8caipirinha8 | 13.05.2015 20:14 | mbam.txt Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 13.05.2015
Suchlauf-Zeit: 19:16:44
Logdatei: 150513_mbam.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.05.13.04
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ihtak
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 496118
Verstrichene Zeit: 43 Min, 52 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 0
(Keine schädliche Elemente gefunden)
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end) AdwCleaner.txt Code:
# AdwCleaner v4.204 - Bericht erstellt 13/05/2015 um 20:21:43
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : ihtak - IHTAK-PC
# Gestarted von : C:\Users\ihtak\Downloads\AdwCleaner_4.204.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ytd video downloader
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\YTD Video Downloader.lnk
Datei Gelöscht : C:\Users\ihtak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Datei Gelöscht : C:\Users\ihtak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\SereneScreen
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\SereneScreen
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;127.0.0.1:9421;<local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Mozilla Firefox v7.0 (en-US)
-\\ Google Chrome v42.0.2311.152
[C:\Users\ihtak\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
*************************
AdwCleaner[R0].txt - [3500 Bytes] - [13/05/2015 20:11:55]
AdwCleaner[S0].txt - [3128 Bytes] - [13/05/2015 20:21:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3187 Bytes] ########## JRT.txt Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Ultimate x64
Ran by ihtak on 13.05.2015 at 20:56:42,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1796543083-3759784685-822464397-1005\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\ihtak\appdata\local\google\chrome\user data\default\local storage\http_www.similarsitesearch.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\ihtak\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage-journal
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.05.2015 at 21:01:59,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST.txt
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2015
Ran by ihtak (administrator) on IHTAK-PC on 13-05-2015 21:02:50
Running from C:\Users\ihtak\Downloads
Loaded Profiles: ihtak (Available profiles: User & ihtak)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => c:\Program Files\Classic Shell\ClassicStartMenu.exe [96768 2010-04-12] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-05-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1796543083-3759784685-822464397-1005\...\Run: [Spotify Web Helper] => C:\Users\ihtak\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-27] (Spotify Ltd)
HKU\S-1-5-21-1796543083-3759784685-822464397-1005\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1796543083-3759784685-822464397-1005\...\Run: [Akamai NetSession Interface] => C:\Users\ihtak\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1796543083-3759784685-822464397-1005\...\Policies\Explorer: []
HKU\S-1-5-21-1796543083-3759784685-822464397-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2010-06-08]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk [2011-12-15]
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk [2011-03-30]
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)
Startup: C:\Users\ihtak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-02-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\ihtak\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-07-22] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => c:\Program Files\Classic Shell\ClassicExplorer64.dll [2010-04-12] (IvoSoft)
ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-07-22] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => c:\Program Files\Classic Shell\ClassicExplorer32.dll [2010-04-12] (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1796543083-3759784685-822464397-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1796543083-3759784685-822464397-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> c:\Program Files\Classic Shell\ClassicExplorer64.dll [2010-04-12] (IvoSoft)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> c:\Program Files\Classic Shell\ClassicExplorer32.dll [2010-04-12] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\Program Files\Classic Shell\ClassicExplorer64.dll [2010-04-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\Program Files\Classic Shell\ClassicExplorer32.dll [2010-04-12] (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ihtak\AppData\Roaming\Mozilla\Firefox\Profiles\39484tdk.default-1392907421887
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2010-04-28] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-04-23] (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-04-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-01-30]
StartMenuInternet: FIREFOX.EXE - C:\Internet\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\ihtak\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ihtak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-28]
CHR Extension: (Adblock Plus) - C:\Users\ihtak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-09]
CHR Extension: (Bookmark Manager) - C:\Users\ihtak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ihtak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\ihtak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-05-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-05-13] (Avira Operations GmbH & Co. KG)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-06-03] (Autodesk)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 InstallShield Licensing Service; C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [78536 2011-04-14] (Macrovision )
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2002-02-02] (Robert McNeel & Associates) [File not signed]
S2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 vfsFPService; c:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.)
S4 vfsFPService; c:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.)
