 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2015.04.15 07:22:50 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2015.04.15 07:22:50 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2015.04.15 07:22:50 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2015.04.15 07:22:50 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2015.04.15 07:22:49 | 006,025,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2015.04.15 07:22:49 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2015.04.15 07:22:49 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll

[2015.04.15 07:22:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2015.04.15 07:22:48 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2015.04.15 07:22:48 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2015.04.15 07:22:48 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll

[2015.04.15 07:22:47 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2015.04.15 07:21:18 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll

[2015.04.15 07:21:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2015.04.15 07:21:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2015.04.15 07:20:33 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clfsw32.dll

[2015.04.15 07:20:33 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll

[2015.04.11 18:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ZDSupport

[2015.04.11 09:27:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser

[2015.04.11 08:51:13 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe

[2015.04.11 08:51:13 | 000,957,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll

[2015.04.11 08:51:13 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll

[2015.04.11 08:51:13 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll

[2015.04.11 08:51:13 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll

[2015.04.11 08:51:13 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll

[2015.04.11 08:51:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll

[2015.04.11 08:51:12 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

[2015.04.11 08:51:12 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2015.04.11 08:51:01 | 003,298,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2015.04.11 08:51:01 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2015.04.11 08:51:01 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll

[2015.04.11 08:51:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll

[2015.04.11 08:51:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2015.04.11 08:51:01 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll

[2015.04.11 08:51:01 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll

[2015.04.11 08:51:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2015.04.11 08:51:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe

[2015.04.11 08:51:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll

[2015.04.11 08:51:00 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2015.04.11 08:51:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2015.04.11 08:51:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2015.04.11 08:51:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2015.04.11 08:51:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll

[2014.04.09 11:48:46 | 000,237,568 | ---- | C] (www.CompulsiveCode.com) -- C:\Program Files (x86)\JPEGtoPDF37.exe

[2013.12.23 20:26:57 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Andi\AppData\Roaming\pcouffin.sys

[2013.08.17 16:44:04 | 000,812,544 | ---- | C] (Big Bang enterprises) -- C:\Program Files (x86)\DoubleKiller.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2015.05.09 11:27:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2015.05.09 11:15:58 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2015.05.09 08:57:07 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2015.05.09 08:57:07 | 000,699,666 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2015.05.09 08:57:07 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2015.05.09 08:57:07 | 000,149,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2015.05.09 08:57:07 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2015.05.09 07:41:43 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2015.05.09 07:41:43 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2015.05.09 07:35:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2015.05.08 20:56:43 | 000,001,762 | ---- | M] () -- C:\Users\Andi\Desktop\Spotify.lnk

[2015.04.29 21:34:14 | 000,442,264 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswSP.sys

[2015.04.29 21:34:14 | 000,364,472 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\aswBoot.exe

[2015.04.29 21:34:14 | 000,272,248 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2015.04.29 21:34:14 | 000,137,288 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswStm.sys

[2015.04.29 21:34:14 | 000,093,528 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2015.04.29 21:34:14 | 000,089,944 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2015.04.29 21:34:14 | 000,065,736 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2015.04.29 21:34:14 | 000,029,168 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys

[2015.04.29 21:34:13 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr

[2015.04.29 21:34:12 | 001,047,320 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2015.04.27 21:28:36 | 005,569,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2015.04.27 21:26:21 | 001,728,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2015.04.27 21:23:45 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2015.04.27 21:23:45 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2015.04.27 21:23:45 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2015.04.27 21:23:45 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2015.04.27 21:23:32 | 001,254,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll

[2015.04.27 21:23:29 | 000,879,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll

[2015.04.27 21:23:29 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2015.04.27 21:23:29 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2015.04.27 21:23:27 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2015.04.27 21:23:27 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll

[2015.04.27 21:23:26 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll

[2015.04.27 21:23:26 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2015.04.27 21:23:22 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2015.04.27 21:23:22 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2015.04.27 21:23:19 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2015.04.27 21:23:19 | 001,162,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2015.04.27 21:23:19 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2015.04.27 21:23:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2015.04.27 21:23:11 | 000,879,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll

[2015.04.27 21:22:57 | 000,404,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe

[2015.04.27 21:22:57 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe

[2015.04.27 21:22:53 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2015.04.27 21:22:47 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe

[2015.04.27 21:22:46 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe

[2015.04.27 21:22:34 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe

[2015.04.27 21:22:26 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe

[2015.04.27 21:22:08 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2015.04.27 21:21:37 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe

[2015.04.27 21:18:37 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll

[2015.04.27 21:18:25 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll

[2015.04.27 21:16:38 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll

[2015.04.27 21:16:37 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2015.04.27 21:16:37 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2015.04.27 21:16:37 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2015.04.27 21:16:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2015.04.27 21:16:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2015.04.27 21:16:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2015.04.27 21:16:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2015.04.27 21:16:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2015.04.27 21:16:36 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2015.04.27 21:16:36 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2015.04.27 21:16:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2015.04.27 21:16:33 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll

