Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constantly restating dllhost.exe


  • This topic is locked This topic is locked
33 replies to this topic

#1 SilentStorm

SilentStorm

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 29 June 2015 - 03:03 PM

Since Yesterday my Windows flash and flicker. To look after the problem I watched my running Processes noticing, that dllhost.exe runs several times and ist constantly restating. I suspect this to be Malware and run Malwarebytes Scan already. But I didn't find nothing.

BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:33 AM

Posted 01 July 2015 - 04:08 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 SilentStorm

SilentStorm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 01 July 2015 - 06:00 AM

I attachted the logs to this answer.

Btw. I noticed that despite I uninstalled Avira there is still a process left called Avira.ServiceHost.exe. Could be bad right?

I already ran several scans including Malwarebytes, AdwCleaner and Avast(No results).

It seems like my explorer.exe isn't working correctly. On start I need to manualy restart it via my Taskmanager. Sometimes windows seem to close and reopen.

 

I also ran sfc /scannow witch detected courrupted files but couldn't fix them. I also tried it at boot.

Attached Files



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:33 AM

Posted 01 July 2015 - 06:42 AM

Bitte schau mal ob Du Avira so deinstallieren kannst.

http://www.avira.com/de/support-for-home-knowledgebase-detail/kbid/902
 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 SilentStorm

SilentStorm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 01 July 2015 - 08:54 AM

Avira process is gone now. What to do next?



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:33 AM

Posted 01 July 2015 - 09:11 AM

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 SilentStorm

SilentStorm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 01 July 2015 - 02:20 PM

Ran the scann. Log-File is attached ;)

Attached Files



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:33 AM

Posted 02 July 2015 - 10:40 AM

Step 1

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 SilentStorm

SilentStorm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 02 July 2015 - 11:48 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 02.07.2015
Suchlaufzeit: 18:31
Protokolldatei: 
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.02.03
Rootkit-Datenbank: v2015.07.01.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Peter Werner

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 479645
Abgelaufene Zeit: 9 Min., 59 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Malwarebytes.

What Withelist options shouldI use for FRST?


Edited by SilentStorm, 02 July 2015 - 11:50 AM.


#10 SilentStorm

SilentStorm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 02 July 2015 - 11:52 AM

Full FRST scan (no withlist) in attachment.

Normal scan:

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Peter Werner (administrator) on PETERSPC on 02-07-2015 18:53:20
Running from D:\UmleitungPeter\Desktop
Loaded Profiles: Peter Werner (Available Profiles: Peter Werner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avast Software s.r.o.) I:\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) I:\DebugDiagnostics\DbgSvc.exe
(Hi-Rez Studios) F:\Spiele\HiPatchService.exe
(Malwarebytes Corporation) I:\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) I:\Malwarebytes Anti-Exploit\mbae64.exe
(Locktime Software) I:\NetLimiter\NLSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) G:\Zubehör\Spybot - Search & Destroy\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) G:\Zubehör\Spybot - Search & Destroy\SDUpdSvc.exe
(Safer-Networking Ltd.) G:\Zubehör\Spybot - Search & Destroy\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Valve Corporation) I:\Steam\Steam.exe
(http://tortoisesvn.net) G:\Zubehör\bin\TSVNCache.exe
() I:\RocketDock\RocketDock.exe
(BitTorrent, Inc.) D:\BitTorrentSyn\BTSync.exe
(Safer-Networking Ltd.) G:\Zubehör\Spybot - Search & Destroy\SDTray.exe
(Dropbox, Inc.) C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\Dropbox.exe
() I:\AutoHotkey\AutoHotkey.exe
(Pushbullet Inc) D:\UmleitungPeter\Local\Pushbullet\bin\pushbullet_client.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) I:\PDF24\pdf24.exe
(Pushbullet Inc) D:\UmleitungPeter\Local\temp\pushbullet_watchdog.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) I:\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avast Software s.r.o.) I:\Avast\avastui.exe
(Valve Corporation) I:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Avast Software) I:\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) I:\Avast\ng\ngservice.exe
(Valve Corporation) I:\Steam\bin\steamwebhelper.exe
(Tweaking.com) I:\Tweaking\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Secomba GmbH) I:\Boxcryptor\Boxcryptor.exe
(Valve Corporation) I:\Steam\bin\steamwebhelper.exe
(wj32) I:\Process Hacker 2\ProcessHacker.exe
(http://tortoisesvn.net) G:\Zubehör\bin\TSVNCache.exe
(Mozilla Corporation) I:\FirefoxNightly_x64\firefox.exe
(Mozilla Corporation) I:\FirefoxNightly_x64\plugin-container.exe
(Mozilla Corporation) I:\FirefoxNightly_x64\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SDTray] => G:\Zubehör\Spybot - Search & Destroy\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => I:\PDF24\pdf24.exe [217632 2015-06-24] (Geek Software GmbH)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => I:\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => I:\Avast\AvastUI.exe [5515496 2015-06-30] (Avast Software s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-633585875-728268822-617772899-1001\...\Run: [Steam] => I:\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-633585875-728268822-617772899-1001\...\Run: [RocketDock] => I:\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-633585875-728268822-617772899-1001\...\Run: [Spybot-S&D Cleaning] => G:\Zubehör\Spybot - Search & Destroy\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-633585875-728268822-617772899-1001\...\Run: [BitTorrent Sync] => D:\BitTorrentSyn\BTSync.exe [5514592 2015-06-28] (BitTorrent, Inc.)
HKU\S-1-5-21-633585875-728268822-617772899-1001\...\Run: [CCEnhancer] => I:\CCEnhancer-4.2-mulitlingual\CCEnhancer-4.2.exe [286208 2014-11-26] (SingularLabs)
HKU\S-1-5-21-633585875-728268822-617772899-1001\...\Run: [Boxcryptor.exe] => I:\Boxcryptor\Boxcryptor.exe [2460424 2015-06-26] (Secomba GmbH)
HKU\S-1-5-21-633585875-728268822-617772899-1001\...\Run: [Pushbullet] => I:\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DeskNotifier.lnk.disabled [2013-09-22]
ShortcutTarget: DeskNotifier.lnk.disabled -> I:\DeskNotifier\DeskNotifier.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup - Verknüpfung.lnk [2014-06-23]
ShortcutTarget: Startup - Verknüpfung.lnk -> D:\Dropbox\Dropbox\Projekte\Programmieren\AutoHotKey\Startup.ahk ()
Startup: D:\UmleitungPeter\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: D:\UmleitungPeter\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk.disabled [2015-06-30]
ShortcutTarget: OpenOffice.org 3.4.1.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
SSODL: EldosMountNotificator-cbfs4 - {86D884BF-5FBC-4EF9-9CA5-49A1AF498E06} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {86D884BF-5FBC-4EF9-9CA5-49A1AF498E06} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [     "CryptorShellExtHandler.IconOverlayExt"] -> {011F39D2-A764-419E-9479-69C93F6D37E0} => I:\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH)
ShellIconOverlayIdentifiers: [     "CryptorShellExtHandler.IconOverlayExt2"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => I:\Boxcryptor\ShellExt\x64\Boxcryptor.IconOverlayBlocker.Ext.dll [2015-06-26] (Secomba GmbH)
ShellIconOverlayIdentifiers: [!BTSync2.0.128Done] -> {581FFA04-FC33-0080-0002-95003A5CDE89} => D:\BitTorrentSyn\SyncShellExtension64_33554560.dll [2015-06-28] ()
ShellIconOverlayIdentifiers: [!BTSync2.0.128RO] -> {581FFA03-FC33-0080-0002-95003A5CDE89} => D:\BitTorrentSyn\SyncShellExtension64_33554560.dll [2015-06-28] ()