S4 VRLService; C:\ProgramData\ASGVIS\Dongle Utilities\startvrlservice.exe [212992 2012-12-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-05-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-02] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-13 21:02 - 2015-05-13 21:04 - 00019483 _____ () C:\Users\ihtak\Downloads\Main.txt
2015-05-13 21:02 - 2015-05-13 21:02 - 00000000 ____D () C:\Users\ihtak\Downloads\FRST-OlderVersion
2015-05-13 20:57 - 2015-05-13 20:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IHTAK-PC-Windows-7-Ultimate-(64-bit).dat
2015-05-13 20:56 - 2015-05-13 20:56 - 00000000 ____D () C:\RegBackup
2015-05-13 20:11 - 2015-05-13 20:21 - 00000000 ____D () C:\AdwCleaner
2015-05-13 20:11 - 2015-05-13 20:11 - 02720307 _____ (Thisisu) C:\Users\ihtak\Downloads\JRT.exe
2015-05-13 20:10 - 2015-05-13 20:10 - 02209792 _____ () C:\Users\ihtak\Downloads\AdwCleaner_4.204.exe
2015-05-13 09:24 - 2015-05-13 09:18 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-13 00:45 - 2015-05-13 00:45 - 00020211 _____ () C:\ComboFix.txt
2015-05-12 21:03 - 2015-05-12 21:03 - 00002175 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-05-12 21:03 - 2015-05-12 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-12 21:03 - 2015-05-12 21:03 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-12 21:02 - 2015-05-12 21:03 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-05-12 20:31 - 2015-05-12 20:31 - 00000000 ____D () C:\Users\ihtak\AppData\Roaming\Avira
2015-05-12 20:25 - 2015-05-13 09:18 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-12 20:25 - 2015-05-13 09:17 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-12 20:25 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-12 19:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-12 19:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-12 19:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-12 19:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-12 19:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-12 19:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-12 19:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-12 19:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-12 19:05 - 2015-05-13 00:45 - 00000000 ____D () C:\Qoobox
2015-05-12 19:04 - 2015-05-12 19:45 - 00000000 ____D () C:\Windows\erdnt
2015-05-11 14:08 - 2015-05-11 14:08 - 00000020 _____ () C:\Users\ihtak\defogger_reenable
2015-05-11 13:28 - 2015-05-13 21:02 - 00000000 ____D () C:\FRST
2015-05-11 13:06 - 2015-05-13 21:02 - 00000000 ____D () C:\Users\ihtak\Desktop\PC Help
2015-05-11 13:05 - 2015-05-13 21:02 - 02104832 _____ (Farbar) C:\Users\ihtak\Downloads\FRST64.exe
2015-05-11 13:05 - 2015-05-11 13:05 - 00380416 _____ () C:\Users\ihtak\Downloads\Gmer-19357.exe
2015-05-11 13:05 - 2015-05-11 13:05 - 00050477 _____ () C:\Users\ihtak\Downloads\Defogger.exe
2015-05-11 09:07 - 2015-05-13 09:11 - 00270372 _____ () C:\Windows\PFRO.log
2015-05-10 22:42 - 2015-05-13 19:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 22:42 - 2015-05-10 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-10 22:42 - 2015-05-10 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-10 22:42 - 2015-05-10 22:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-10 22:42 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-10 22:42 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-10 22:42 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-10 22:41 - 2015-05-10 22:42 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ihtak\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-10 22:27 - 2015-05-10 22:27 - 01059224 _____ () C:\Users\ihtak\Downloads\GetSystemInfo.zip
2015-05-10 15:27 - 2015-05-10 15:27 - 00000000 ____D () C:\SwSetup
2015-05-10 15:26 - 2015-05-10 15:26 - 02228480 _____ (Hewlett-Packard Company ) C:\Users\ihtak\Downloads\sp54629.exe
2015-05-10 14:40 - 2015-05-10 14:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\ihtak\Downloads\HiJackThis204.exe
2015-05-06 23:08 - 2015-05-13 20:56 - 00005557 _____ () C:\Windows\setupact.log
2015-05-06 23:08 - 2015-05-06 23:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-04 10:51 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-05-04 10:51 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-05-04 10:51 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-05-04 10:50 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-04 09:34 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-05-04 09:34 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-05-03 13:44 - 2015-05-03 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-05-03 13:43 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-05-03 13:43 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-05-03 13:43 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-05-03 13:43 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-05-03 13:43 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-05-03 13:43 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-05-03 13:43 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-05-03 13:43 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-05-03 13:43 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-05-03 13:43 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-05-03 13:43 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-05-03 13:43 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-05-03 13:43 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-05-03 13:43 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-05-03 13:43 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-05-03 13:26 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-05-03 13:26 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-05-03 13:26 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-05-03 13:06 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-03 13:06 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-03 13:06 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-03 13:06 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-03 13:06 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-03 13:06 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-03 13:06 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-03 13:06 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-03 13:05 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-03 13:05 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-03 13:05 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-03 13:05 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-03 13:05 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-03 13:05 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-03 13:05 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-04-15 08:54 - 2015-04-15 08:54 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 23:04 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 23:04 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 23:04 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 23:04 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 23:04 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 23:04 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 23:04 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 23:04 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 23:04 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 23:04 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 23:04 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 23:04 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 23:04 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 23:04 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 23:04 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 23:04 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 23:04 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 23:04 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 23:04 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 23:04 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 23:04 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 23:04 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 23:04 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 23:04 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 23:04 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:04 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 23:04 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 23:04 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:04 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 23:04 