[2015.04.27 21:11:55 | 003,934,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2015.04.27 21:11:54 | 003,989,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2015.04.27 21:05:34 | 000,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll

[2015.04.27 21:05:19 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2015.04.27 21:04:24 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe

[2015.04.27 21:04:24 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe

[2015.04.27 21:04:19 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2015.04.27 21:04:12 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe

[2015.04.27 21:04:04 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe

[2015.04.27 21:03:58 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe

[2015.04.27 21:03:52 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe

[2015.04.27 21:03:36 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2015.04.27 21:01:33 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll

[2015.04.27 21:01:22 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll

[2015.04.27 20:59:41 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2015.04.27 20:59:41 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2015.04.27 20:59:41 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2015.04.27 20:59:41 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2015.04.27 20:59:41 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2015.04.27 20:59:41 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2015.04.27 20:59:41 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2015.04.27 20:59:41 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2015.04.27 20:59:41 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2015.04.27 20:59:41 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2015.04.27 20:59:41 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2015.04.27 20:59:41 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2015.04.27 20:59:41 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2015.04.27 20:59:41 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2015.04.27 20:59:40 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2015.04.27 20:59:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2015.04.27 20:59:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2015.04.27 20:59:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2015.04.27 20:59:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2015.04.27 20:59:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2015.04.27 20:59:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2015.04.27 20:59:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2015.04.27 20:59:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2015.04.27 20:59:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2015.04.27 20:59:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2015.04.27 20:59:36 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll

[2015.04.27 20:06:48 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll

[2015.04.27 19:57:32 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2015.04.27 19:57:31 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2015.04.27 19:55:03 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2015.04.27 19:55:03 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2015.04.27 19:55:03 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2015.04.27 19:55:03 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2015.04.15 16:16:16 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2015.04.15 16:16:16 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2015.04.15 16:15:04 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2015.04.15 07:29:42 | 001,594,892 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2015.05.08 20:56:43 | 000,001,762 | ---- | C] () -- C:\Users\Andi\Desktop\Spotify.lnk

[2015.05.08 20:56:43 | 000,001,748 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

[2015.04.15 07:22:57 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2015.04.15 07:22:56 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2015.03.30 18:45:43 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2014.03.03 16:06:06 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2014.03.01 18:31:40 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll

[2014.03.01 18:31:40 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll

[2014.03.01 18:31:40 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll

[2014.03.01 18:31:40 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll

[2014.03.01 18:31:40 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll

[2014.03.01 18:31:40 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll

[2014.01.23 18:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2014.01.23 18:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2014.01.23 18:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2014.01.23 18:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2013.12.23 20:26:57 | 000,099,384 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\inst.exe

[2013.12.23 20:26:57 | 000,007,859 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\pcouffin.cat

[2013.12.23 20:26:57 | 000,001,167 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\pcouffin.inf

[2013.09.20 23:26:57 | 000,030,208 | ---- | C] () -- C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.09.16 12:50:44 | 001,571,160 | ---- | C] () -- C:\Windows\TotalUninstaller.exe

[2013.09.13 16:58:34 | 001,594,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013.08.05 08:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

[2013.08.05 08:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2015.02.13 07:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2014.06.18 18:21:30 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\AVAST Software

[2014.03.12 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\AVG

[2013.11.14 11:53:02 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\BANDISOFT

[2015.04.06 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Battle.net

[2013.09.13 18:26:17 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Boilsoft

[2014.03.25 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\calibre

[2013.12.22 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Canneverbe Limited

[2015.05.06 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools Lite

[2015.02.25 17:24:06 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\elsterformular

[2015.02.10 16:58:25 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\FileZilla

[2014.04.03 21:13:37 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\IrfanView

[2013.11.09 17:02:23 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\KRKsoft

[2013.10.22 15:54:34 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\OfficeRecovery

[2013.09.13 22:07:30 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\OpenOffice

[2013.09.27 12:54:31 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Oracle

[2014.04.15 14:25:25 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Samsung

[2015.05.09 11:12:26 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Spotify

[2014.09.05 21:52:16 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Steam

[2013.09.13 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Thunderbird

[2014.09.06 22:33:18 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TumblRipper2

[2014.03.12 12:56:34 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TuneUp Software

[2014.03.01 21:31:19 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ulead Systems

[2013.12.24 11:42:55 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Vso

[2014.04.03 21:13:37 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\XMedia Recode

[2014.03.24 10:28:41 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2014.03.24 10:28:41 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

FRST.txt

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015

Ran by Andi (administrator) on ANDI-PC on 09-05-2015 13:21:27

Running from C:\Users\Andi\Desktop

Loaded Profiles: Andi (Available profiles: Andi)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Spotify Ltd) C:\Users\Andi\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-29] (Avast Software s.r.o.)