ShellIconOverlayIdentifiers: [!BTSync2.0.128RW] -> {581FFA02-FC33-0080-0002-95003A5CDE89} => D:\BitTorrentSyn\SyncShellExtension64_33554560.dll [2015-06-28] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => I:\Avast\ashShA64.dll [2015-06-30] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {64FCFA9D-C784-4D34-88C6-BDB173C4684C} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => I:\LinkShellExtension\HardlinkShellExt.dll [2013-06-30] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => I:\LinkShellExtension\HardlinkShellExt.dll [2013-06-30] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => I:\LinkShellExtension\HardlinkShellExt.dll [2013-06-30] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [     "CryptorShellExtHandler.IconOverlayExt"] -> {011F39D2-A764-419E-9479-69C93F6D37E0} => I:\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [     "CryptorShellExtHandler.IconOverlayExt2"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => I:\Boxcryptor\ShellExt\x86\Boxcryptor.IconOverlayBlocker.Ext.dll [2015-06-26] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128Done] -> {581FFA04-FC33-0080-0002-95003A5CDE89} => D:\BitTorrentSyn\SyncShellExtension86_33554560.dll [2015-06-28] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128RO] -> {581FFA03-FC33-0080-0002-95003A5CDE89} => D:\BitTorrentSyn\SyncShellExtension86_33554560.dll [2015-06-28] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128RW] -> {581FFA02-FC33-0080-0002-95003A5CDE89} => D:\BitTorrentSyn\SyncShellExtension86_33554560.dll [2015-06-28] ()
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {64FCFA9D-C784-4D34-88C6-BDB173C4684C} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => I:\LinkShellExtension\32\HardlinkShellExt.dll [2013-06-30] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => I:\LinkShellExtension\32\HardlinkShellExt.dll [2013-06-30] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => I:\LinkShellExtension\32\HardlinkShellExt.dll [2013-06-30] (Hermann Schinagl)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-633585875-728268822-617772899-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-633585875-728268822-617772899-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> I:\Avast\aswWebRepIE64.dll [2015-06-30] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> I:\MVS\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> H:\Arc\Arc\Plugins\ArcPluginIE.dll [2014-07-24] (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> I:\Avast\aswWebRepIE.dll [2015-06-30] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{20C10866-FD37-4D3C-AFE6-997FB056E191}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-02-18] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> H:\Arc\Arc\Plugins\npArcPluginFF.dll [2014-07-24] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> I:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> I:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> I:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> I:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> I:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-633585875-728268822-617772899-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peter Werner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-633585875-728268822-617772899-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-23] ()
FF SearchPlugin: D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\searchplugins\avira-safesearch.xml [2014-11-08]
FF Extension: ColorZilla - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-06-30]
FF Extension: FT DeepDark - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-06-30]
FF Extension: iMacros for Firefox - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-06-30]
FF Extension: FT GraphiteGlow - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\{99e34760-2754-11e0-91fa-0800200c9a66} [2015-06-30]
FF Extension: about:addons-memory - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\about-addons-memory@tn123.org.xpi [2015-06-30]
FF Extension: Clear Cache - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\clearcache@michel.de.almeida.xpi [2015-06-30]
FF Extension: RAM Tab - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\emadramlawi@outlook.com2.xpi [2015-06-30]
FF Extension: Firebug - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\firebug@software.joehewitt.com.xpi [2015-06-30]
FF Extension: MEGA - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\firefox@mega.co.nz.xpi [2015-06-30]
FF Extension: Integrated Google Calendar - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\intgcal@egarracingteam.com.ar.xpi [2015-06-30]
FF Extension: Tab notifier - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\tabnotifier@unusoft.it.xpi [2015-06-30]
FF Extension: Session Manager - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-06-30]
FF Extension: Session Exporter - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\{943b5589-7808-4a70-acdc-7b6ee21e7cce}.xpi [2015-06-30]
FF Extension: Adblock Plus - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-30]
FF Extension: ProfileSwitcher - D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2015-06-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - I:\Avast\WebRep\FF
FF Extension: Avast Online Security - I:\Avast\WebRep\FF [2015-06-30]
StartMenuInternet: FIREFOX.EXE - I:\FirefoxNightly_x64\firefox.exe