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 23:04 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 23:04 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 23:04 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 23:04 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 23:04 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 23:04 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 23:04 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 23:04 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 23:04 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 23:04 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 23:04 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 23:04 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 23:04 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 23:04 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 23:04 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 23:04 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 23:04 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 23:04 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 23:04 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 23:04 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 23:04 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 23:04 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 23:04 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 23:04 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 23:04 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 23:04 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 23:04 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 23:04 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 23:04 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 23:04 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 23:04 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:04 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:04 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 23:04 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 23:04 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 23:04 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 23:04 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:04 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 23:04 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-14 23:03 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 23:03 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 23:03 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 23:03 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 23:03 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 23:03 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 23:03 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 23:03 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 23:03 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 23:03 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 23:03 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 23:03 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 23:03 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 23:03 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 23:03 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 23:03 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 23:03 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 23:03 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 23:03 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 23:03 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 23:03 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 23:03 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 23:03 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 23:03 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 23:03 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 23:03 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 23:03 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 23:03 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 23:03 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 23:03 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 23:03 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 23:03 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 23:03 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 23:03 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 23:03 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 23:03 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 23:03 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 23:03 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 23:03 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 23:03 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 23:03 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 23:03 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 23:03 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 23:03 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 23:03 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 23:03 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 23:03 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 23:03 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 23:03 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 23:03 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 23:03 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 23:03 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 23:03 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 23:03 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 23:03 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 23:03 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 23:03 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 23:03 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 23:03 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 23:01 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:01 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 23:01 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-13 21:04 - 2010-04-15 18:52 - 00000000 ____D () C:\Users\Public\Temp
2015-05-13 20:57 - 2009-07-14 06:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-13 20:57 - 2009-07-14 06:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-13 20:55 - 2011-01-10 22:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-13 20:55 - 2010-03-22 20:55 - 01280765 _____ () C:\Windows\WindowsUpdate.log
2015-05-13 20:51 - 2010-03-22 22:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-13 20:50 - 2011-01-10 22:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-13 20:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-13 14:59 - 2009-07-14 19:58 - 00701576 _____ () C:\Windows\system32\perfh007.dat
2015-05-13 14:59 - 2009-07-14 19:58 - 00150444 _____ () C:\Windows\system32\perfc007.dat
2015-05-13 14:59 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 00:53 - 2014-01-17 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-13 00:39 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-12 21:04 - 2015-01-02 19:15 - 00002256 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-12 21:02 - 2014-11-25 14:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-12 21:02 - 2011-09-28 18:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-12 20:25 - 2014-01-17 23:52 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-05-12 19:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-11 14:08 - 2010-06-03 16:43 - 00000000 ____D () C:\Users\ihtak
2015-05-11 09:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2015-05-10 23:58 - 2010-06-03 16:43 - 00000000 ____D () C:\Users\ihtak\AppData\Roaming\Skype
2015-05-10 23:45 - 2013-06-22 14:48 - 00000000 ____D () C:\Users\ihtak\AppData\Roaming\Spotify
2015-05-10 22:30 - 2014-03-18 21:49 - 00471552 ___SH () C:\Users\ihtak\Desktop\Thumbs.db
2015-05-08 11:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-07 18:17 - 2011-01-25 23:15 - 00000000 ____D () C:\Windows\Minidump
2015-05-07 18:17 - 2010-06-03 16:29 - 00286945 ____N () C:\Windows\Minidump\050715-31715-01.dmp
2015-05-06 23:08 - 2010-11-19 16:11 - 00000000 ____D () C:\Users\ihtak\AppData\Roaming\Azureus
2015-05-06 23:08 - 2010-06-21 00:15 - 00000000 ____D () C:\Users\ihtak\AppData\Roaming\FileZilla
2015-05-06 23:08 - 2010-06-03 16:43 - 00000000 ____D () C:\Users\ihtak\AppData\Roaming\Media Player Classic
2015-05-06 23:08 - 2010-06-03 16:43 - 00000000 ____D () C:\Users\ihtak\AppData\Roaming\DAEMON Tools Lite
2015-05-06 00:03 - 2014-08-28 11:50 - 00000000 ____D () C:\Users\ihtak\Desktop\Toronto!