HKU\S-1-5-21-1129018005-183086456-2621111855-1000\...\Run: [Spotify Web Helper] => C:\Users\Andi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-08] (Spotify Ltd)

HKU\S-1-5-21-1129018005-183086456-2621111855-1000\...\Run: [Spotify] => C:\Users\Andi\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-05-08] (Spotify Ltd)

HKU\S-1-5-21-1129018005-183086456-2621111855-1000\...\MountPoints2: {353f3bda-e01c-11e4-a82e-0024548915be} - H:\AutoRun.exe

HKU\S-1-5-21-1129018005-183086456-2621111855-1000\...\MountPoints2: {353f3be9-e01c-11e4-a82e-0024548915be} - F:\AutoRun.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-04-18]

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-29] (Avast Software s.r.o.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-1129018005-183086456-2621111855-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-27] (Avast Software s.r.o.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default

FF NetworkProxy: "http", "www-proxy.t-online.de"

FF NetworkProxy: "http_port", 80

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)

FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin HKU\S-1-5-21-1129018005-183086456-2621111855-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)

FF Extension: LavaFox V2-Green - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default\Extensions\zigboom@ymail.com [2015-05-03]

FF Extension: WOT - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-21]

FF Extension: facepaste - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default\Extensions\facepaste.firefox.addon@azabani.com.xpi [2015-04-11]

FF Extension: Ghostery - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default\Extensions\firefox@ghostery.com.xpi [2013-09-15]

FF Extension: AdF.ly Skipper ★WORKING★ - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2014-02-24]

FF Extension: NoScript - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-13]

FF Extension: YouTube High Definition - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]

FF Extension: Adblock Plus - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-13]

FF Extension: DownThemAll! - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\4zqaxbir.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-30]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-06]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-29] (Avast Software s.r.o.)

R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)

R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-29] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-29] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-29] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-29] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-29] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-29] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-29] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-29] ()

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-13] (DT Soft Ltd)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)

R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-05-09 13:21 - 2015-05-09 13:21 - 02102784 _____ (Farbar) C:\Users\Andi\Desktop\FRST64.exe

2015-05-09 13:21 - 2015-05-09 13:21 - 00013787 _____ () C:\Users\Andi\Desktop\FRST.txt

2015-05-09 13:21 - 2015-05-09 13:21 - 00000000 ____D () C:\FRST

2015-05-09 11:27 - 2015-05-09 11:27 - 00000000 __SHD () C:\Users\Andi\AppData\Local\EmieBrowserModeList

2015-05-09 08:35 - 2015-05-09 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode

2015-05-08 20:56 - 2015-05-09 12:23 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Spotify

2015-05-08 20:56 - 2015-05-09 12:23 - 00000000 ____D () C:\Users\Andi\AppData\Local\Spotify

2015-05-08 20:56 - 2015-05-08 20:56 - 00001762 _____ () C:\Users\Andi\Desktop\Spotify.lnk

2015-05-08 20:56 - 2015-05-08 20:56 - 00001748 _____ () C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2015-05-06 16:45 - 2015-05-09 12:23 - 00001176 _____ () C:\Windows\setupact.log

2015-05-06 16:45 - 2015-05-06 16:45 - 00000000 _____ () C:\Windows\setuperr.log

2015-05-05 19:26 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-05-05 19:26 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-05-05 19:26 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-05-05 19:26 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-05-05 19:26 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-05-05 19:26 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2015-05-05 19:26 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-05-05 19:26 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-05-05 19:26 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-05-05 19:26 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe

2015-05-05 19:26 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe

2015-05-05 19:26 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe

2015-05-05 19:26 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-05-05 19:26 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe

2015-05-05 19:26 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-05-05 19:26 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-05-05 19:26 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-05-05 19:26 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-05-05 19:26 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-05-05 19:26 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-05-05 19:26 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-05-05 19:26 - 2015-04-27 21:05 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-05-05 19:26 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-05-05 19:26 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-05-05 19:26 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2015-05-05 19:26 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-05-05 19:26 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-05-05 19:26 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-05-05 19:26 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-05-05 19:26 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-05-05 19:26 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-05-05 19:26 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

2015-05-05 19:26 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe

2015-05-05 19:26 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe

2015-05-05 19:26 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe

2015-05-05 19:26 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-05-05 19:26 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-05-05 19:26 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-05-05 19:26 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-05-05 19:26 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-05-05 19:26 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-05-05 19:26 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe

2015-05-05 19:26 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-05-05 19:26 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-05-05 19:26 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-05-05 19:26 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-05-05 19:26 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-05-05 19:26 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-05-05 19:26 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-05-05 19:22 - 2015-05-05 19:24 - 00000000 ____D () C:\Users\Andi\AppData\Local\.elfohilfe

2015-04-30 14:30 - 2015-04-30 14:32 - 00000019 _____ () C:\Users\Andi\Desktop\firststop.txt

2015-04-29 21:34 - 2015-04-29 21:34 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe

2015-04-29 21:34 - 2015-04-29 21:34 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr

2015-04-29 21:30 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2015-04-29 21:30 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll

2015-04-29 21:30 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2015-04-29 21:30 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll

2015-04-29 21:30 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll

2015-04-29 21:30 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll

2015-04-29 21:30 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe

2015-04-29 21:30 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll

2015-04-29 21:30 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll

2015-04-29 21:30 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll

2015-04-29 21:30 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe

2015-04-29 21:30 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2015-04-29 21:30 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2015-04-29 21:30 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll

2015-04-29 21:30 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll

2015-04-24 17:14 - 2015-04-24 19:11 - 00000012 _____ () C:\Users\Andi\Desktop\Neues Textdokument.txt

2015-04-22 09:05 - 2015-04-22 09:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-04-15 16:15 - 2015-04-15 16:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-04-15 16:14 - 2015-04-15 16:14 - 00000000 ____D () C:\Program Files (x86)\Java

2015-04-15 07:22 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-04-15 07:22 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-04-15 07:22 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-15 07:22 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-04-15 07:22 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-04-15 07:22 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-04-15 07:22 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-15 07:22 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-04-15 07:22 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-04-15 07:22 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-15 07:22 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-04-15 07:22 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-04-15 07:22 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-04-15 07:22 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-04-15 07:22 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-04-15 07:22 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-04-15 07:22 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-04-15 07:22 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-15 07:22 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-04-15 07:22 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-04-15 07:22 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-04-15 07:22 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-04-15 07:22 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-04-15 07:22 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-04-15 07:22 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-04-15 07:22 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-04-15 07:22 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-04-15 07:22 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-04-15 07:22 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-15 07:22 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-04-15 07:22 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-04-15 07:22 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-04-15 07:22 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-04-15 07:22 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-04-15 07:22 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-04-15 07:22 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-04-15 07:22 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-04-15 07:22 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-04-15 07:22 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-15 07:22 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-04-15 07:22 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-04-15 07:22 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-04-15 07:22 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-04-15 07:22 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-15 07:22 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-04-15 07:22 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-04-15 07:22 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-04-15 07:22 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-04-15 07:22 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-15 07:22 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-04-15 07:22 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-04-15 07:22 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-04-15 07:22 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-04-15 07:22 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-15 07:22 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-04-15 07:22 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-04-15 07:22 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-04-15 07:22 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-04-15 07:21 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-04-15 07:21 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-04-15 07:21 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-04-15 07:21 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-04-15 07:21 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-04-15 07:21 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2015-04-15 07:21 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2015-04-15 07:20 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-04-15 07:20 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-15 07:20 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2015-04-11 18:58 - 2015-05-06 09:06 - 00000000 ____D () C:\ProgramData\ZDSupport

2015-04-11 09:27 - 2015-04-11 09:27 - 00000000 ____D () C:\Windows\system32\appraiser

2015-04-11 08:51 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-04-11 08:51 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-04-11 08:51 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-04-11 08:51 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-04-11 08:51 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-04-11 08:51 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-04-11 08:51 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-04-11 08:51 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-04-11 08:51 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-04-11 08:51 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-04-11 08:51 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-04-11 08:51 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-04-11 08:51 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-04-11 08:51 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-04-11 08:51 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-04-11 08:51 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-04-11 08:51 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-04-11 08:51 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-04-11 08:51 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-04-11 08:51 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-04-11 08:51 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-04-11 08:51 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-04-11 08:51 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-04-11 08:51 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-04-11 08:51 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-05-09 12:30 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat

2015-05-09 12:30 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat

2015-05-09 12:30 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-05-09 12:28 - 2009-07-14 06:45 - 00018784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-05-09 12:28 - 2009-07-14 06:45 - 00018784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-05-09 12:27 - 2014-09-11 09:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-05-09 12:24 - 2013-09-13 16:20 - 01793301 _____ () C:\Windows\WindowsUpdate.log

2015-05-09 12:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-05-09 11:15 - 2014-06-02 18:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-05-09 11:14 - 2013-12-24 11:08 - 00000000 ____D () C:\Users\Andi\Documents\FIFA 14

2015-05-09 09:21 - 2013-09-16 12:51 - 00000072 _____ () C:\Users\Public\LMDebug.log

2015-05-09 08:56 - 2013-09-13 17:01 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\vlc

2015-05-09 08:35 - 2013-09-13 18:19 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode

2015-05-09 08:15 - 2014-09-04 11:39 - 00000000 ____D () C:\Program Files (x86)\JDownloader v2.0

2015-05-06 09:19 - 2013-09-13 17:54 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Winamp

2015-05-06 09:05 - 2013-09-13 18:28 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\DAEMON Tools Lite

2015-05-05 21:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2015-05-05 19:25 - 2015-02-25 17:20 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular

2015-05-05 19:24 - 2013-09-13 16:19 - 00000000 ____D () C:\Users\Andi

2015-05-01 09:04 - 2014-07-14 11:17 - 00000000 ____D () C:\Users\Andi\.mediathek3

2015-04-29 21:34 - 2014-06-18 18:21 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys

2015-04-29 21:34 - 2014-06-18 18:21 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys

2015-04-29 21:34 - 2014-06-18 18:21 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2015-04-29 21:34 - 2014-06-18 18:21 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys

2015-04-29 21:34 - 2014-06-18 18:21 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2015-04-29 21:34 - 2014-06-18 18:21 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-04-29 21:34 - 2014-06-18 18:20 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys

2015-04-29 21:34 - 2014-06-18 18:20 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-04-29 21:34 - 2014-06-18 18:20 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2015-04-29 21:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers

2015-04-23 07:33 - 2013-09-13 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-20 07:39 - 2013-10-14 15:14 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Skype

2015-04-15 16:16 - 2014-09-11 09:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-04-15 16:16 - 2014-04-10 11:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-15 16:16 - 2014-04-10 11:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-15 16:15 - 2014-07-17 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-04-15 07:29 - 2013-09-13 16:58 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-04-15 07:28 - 2013-09-13 22:07 - 00000000 ____D () C:\Windows\system32\MRT

2015-04-15 07:25 - 2013-09-13 22:07 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-04-12 07:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2015-04-11 09:27 - 2014-04-25 08:44 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-04-11 09:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 

==================== Files in the root of some directories =======
 

2013-08-17 16:44 - 2007-07-07 07:07 - 0812544 _____ (Big Bang enterprises) C:\Program Files (x86)\DoubleKiller.exe

2014-04-09 11:48 - 2014-04-09 11:48 - 0237568 _____ (www.CompulsiveCode.com) C:\Program Files (x86)\JPEGtoPDF37.exe

2013-12-23 20:26 - 2013-12-23 20:26 - 0099384 _____ () C:\Users\Andi\AppData\Roaming\inst.exe

2013-12-23 20:26 - 2013-12-23 20:26 - 0007859 _____ () C:\Users\Andi\AppData\Roaming\pcouffin.cat

2013-12-23 20:26 - 2013-12-23 20:26 - 0001167 _____ () C:\Users\Andi\AppData\Roaming\pcouffin.inf

2013-12-23 20:26 - 2013-12-23 20:26 - 0000055 _____ () C:\Users\Andi\AppData\Roaming\pcouffin.log

2013-12-23 20:26 - 2013-12-23 20:26 - 0082816 _____ (VSO Software) C:\Users\Andi\AppData\Roaming\pcouffin.sys

2013-09-20 23:26 - 2015-02-14 20:20 - 0030208 _____ () C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-03-30 18:45 - 2015-03-30 18:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\Andi\AppData\Local\Temp\proxy_vole3094328537391394809.dll

C:\Users\Andi\AppData\Local\Temp\UninstallSer.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-05-04 17:08
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015

Ran by Andi at 2015-05-09 13:21:54

Running from C:\Users\Andi\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-1129018005-183086456-2621111855-500 - Administrator - Disabled)

Andi (S-1-5-21-1129018005-183086456-2621111855-1000 - Administrator - Enabled) => C:\Users\Andi

Gast (S-1-5-21-1129018005-183086456-2621111855-501 - Limited - Disabled)
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 17 NPAPI (HKLM-x32\...\{44C61B0B-3700-4AA6-AC7C-EE8F0BA9A907}) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Amazon Music (HKU\S-1-5-21-1129018005-183086456-2621111855-1000\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)

Boilsoft Video Joiner 6.57 (HKLM-x32\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version:  - Boilsoft, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)

DupDetector 3.302 (HKLM-x32\...\DupDetector_is1) (Version:  - Prismatic Software)

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16835 - Landesfinanzdirektion Thüringen)

FIFA 14 (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}) (Version: 1.0.0.0 - Electronic Arts)

FIFA 14 (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}_is1) (Version: 1.0 - Electronic Arts)

FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)

Image Grabber II (HKLM-x32\...\Image Grabber II) (Version:  - )

InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)

Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)

NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)

NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)

psynetic® Gif-X 3.00 (HKLM-x32\...\psynetic® Gif-X) (Version: 3.00 - Robert Mundt)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)

Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden

Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)

SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)

Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)

SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden

Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)

SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)

SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden

Spotify (HKU\S-1-5-21-1129018005-183086456-2621111855-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)

TumblRipper (HKLM-x32\...\{39CCA8F3-19C1-4246-B4BA-8174D665407C}_is1) (Version: 2.11 - TumblRipper)

Ulead VideoStudio 11 (HKLM-x32\...\InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}) (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VideoStudio (x32 Version: 11.0.0.0000 - InterVideo Digital Technology Corporation) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.2 - VSO Software)

Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)

Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1129018005-183086456-2621111855-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

XMedia Recode Version 3.2.2.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.2.9 - XMedia Recode)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

07-04-2015 17:34:15 Geplanter Prüfpunkt

11-04-2015 08:51:16 Windows Update

15-04-2015 07:23:06 Windows Update

22-04-2015 17:31:27 Geplanter Prüfpunkt

29-04-2015 21:30:26 Windows Update

29-04-2015 21:33:55 avast! antivirus system restore point

05-05-2015 19:26:17 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {20B1EC85-1A86-4040-B30D-3A25D7EE8BD8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)

Task: {21DF7DF5-FF4D-4B4C-B424-B561CE35199F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {308DCBD9-D099-4DCD-A6C1-1A81D365A943} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {5A3395EE-30B3-4144-A77A-01A2D8E226FD} - System32\Tasks\0414bUpdateInfo => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe [2014-04-09] ()

Task: {8D5C518B-06C8-4504-A13A-661362FCFBFC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {AB376BA5-6FCB-4E0A-AE17-B45BF605BA0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)

Task: {C22A8BCD-1210-4D0E-8EFA-4656156FF71A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-29] (Avast Software s.r.o.)