2015-05-03 13:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-03 13:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-03 13:33 - 2013-10-11 13:54 - 01598708 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-03 13:22 - 2010-03-22 22:40 - 00000000 ____D () C:\Internet
2015-05-03 13:09 - 2013-09-15 14:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-29 20:20 - 2013-10-07 22:03 - 00000000 ____D () C:\Users\ihtak\Desktop\150508_My Master
2015-04-27 11:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-22 10:45 - 2010-06-03 17:06 - 00000000 ____D () C:\Users\ihtak\Desktop\my piggis
2015-04-19 23:25 - 2010-06-13 16:00 - 00000000 ____D () C:\Users\ihtak\Desktop\150508_this`n`that
2015-04-17 22:48 - 2010-03-23 18:13 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 08:54 - 2014-05-07 01:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 01:55 - 2010-05-07 14:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
==================== Files in the root of some directories =======
2013-05-12 12:05 - 2013-05-12 12:05 - 4167680 _____ () C:\Program Files (x86)\GUT8532.tmp
2014-02-11 01:31 - 2014-02-11 01:31 - 49940480 _____ () C:\Program Files (x86)\GUTB860.tmp
2012-06-06 12:30 - 2014-04-29 20:11 - 0000132 _____ () C:\Users\ihtak\AppData\Roaming\Adobe BMP Format CS5 Prefs
2011-07-12 23:22 - 2014-07-14 01:24 - 0000132 _____ () C:\Users\ihtak\AppData\Roaming\Adobe GIF Format CS5 Prefs
2011-07-20 10:25 - 2015-03-19 00:41 - 0000132 _____ () C:\Users\ihtak\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-12-09 23:38 - 2013-12-09 23:38 - 0001456 _____ () C:\Users\ihtak\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2010-06-03 19:05 - 2010-06-03 19:05 - 0000000 _____ () C:\Users\ihtak\AppData\Local\AtStart.txt
2010-06-03 16:44 - 2013-11-04 13:48 - 0004608 _____ () C:\Users\ihtak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-03 19:05 - 2010-06-03 19:05 - 0000000 _____ () C:\Users\ihtak\AppData\Local\DSwitch.txt
2010-06-03 19:05 - 2010-06-03 19:05 - 0000000 _____ () C:\Users\ihtak\AppData\Local\QSwitch.txt
2015-05-03 13:45 - 2015-05-10 14:54 - 0007663 _____ () C:\Users\ihtak\AppData\Local\Resmon.ResmonCfg
2013-10-27 21:40 - 2013-10-27 21:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-04-23 23:37 - 2010-04-23 23:40 - 0000000 _____ () C:\ProgramData\CLDShowX.ini
2010-06-07 19:42 - 2010-06-07 19:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-01-02 13:50 - 2014-01-02 13:50 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 16:46
==================== End Of Log ============================ --- --- ---
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2015
Ran by ihtak at 2015-05-13 21:04:46
Running from C:\Users\ihtak\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1796543083-3759784685-822464397-500 - Administrator - Disabled)
Gast (S-1-5-21-1796543083-3759784685-822464397-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1796543083-3759784685-822464397-1007 - Limited - Enabled)
ihtak (S-1-5-21-1796543083-3759784685-822464397-1005 - Administrator - Enabled) => C:\Users\ihtak
User (S-1-5-21-1796543083-3759784685-822464397-1000 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7Tweak (HKLM\...\7Tweak_is1) (Version: - Daoisoft)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1796543083-3759784685-822464397-1005\...\Akamai) (Version: - Akamai Technologies, Inc)
Any PDF to DWG Converter 2010 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version: - AnyDWG Software, Inc.)
Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{404BB1FF-A84F-432F-B77B-301E88E8D1C7}) (Version: 3.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ArchiCAD 14 INT (HKLM\...\001FFF2FFF14FF00FF0701F01F02F000-R1) (Version: 14.0 - Graphisoft)
ASGvis Material Studio (HKLM-x32\...\{BE2DB46C-EA1A-434E-AABD-50EAF626EBEE}) (Version: 1.00.0000 - ASGvis, LLC)
ATI Catalyst Install Manager (HKLM\...\{33355A36-EAAB-DA8F-417F-BCE8F3BB22E9}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
AutoCAD 2007 - English (HKLM-x32\...\{5783F2D7-5001-0409-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)
AutoCAD 2011 - English (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD 2014 - English (Version: 19.1.42.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.42.0 - Autodesk) Hidden
AutoCAD Architecture 2011 - English (HKLM\...\AutoCAD Architecture 2011 - English) (Version: 6.5.49.0 - Autodesk)
AutoCAD Architecture 2011 - English (Version: 6.5.49.0 - Autodesk) Hidden
AutoCAD Architecture 2011 Language Pack - English (Version: 18.1.49.0 - Autodesk) Hidden
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.42.0 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk DirectConnect 2010 R1 (64-bit) (HKLM\...\{470DA0AE-96BF-4F9C-888C-360DEF2DE71E}) (Version: 4.0.296.0 - Autodesk)
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Medium Image library (HKLM-x32\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 1.0.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk T-Splines Plug-in for Rhino version 3.5 r8975 (64) (HKLM\...\{B02B3AB3-E98D-4E26-9090-896D9EBCEDE8}) (Version: 3.5.8975 - Autodesk)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
B/Works for Digital Cameras (HKLM-x32\...\B/Works for Digital Cameras_is1) (Version: - )
Batch Render for Rhinoceros 4.0 (HKLM-x32\...\{E7B9AE9E-0F69-4E9E-850D-C7330446BF4F}) (Version: 1.00.0000 - ASGvis, LLC)
Bonjour (HKLM\...\{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}) (Version: 2.0.1.2 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0504.2152.37420 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Cfont Pro v4 (HKLM-x32\...\Cfont Pro_is1) (Version: - Veign, LLC)
CINEMA 4D 11.514 (HKLM\...\MAXONB6EC381C) (Version: 11.514 - MAXON Computer GmbH)
CINEMA 4D Demo 12.043 (HKLM\...\MAXONFD3BFAC6) (Version: 12.043 - MAXON Computer GmbH)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.01065 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.01065 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{21FD4542-C405-4E78-9C0E-2A400CCC2B16}) (Version: 1.9.2 - IvoSoft)
ClearSkinFX for Digital Cameras (HKLM-x32\...\ClearSkinFX for Digital Cameras_is1) (Version: - )
ColorCastFX for Digital Cameras (HKLM-x32\...\ColorCastFX for Digital Cameras_is1) (Version: - )
CoreAVC Professional Edition (remove only) (HKLM-x32\...\CoreAVC Professional Edition) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Image Recovery 1.47 (HKLM-x32\...\Digital Image Recovery_is1) (Version: - Alexander Grau)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.2.23 - DivX, Inc. )
Dropbox (HKU\S-1-5-21-1796543083-3759784685-822464397-1005\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DWG TrueView 2011 (HKLM\...\DWG TrueView 2011) (Version: 18.1.49.0 - Autodesk)
DWG TrueView 2011 (Version: 18.1.49.0 - Autodesk) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
English Dictionary (HKLM-x32\...\{451C89AE-BB03-4C9F-B18C-2500CC596DAF}) (Version: 0.0.0.0 - IDM Computer Solutions, Inc.)
Exact Audio Copy 0.99pb5 (HKLM-x32\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
Exifer (HKLM-x32\...\Exifer_is1) (Version: - Friedemann Schmidt)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FileZilla Client 3.3.3 (HKLM-x32\...\FileZilla Client) (Version: 3.3.3 - )
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
FOTO AT Fotowelt (HKLM-x32\...\FOTO AT Fotowelt) (Version: - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HotPixels Eliminator for Digital Cameras 1.0 (HKLM-x32\...\HotPixels Eliminator for Digital Cameras 1.0_is1) (Version: - )
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Hilfe (HKLM-x32\...\{6B953497-169C-4929-9AA9-A9F510347468}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Launch Buttons 6.40 L1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 L1 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
IsoBuster 2.7 (HKLM-x32\...\IsoBuster_is1) (Version: 2.7 - Smart Projects)
iTunes (HKLM\...\{96D5EB02-DE18-4DCD-A713-929B4461CA8D}) (Version: 9.1.1.12 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Macromedia Flash Player 8 (HKLM-x32\...\ShockwaveFlash) (Version: 8 - Macromedia)
MainType 2.1.1 (HKLM-x32\...\MainType2_is1) (Version: - High-Logic)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKU\S-1-5-21-1796543083-3759784685-822464397-1005\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Firefox 7.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 7.0 (x86 en-US)) (Version: 7.0 - Mozilla)
Mozilla Thunderbird (7.0) (HKLM-x32\...\Mozilla Thunderbird (7.0)) (Version: 7.0 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nemo's Aquarium 3D (HKLM-x32\...\Nemo's Aquarium 3D_is1) (Version: 1.00 - Digital Illusions Software)
NET Render Client 11.514 (HKLM\...\MAXONF02E79F8) (Version: 11.514 - MAXON Computer GmbH)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.59.37 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.11.9745 - NVIDIA Corporation)
Ogg Codecs 0.81.15562 (HKLM\...\Ogg Codecs) (Version: 0.81.15562 - Xiph.Org)
Paint.NET v3.5.5 (HKLM\...\{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}) (Version: 3.55.0 - dotPDN LLC)
PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.9 - Frank Heindörfer, Philip Chinery)
Pepakura Designer 3 (HKLM-x32\...\pepakura_designer3en) (Version: - TamaSoftware)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.1 - Google, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Rhino RDK (HKLM-x32\...\Rhino RDK) (Version: - )
Rhinoceros 4.0 (HKLM-x32\...\{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}) (Version: 4.0.20118 - McNeel & Associates)
Rhinoceros 4.0 SR8 (HKLM-x32\...\{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}) (Version: 4.0.50401 - Robert McNeel & Associates)
Rhinoceros 5 (64-bit) (HKLM\...\{D7B0FC7F-827E-4664-9DC8-32AD32C875A7}) (Version: 5.5.30717.16015 - Robert McNeel & Associates)
RhinoMembrane 2.0.1 64 bit (HKLM\...\RhinoMembrane x64_is1) (Version: - Bletzinger-D'Anza-Linhard)
RhinoTerrain 1.8 DEMO (HKLM-x32\...\{6E606DA4-4727-461F-A72B-A7B99509059B}_is1) (Version: 1.8 DEMO - RhinoTerrain SARL)
SereneScreen Marine Aquarium 2 (HKLM-x32\...\SereneScreen Marine Aquarium 2_is1) (Version: 2.0 - Prolific Publishing, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1796543083-3759784685-822464397-1005\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Streamripper Plugin 1.62.2 (Remove only) (HKLM-x32\...\Streamripper.Plugin) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
UltraCompare v7.10 (HKLM-x32\...\{333A9197-CF01-42FA-8278-BB8C113591CF}) (Version: 7.0.58 - IDM Computer Solutions, Inc.)
UltraEdit 16.00 (HKLM-x32\...\{75C73547-240E-4DA1-AB63-58146F377085}) (Version: 16.00.39 - IDM Computer Solutions, Inc.)