Task: {DC576141-1953-43E0-BC44-D7D8B5167F5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2015-02-25 20:27 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-09-16 12:50 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll

2015-04-29 21:34 - 2015-04-29 21:34 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-04-29 21:34 - 2015-04-29 21:34 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-05-09 11:20 - 2015-05-09 11:20 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15050900\algo.dll

2015-03-30 21:52 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-03-06 18:44 - 2015-03-06 18:44 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2015-04-03 08:57 - 2015-04-03 08:57 - 03348592 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

2015-04-03 08:57 - 2015-04-03 08:57 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

2015-04-03 08:57 - 2015-04-03 08:57 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

2015-04-25 18:59 - 2015-04-25 18:59 - 00008704 _____ () C:\Users\Andi\AppData\Roaming\Thunderbird\Profiles\obvxzffo.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Internet Explorer trusted/restricted ===============
 

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-1129018005-183086456-2621111855-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.2.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 
 

==================== FirewallRules (whitelisted) ===============
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

FirewallRules: [{AE373AAC-D199-4012-B972-BEDE00F5692C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{C668F3DA-B732-4FA8-A2A2-0589A3514136}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{B7E67ED0-03D1-47EC-80AB-F20C02F70CF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{8F261B98-339C-45F4-8D57-5B8F59BCAE8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{BFBBC07E-2099-48C6-B031-85C8D922A446}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{A629598E-3BEA-4AD1-8D24-16E796BE060C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{EE1209EB-2685-46FB-BEBE-94F28F2C3EFA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe

FirewallRules: [{9D22695C-9A53-43C0-AC83-5E7EFBA889F3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{5124A590-E52D-4A26-8792-6FE54DC0E63E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{9D7BA6B4-4ABB-49BC-B86D-78690CE84C1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{CFA049EE-650E-4CAF-B4DA-6E26E2F968AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{FF1EC1EF-AA02-440D-9470-6C72142979AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{C85BB3A9-E90E-4812-AFA1-DFC78B3FEC1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{16CC1FAB-41C8-45F1-AC78-438CCB3E0618}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{D12B361C-618E-42C9-8B7C-741A68EF91D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{F0F72157-D0D9-4560-A05A-8A45913A4F0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{4EAE8C25-84CB-4727-A141-EDA646059145}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{C630E7E9-E658-4626-A5A1-81910EE65CFF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{B34CCE85-83E1-4621-91D0-D40A2B10F520}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{F63526C1-6516-4D12-A132-5856062DDF54}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{718BC3C7-942B-46A9-98A9-AB0AD512A638}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{FA1B3A83-18BD-459E-A7A5-56DC6C54FF3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{EC80B537-01B6-4C3F-AD01-365D3F9923FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{2976DB23-6035-4E18-B82D-78D7A86BE683}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{754D0925-98AD-421F-9D14-FB8622E7C6A7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{78167C60-6CC8-4A30-80E1-4EE01F27105E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{B59A13AB-02A9-4818-B86D-ADDA87306D83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{BD82D443-A05D-4E44-9B48-6840F7B7A89B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{8F6616CF-3C97-4636-A92C-79DEA4268285}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{7F8C9404-837B-4360-8487-67BD4607F02E}] => (Block) %ProgramFiles% (x86)\Electronic Arts\FIFA 14\Game\fifa14.exe

FirewallRules: [{A4339C91-75CB-4544-9A87-6C3068819AB9}] => (Block) %ProgramFiles% (x86)\Electronic Arts\FIFA 14\Game\fifa14-3dm.exe

FirewallRules: [{49607B40-6963-4557-B6C7-8E96351F90B7}] => (Block) %ProgramFiles% (x86)\Electronic Arts\FIFA 14\Game\fifa14.exe

FirewallRules: [{16A1EE75-765A-4130-A5A0-AEBF8F6FE807}] => (Block) %ProgramFiles% (x86)\Electronic Arts\FIFA 14\Game\fifa14-3dm.exe

FirewallRules: [{4BC383AD-DD91-4054-B248-527EEC89CA91}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{4AFB0061-0DBE-4675-AF3F-13BEE5B84E9B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{1A09A261-D4BA-49C8-B8C5-B26845B2CF1C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{0DF7B2F9-46AF-4930-BDC6-23F2DA30C540}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{36585D34-5589-49ED-9BAC-E3FF0060347D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{90BFEF4C-4393-4736-9C82-EDA92F46DFB0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [UDP Query User{6E79AB0D-B360-41B8-A15B-864C3C26777E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [TCP Query User{AAC93C84-AE8D-4CF2-A1FA-F51F23411253}C:\users\andi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andi\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{4FF995A3-E28C-4192-81DE-AC270B2355EF}C:\users\andi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andi\appdata\roaming\spotify\spotify.exe
 

==================== Faulty Device Manager Devices =============
 

Name: PS/2-kompatible Maus

Description: PS/2-kompatible Maus

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: Generic Bluetooth Adapter

Description: Generic Bluetooth Adapter

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: GenericAdapter

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 

Name: WebCam SCB-1900N

Description: USB-Videogerät

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: usbvideo

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (05/07/2015 10:07:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c

Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae

Ausnahmecode: 0x80000003

Fehleroffset: 0x00001aa1

ID des fehlerhaften Prozesses: 0x3cc

Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0

Pfad der fehlerhaften Anwendung: plugin-container.exe1

Pfad des fehlerhaften Moduls: plugin-container.exe2

Berichtskennung: plugin-container.exe3
 

Error: (05/02/2015 04:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: WWE2K15_x64.exe, Version: 1.0.0.0, Zeitstempel: 0x5538c656

Name des fehlerhaften Moduls: WWE2K15_x64.exe, Version: 1.0.0.0, Zeitstempel: 0x5538c656

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000a54c56

ID des fehlerhaften Prozesses: 0xb44

Startzeit der fehlerhaften Anwendung: 0xWWE2K15_x64.exe0

Pfad der fehlerhaften Anwendung: WWE2K15_x64.exe1

Pfad des fehlerhaften Moduls: WWE2K15_x64.exe2

Berichtskennung: WWE2K15_x64.exe3
 

Error: (05/02/2015 04:30:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: WWE2K15_x64.exe, Version: 1.0.0.0, Zeitstempel: 0x5538c656

Name des fehlerhaften Moduls: WWE2K15_x64.exe, Version: 1.0.0.0, Zeitstempel: 0x5538c656

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000a54c56

ID des fehlerhaften Prozesses: 0xbbc

Startzeit der fehlerhaften Anwendung: 0xWWE2K15_x64.exe0

Pfad der fehlerhaften Anwendung: WWE2K15_x64.exe1

Pfad des fehlerhaften Moduls: WWE2K15_x64.exe2

Berichtskennung: WWE2K15_x64.exe3
 

Error: (04/24/2015 09:52:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.

.
 

Error: (04/10/2015 06:31:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.

.
 

Error: (03/21/2015 08:37:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm firefox.exe, Version 36.0.3.5556 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 814
 

Startzeit: 01d063e21d6cc640
 

Endzeit: 111
 

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID: 59aa53b2-cff9-11e4-9e3e-0024548915be
 

Error: (03/21/2015 08:37:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.3.5556, Zeitstempel: 0x550bb6a0

Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.3.5556, Zeitstempel: 0x550ba813

Ausnahmecode: 0x80000003

Fehleroffset: 0x00001e02

ID des fehlerhaften Prozesses: 0xa44

Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0

Pfad der fehlerhaften Anwendung: plugin-container.exe1

Pfad des fehlerhaften Moduls: plugin-container.exe2

Berichtskennung: plugin-container.exe3
 

Error: (03/10/2015 08:17:44 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm firefox.exe, Version 36.0.1.5542 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1228
 

Startzeit: 01d05b5b07e1e097
 

Endzeit: 563
 

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID: bd16e4d4-c751-11e4-a665-0024548915be
 

Error: (03/10/2015 08:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0

Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e

Ausnahmecode: 0x80000003

Fehleroffset: 0x00001e02

ID des fehlerhaften Prozesses: 0x964

Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0

Pfad der fehlerhaften Anwendung: plugin-container.exe1

Pfad des fehlerhaften Moduls: plugin-container.exe2

Berichtskennung: plugin-container.exe3
 

Error: (02/15/2015 06:29:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3

Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224

Ausnahmecode: 0x80000003

Fehleroffset: 0x00001425

ID des fehlerhaften Prozesses: 0x1228

Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0

Pfad der fehlerhaften Anwendung: plugin-container.exe1

Pfad des fehlerhaften Moduls: plugin-container.exe2

Berichtskennung: plugin-container.exe3
 
 

System errors:

=============

Error: (05/09/2015 00:23:15 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎09.‎05.‎2015 um 12:20:23 unerwartet heruntergefahren.
 

Error: (05/02/2015 07:22:08 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung empfangen: 80.
 

Error: (04/29/2015 09:33:33 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 

Error: (04/29/2015 09:33:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 

%%16405
 

Error: (04/28/2015 08:22:41 AM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (04/22/2015 09:41:29 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 

Error: (04/11/2015 06:58:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "ZDServ" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (04/10/2015 10:13:42 PM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 

Error: (03/06/2015 11:23:33 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 

Error: (03/06/2015 10:10:00 AM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 

Microsoft Office Sessions:

=========================

Error: (05/07/2015 10:07:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa13cc01d0890156b33406C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb3f26056-f4f4-11e4-aeff-0024548915be
 

Error: (05/02/2015 04:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: WWE2K15_x64.exe1.0.0.05538c656WWE2K15_x64.exe1.0.0.05538c656c00000050000000000a54c56b4401d084e484b437f9C:\Program Files (x86)\WWE 2K15\WWE2K15_x64.exeC:\Program Files (x86)\WWE 2K15\WWE2K15_x64.exec4d31b0d-f0d7-11e4-ab5c-0024548915be
 