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Validity Sensors software (HKLM\...\{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}) (Version: 2.8.120 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
V-Ray for Rhinoceros (x32 Version: 01.05.29 - ASGvis, LLC) Hidden
V-Ray for Rhinoceros 4.0 (HKLM-x32\...\{54DBAF71-635A-45CB-A7DD-7EAB60F5C460}) (Version: 1.00.0000 - ASGvis, LLC)
V-Ray for Rhinoceros 5 x64 adv (HKLM-x32\...\V-Ray for Rhinoceros 5 x64 adv 1.50.22564) (Version: 1.50.22564 - Chaos Software, Ltd)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XQDC X-Setup Pro 9.2.100 (HKLM-x32\...\xqdcXSP_is1) (Version: 9.2.100 - XQDC Ltd.)
XviD MPEG-4 Video Codec 64-BIT rev.1.2.2 (HKLM\...\{5B52A9E2-0778-4356-93AF-25DBAC2FA365}_is1) (Version: - )
Zoomquilt Screensaver (HKLM-x32\...\Zoomquilt Screensaver.scr) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ihtak\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2011\DWGVIEWRficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Architecture 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Architecture 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{D39D9960-20CA-40CE-A802-8C64817BE518}\InprocServer32 -> C:\Program Files (x86)\UltraCompare\UC_ShellExt07x64.dll ()
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2011\DWGVIEWR.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ihtak\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ihtak\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ihtak\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1796543083-3759784685-822464397-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ihtak\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
03-05-2015 17:55:23 Windows Update
04-05-2015 10:14:30 Windows Update
05-05-2015 10:21:45 Windows Update
07-05-2015 01:05:27 Citavi wird entfernt
12-05-2015 19:06:12 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-05-13 00:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0169C5CE-819C-44C6-B346-65D67D0CAF3D} - System32\Tasks\{6615FB9B-135B-482F-95B5-5D3A0ECD2042} => pcalua.exe -a C:\Users\ihtak\Downloads\GoogleEarthWin.exe -d C:\Users\ihtak\Downloads
Task: {0FF99781-0E88-48BD-B400-520F6B04D3FF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1A1DAEA9-1EA0-4003-819A-12C84E0561D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {2316436F-EB06-4D92-9D4E-2027F133FA0D} - System32\Tasks\{85580CB2-38C2-4AE8-9AB2-F1B4483CA014} => pcalua.exe -a "C:\1\Zoomquilt II Install.exe"
Task: {39C4A33B-51AB-4D91-9BB6-747F19CE2C27} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {6939092A-7183-4B89-86AE-0B1D81975CBA} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {6C8A0E21-9246-45DA-A1B6-67F56B95BB35} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6F7B4D5A-8C23-42E4-839D-31B57DA3B76E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {71C7AB65-0892-412A-9748-5CD8A09B04E1} - System32\Tasks\AdobeAAMUpdater-1.0-IHTAK-PC-ihtak => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {7BE34F86-CA17-4330-B324-934E4042E7D2} - System32\Tasks\{2FA0340E-B2CD-41EA-ABA8-59D77592DD1A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {7C8FDB81-0A53-4954-B177-BC4EA8B8FD2F} - System32\Tasks\{03509E36-675E-47B8-BC6D-73AC21302404} => pcalua.exe -a C:\Users\ihtak\Downloads\HAL_v0.03\HAL_v0.03.2.exe -d C:\Users\ihtak\Downloads\HAL_v0.03
Task: {9C9A0E28-D40A-4CDE-BBF2-6C275C96613F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C1B65406-6CD5-43D5-B6FD-DAA9367F7FA4} - System32\Tasks\{3C5F62CA-EDEB-4F5B-ACE5-F4B96CE332F7} => pcalua.exe -a C:\1\Windows7-DreamScene.exe
Task: {C9519504-02DD-4E14-A41C-287CFE48F075} - System32\Tasks\{2C93F369-DBE3-433F-A680-727EA6C43B09} => pcalua.exe -a C:\Users\Public\Temp\Temp1_HAL_v0.04.zip\HAL_v0.04.5_Rh5.exe
Task: {CD9B229E-CC28-4830-B00B-4247224E3BB1} - System32\Tasks\{E8739A9E-E430-4550-A33E-0FE0498C5A7F} => pcalua.exe -a C:\Windows\SysWOW64\Startup.cpl -c Startup
Task: {CF7AB6D0-5B8C-48C6-A526-278B13FEF5C6} - System32\Tasks\{7C7E9BDC-73CA-44C3-BF59-B11E89953B7A} => pcalua.exe -a "S:\ArchiCAD 9\Setup.exe" -d "S:\ArchiCAD 9"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-04-16 12:43 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2010-04-12 16:00 - 2010-04-12 16:00 - 00115200 _____ () C:\Program Files (x86)\UltraEdit\ue64ctmn.dll
2010-04-08 07:10 - 2010-04-08 07:10 - 00147968 _____ () C:\Program Files (x86)\UltraCompare\UC_ShellExt07x64.dll
2010-04-17 00:12 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-10-17 19:30 - 2012-10-17 19:30 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1796543083-3759784685-822464397-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\ihtak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: vfsFPService => 2
MSCONFIG\Services: vpnagent => 2
MSCONFIG\Services: VRLService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Deskmenu.lnk => C:\Windows\pss\Deskmenu.lnk.CommonStartup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\ihtak\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NetWorx => C:\Internet\NetWorx\networx.exe
MSCONFIG\startupreg: Spotify => "C:\Users\ihtak\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{80D9DC2D-D8AD-4061-8FD0-F68A5467CDAB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{908538CE-DC35-48C3-86CC-A568F8BBBA85}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD9.EXE
FirewallRules: [{B2865B2D-A043-4D24-8D1B-2049CCE867EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9CE14173-6DF5-4965-A09A-F5E90BAC5533}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD785E99-5A64-4BFC-BB00-5EE8BA63AEA1}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{15EB6A58-D80C-453E-AF25-AC40B6B1DF49}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4708DE8A-A6CF-426B-AEC2-554B0F1AFB4F}] => (Allow) C:\Program Files\Graphisoft\ArchiCAD 14\ArchiCAD.exe
FirewallRules: [{8114E23E-11DE-4673-9C04-5A7688C5135A}] => (Allow) C:\Program Files\Graphisoft\ArchiCAD 14\ArchiCAD.exe
FirewallRules: [TCP Query User{0034E7A2-B908-46FD-9A2A-1E920E3E7ECB}C:\program files\graphisoft\archicad 14\licensefilegenerator.exe] => (Allow) C:\program files\graphisoft\archicad 14\licensefilegenerator.exe
FirewallRules: [UDP Query User{FA68AA14-7051-4285-9BBB-A6062BE09A81}C:\program files\graphisoft\archicad 14\licensefilegenerator.exe] => (Allow) C:\program files\graphisoft\archicad 14\licensefilegenerator.exe
FirewallRules: [{AA1363F0-CAF2-44CB-9E2D-38B1017B3CF5}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{6AD35F90-3AF9-4ECC-BD17-D900D7E57234}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{EFDE7406-ECB3-4629-99E7-D616405EDB82}C:\program files\maxon\net render r11.5 client\net render client 64 bit.exe] => (Allow) C:\program files\maxon\net render r11.5 client\net render client 64 bit.exe
FirewallRules: [UDP Query User{821958F5-74D8-4694-B808-F239B2FA73F9}C:\program files\maxon\net render r11.5 client\net render client 64 bit.exe] => (Allow) C:\program files\maxon\net render r11.5 client\net render client 64 bit.exe
FirewallRules: [TCP Query User{B825DF47-66B6-4865-A1BF-7C2894528E18}C:\program files\maxon\net render r11.5 client\net render client.exe] => (Block) C:\program files\maxon\net render r11.5 client\net render client.exe
FirewallRules: [UDP Query User{AB5ED784-22F5-45B3-A57B-F0CEF79832D3}C:\program files\maxon\net render r11.5 client\net render client.exe] => (Block) C:\program files\maxon\net render r11.5 client\net render client.exe
FirewallRules: [{CCDAEA16-0996-40A9-9503-64B1FF589923}] => (Allow) LPort=49164
FirewallRules: [{0AF74F4F-30ED-4F01-B858-8B0055FF8B13}] => (Allow) LPort=5000
FirewallRules: [{0020EB22-FD25-4A50-8ECE-833543BB656C}] => (Allow) C:\Users\ihtak\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{C167B207-D4D4-4B9B-BA60-D4CC26E29641}] => (Allow) C:\Users\ihtak\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [TCP Query User{1F7564F5-7A78-44B8-82C2-FC5E0B68E301}C:\users\ihtak\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ihtak\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AE9A7326-C1F1-42EA-9CE0-B2866C4787CE}C:\users\ihtak\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ihtak\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7FECECA9-763B-46E1-B1E8-AC27B69BFD94}C:\program files\next limit\maxwell 2\maxwell.exe] => (Block) C:\program files\next limit\maxwell 2\maxwell.exe
FirewallRules: [UDP Query User{74279921-EF67-444A-9EEE-DD121E514552}C:\program files\next limit\maxwell 2\maxwell.exe] => (Block) C:\program files\next limit\maxwell 2\maxwell.exe
FirewallRules: [TCP Query User{FB9DB50B-1627-41C4-8775-F77CD1D77196}C:\program files\next limit\maxwell 2\maxwell.exe] => (Allow) C:\program files\next limit\maxwell 2\maxwell.exe
FirewallRules: [UDP Query User{3A0C8AAF-58D7-4796-A54C-6FDDF8D61D2F}C:\program files\next limit\maxwell 2\maxwell.exe] => (Allow) C:\program files\next limit\maxwell 2\maxwell.exe
FirewallRules: [TCP Query User{F903D857-9C35-4998-8937-515E5B52DFB9}C:\program files\next limit\maxwell 2\mxnetwork.exe] => (Allow) C:\program files\next limit\maxwell 2\mxnetwork.exe
FirewallRules: [UDP Query User{F275ACEE-7CA4-4A74-AA28-CED9A4055172}C:\program files\next limit\maxwell 2\mxnetwork.exe] => (Allow) C:\program files\next limit\maxwell 2\mxnetwork.exe
FirewallRules: [TCP Query User{2F815A41-1A28-4F25-B3F3-0DE7188CAF87}C:\program files\graphisoft\archicad 14\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 14\archicad.exe
FirewallRules: [UDP Query User{64B14643-983F-46F9-B740-539B2DDF2103}C:\program files\graphisoft\archicad 14\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 14\archicad.exe
FirewallRules: [TCP Query User{341AA4C6-BF5A-4E06-97F1-FE80CA11BBF9}C:\users\ihtak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ihtak\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E6729D69-2E3D-4285-B293-B2720D03272F}C:\users\ihtak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ihtak\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A63DF018-2D44-4120-BFE8-E2E6111E18CA}C:\users\ihtak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ihtak\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C91074B8-7ED3-467B-90B3-2B5A7B9F265F}C:\users\ihtak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ihtak\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0B5B11F3-3E15-48D4-91A4-3E31FDAC7331}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{6A3711CD-EF4A-4FFD-AAA4-5F76D0D495F3}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{586B0EBA-D1D3-4CDD-AA95-5F6E6A907E76}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{24A54A9D-C800-4B4F-90C9-055F0F314480}] => (Allow) LPort=50248