Error: (05/02/2015 04:30:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: WWE2K15_x64.exe1.0.0.05538c656WWE2K15_x64.exe1.0.0.05538c656c00000050000000000a54c56bbc01d084e4775ff241C:\Program Files (x86)\WWE 2K15\WWE2K15_x64.exeC:\Program Files (x86)\WWE 2K15\WWE2K15_x64.exeb9f1764a-f0d7-11e4-ab5c-0024548915be
 

Error: (04/24/2015 09:52:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
 

Error: (04/10/2015 06:31:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
 

Error: (03/21/2015 08:37:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: firefox.exe36.0.3.555681401d063e21d6cc640111C:\Program Files (x86)\Mozilla Firefox\firefox.exe59aa53b2-cff9-11e4-9e3e-0024548915be
 

Error: (03/21/2015 08:37:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe36.0.3.5556550bb6a0mozalloc.dll36.0.3.5556550ba8138000000300001e02a4401d063fb6bd1f835C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll5abd7568-cff9-11e4-9e3e-0024548915be
 

Error: (03/10/2015 08:17:44 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: firefox.exe36.0.1.5542122801d05b5b07e1e097563C:\Program Files (x86)\Mozilla Firefox\firefox.exebd16e4d4-c751-11e4-a665-0024548915be
 

Error: (03/10/2015 08:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e0296401d05b5b1aa920ebC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllbf054e90-c751-11e4-a665-0024548915be
 

Error: (02/15/2015 06:29:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425122801d0493c7b23ca55C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllbf14a46b-b52f-11e4-bbfd-0024548915be
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-09-14 09:51:19.580

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Andi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-09-14 09:51:19.517

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Andi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-09-14 09:51:19.425

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-09-14 09:51:19.362

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-09-13 21:08:16.757

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\e94bf3832f820f9d669e\78f9d2721effb34a71\37b7caa2034438a7f8461e8e939dbf9d\x86_microsoft-windows-userenv_31bf3856ad364e35_7.1.7601.17514_none_83b850a4346b9b7c\userenv.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-13 21:08:16.695

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\e94bf3832f820f9d669e\78f9d2721effb34a71\37b7caa2034438a7f8461e8e939dbf9d\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-13 21:08:16.492

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\e94bf3832f820f9d669e\78f9d2721effb34a71\37b7caa2034438a7f8461e8e939dbf9d\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-13 21:08:15.229

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\e94bf3832f820f9d669e\78f9d2721effb34a71\37b7caa2034438a7f8461e8e939dbf9d\amd64_microsoft-windows-userenv_31bf3856ad364e35_7.1.7601.17514_none_dfd6ec27ecc90cb2\userenv.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-13 21:08:14.854

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\e94bf3832f820f9d669e\78f9d2721effb34a71\37b7caa2034438a7f8461e8e939dbf9d\amd64_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_1ebf38b449c0930f\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-13 21:07:13.655

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\e94bf3832f820f9d669e\78f9d2721effb34a71\37b7caa2034438a7f8461e8e939dbf9d\amd64_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_ee666fe261e263e3\userenv.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz

Percentage of memory in use: 43%

Total physical RAM: 3949.63 MB

Available physical RAM: 2248.84 MB

Total Pagefile: 7897.46 MB

Available Pagefile: 6078.19 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:249.04 GB) (Free:87.17 GB) NTFS

Drive d: (Volume) (Fixed) (Total:216.62 GB) (Free:44.74 GB) NTFS

Drive h: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:44.05 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 96511227)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=249 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=216.6 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: C98AA66C)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Habe noch mal AdwCleaner nach Anleitung rüberlaufen lassen:

Code:

# AdwCleaner v4.203 - Bericht erstellt 09/05/2015 um 16:21:58

# Aktualisiert 30/04/2015 von Xplode

# Datenbank : 2015-05-09.1 [Server]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)

# Benutzername : Andi - ANDI-PC

# Gestarted von : C:\Users\Andi\Desktop\AdwCleaner_4.203.exe

# Option : Suchlauf
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17728
 
 

-\\ Mozilla Firefox v37.0.2 (x86 de)
 

[4zqaxbir.default] - Zeile Gefunden : user_pref("extensions.GjhgjhgCXhjj.shoplist", "{\"shop\":{\"quelle.de\":[\"10003\",\"Quelle\",8,\"50\\u20ac Rabatt\"],\"schwab.de\":[\"10004\",\"Schwab\",3,\"20% Rabatt\"],\"valentins.de\":[\"10007\",[...]
 

*************************
 

AdwCleaner[R0].txt - [898 Bytes] - [09/05/2015 16:21:58]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [956 Bytes] ##########

Und JunkwareRemovalTool

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.6.9 (05.08.2015:1)

OS: Windows 7 Home Premium x64

Ran by Andi on 09.05.2015 at 16:26:51,99

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Tasks
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\4zqaxbir.default\minidumps [151 files]
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09.05.2015 at 16:29:28,61

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Nun ist meine Positivliste bei NoScript plötzlich gelöscht und ich muss jede Seite wieder neu "besätigen", liegt das an den durchgelaufenen Programmen?