FirewallRules: [{917A09F6-6AFE-408A-BECF-A828FF773305}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{35871704-CF3E-408E-BD17-E95E9E777D5C}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{C4D7ACD3-827D-416A-925D-85265D61CEC9}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{2662F0B4-DA6B-4371-B81A-751A280FD843}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{2F315806-15A0-43FE-898C-F1E4A29D8D38}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{63B159BC-6E00-4F87-B28D-39595063031E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{F67F4024-7125-4031-8384-EBB62FD7BF97}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [TCP Query User{655DC723-0FCD-4FFD-8AFA-9F84ED85858E}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [UDP Query User{CAC37647-F3F4-4B60-8A98-41F811EA0909}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [TCP Query User{42E0A97C-39C6-4C15-AF14-C87959052ABA}C:\program files (x86)\asgvis\render slave\drspawner.exe] => (Block) C:\program files (x86)\asgvis\render slave\drspawner.exe
FirewallRules: [UDP Query User{651979DC-0228-4277-8346-F56F967B5588}C:\program files (x86)\asgvis\render slave\drspawner.exe] => (Block) C:\program files (x86)\asgvis\render slave\drspawner.exe
FirewallRules: [TCP Query User{065E1971-AC79-44FD-8567-BDB59F0DE8B2}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Block) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe
FirewallRules: [UDP Query User{046D5DC3-3CD5-4E16-8F3F-3B0D684586F5}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Block) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe
FirewallRules: [{7D5E3CCD-7FD5-46A0-8498-4B81AEC95D80}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{02FB9FB1-05C4-4062-9171-A2DC1D83CF29}] => (Allow) LPort=2869
FirewallRules: [{349215FF-F69F-4466-8297-3A662C6D02C0}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{1CC4E49C-C812-46D5-AB0D-5DC233ECB5DE}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Allow) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe
FirewallRules: [UDP Query User{B0A922EA-5381-4588-88C3-E2B7651C9217}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Allow) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe
FirewallRules: [{101C9162-7619-47CD-9381-FA1D5DB1B9BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/13/2015 08:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/13/2015 08:56:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/13/2015 08:51:40 PM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: Service cannot be started.
Error: (05/13/2015 08:50:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/13/2015 08:17:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/13/2015 08:17:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/13/2015 08:15:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/13/2015 08:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/13/2015 08:10:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/13/2015 08:10:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
System errors:
=============
Error: (05/13/2015 08:58:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Media Player-Netzwerkfreigabedienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/13/2015 08:57:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/13/2015 08:57:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Com4QLBEx" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/13/2015 08:57:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/13/2015 08:57:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "hpqwmiex" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/13/2015 08:57:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Matrix Storage Event Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/13/2015 08:57:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/13/2015 08:57:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/13/2015 08:57:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Scrybe-Updateprogramm" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/13/2015 08:57:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McNeel Update Service 5.0" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-05-13 00:36:07.494
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-13 00:36:07.384
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-13 00:36:07.264
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-13 00:36:07.144
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-12 19:19:39.922
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-12 19:19:39.799
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz
Percentage of memory in use: 34%
Total physical RAM: 4063.19 MB
Available physical RAM: 2653.39 MB
Total Pagefile: 8124.57 MB
Available Pagefile: 6491.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows 7) (Fixed) (Total:200.53 GB) (Free:40.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Backup) (Fixed) (Total:97.53 GB) (Free:32.52 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 5ABD451A)
Partition 1: (Active) - (Size=200.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=OF Extended)
==================== End Of Log ============================ |