Chrome: 
=======
CHR Profile: D:\UmleitungPeter\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-30]
CHR Extension: (Google Docs) - D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]
CHR Extension: (Google Drive) - D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
CHR Extension: (YouTube) - D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-30]
CHR Extension: (Adblock Plus) - D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-30]
CHR Extension: (Google Search) - D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-30]
CHR Extension: (Google Sheets) - D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-30]
CHR Extension: (Avira Browser Safety) - D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-06-30]
CHR Extension: (Google Wallet) - D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]
CHR Extension: (Gmail) - D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - I:\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; H:\Arc\Arc\ArcService.exe [88400 2014-07-24] (Perfect World Entertainment Inc)
R2 avast! Antivirus; I:\Avast\AvastSvc.exe [343336 2015-06-30] (Avast Software s.r.o.)
R3 AvastVBoxSvc; I:\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-30] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 DbgSvc; I:\DebugDiagnostics\DbgSvc.exe [409016 2013-09-25] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-06-07] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 HiPatchService; F:\Spiele\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 MbaeSvc; I:\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; I:\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 nlsvc; I:\NetLimiter\NLSvc.exe [329344 2015-03-04] (Locktime Software)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-20] ()
R2 SDScannerService; G:\Zubehör\Spybot - Search & Destroy\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; G:\Zubehör\Spybot - Search & Destroy\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; G:\Zubehör\Spybot - Search & Destroy\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 ASPI32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-30] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-30] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-30] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-30] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-30] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-30] ()
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
R0 CryptBox; C:\Windows\SysWow64\drivers\CryptBox.sys [221312 2013-12-10] (Abelssoft GmbH)
R1 ESProtectionDriver; I:\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 KProcessHacker2; I:\Process Hacker 2\kprocesshacker.sys [40088 2015-05-30] (wj32)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 nldrv; I:\NetLimiter\nldrv.sys [125360 2015-03-04] (Locktime Software)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-30] ()
R2 VBoxAswDrv; I:\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-30] (Avast Software)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz138; \??\C:\Users\PETERW~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 SANDRA; \??\G:\Zubehör\SiSoftware Sandra Lite 2015i\WNt600x64\Sandra.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 15:59 - 2015-07-02 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxcryptor
2015-07-02 15:49 - 2015-07-02 15:49 - 00000000 ____D C:\SFCFix
2015-07-02 00:03 - 2015-07-02 00:03 - 00000000 ____D C:\Windows\CheckSur
2015-07-01 19:03 - 2015-07-01 19:03 - 00035439 _____ C:\ComboFix.txt
2015-07-01 18:43 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-01 18:43 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-01 18:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-01 18:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-01 18:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-01 18:43 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-01 18:43 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-01 18:43 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-01 18:42 - 2015-07-01 19:03 - 00000000 ____D C:\Qoobox
2015-07-01 18:42 - 2015-07-01 19:02 - 00000000 ____D C:\Windows\erdnt
2015-07-01 15:55 - 2015-07-01 15:55 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-01 15:55 - 2015-07-01 15:55 - 00000000 ____D C:\Windows\system32\vbox
2015-07-01 12:49 - 2015-07-02 18:53 - 00000000 ____D C:\FRST
2015-07-01 12:22 - 2015-07-02 15:56 - 00003180 _____ C:\Windows\DtcInstall.log
2015-06-30 13:25 - 2015-06-30 13:25 - 00030384 _____ C:\Windows\SM_25_W600.id14
2015-06-30 13:25 - 2015-06-30 13:25 - 00030384 _____ C:\Windows\SM_25_D600.id14
2015-06-30 13:24 - 2015-06-30 13:24 - 00003822 _____ C:\Windows\SM_25_W75.id14
2015-06-30 13:24 - 2015-06-30 13:24 - 00003822 _____ C:\Windows\SM_25_D75.id14
2015-06-30 11:23 - 2015-06-30 11:23 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PETERSPC-Windows-7-Home-Premium-(64-bit).dat
2015-06-30 11:23 - 2015-06-30 11:23 - 00000000 ____D C:\RegBackup
2015-06-30 10:28 - 2015-06-30 10:28 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-30 10:28 - 2015-06-30 10:28 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-30 10:28 - 2015-06-30 10:28 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-30 10:28 - 2015-06-30 10:28 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-30 10:28 - 2015-06-30 10:28 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-30 10:28 - 2015-06-30 10:28 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-30 10:28 - 2015-06-30 10:28 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-30 10:28 - 2015-06-30 10:28 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-30 10:28 - 2015-06-30 10:28 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-30 10:28 - 2015-06-30 10:28 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-30 10:28 - 2015-06-30 10:28 - 00003866 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-30 10:28 - 2015-06-30 10:28 - 00000648 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-30 10:28 - 2015-06-30 10:28 - 00000648 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2015-06-30 10:28 - 2015-06-30 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-30 10:28 - 2015-06-30 10:28 - 00000000 ____D C:\Program Files\avast software
2015-06-30 10:27 - 2015-06-30 10:38 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-30 10:27 - 2015-06-30 10:27 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-30 10:15 - 2015-06-30 10:15 - 00003460 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-06-30 10:04 - 2015-06-30 10:23 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-30 09:14 - 2015-06-30 09:59 - 00002562 _____ C:\Windows\diagwrn.xml
2015-06-30 09:14 - 2015-06-30 09:59 - 00001908 _____ C:\Windows\diagerr.xml
2015-06-29 22:38 - 2015-07-02 15:55 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-29 22:38 - 2015-06-29 22:38 - 00000000 ____D C:\temp
2015-06-29 22:38 - 2015-06-29 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-29 22:38 - 2015-06-17 11:10 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-06-29 22:38 - 2015-06-17 11:10 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-06-29 22:38 - 2015-06-17 08:48 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-29 22:38 - 2015-06-17 08:48 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-29 22:38 - 2015-06-17 08:48 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-29 22:38 - 2015-06-17 08:48 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-29 22:38 - 2015-06-17 08:48 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-29 22:38 - 2015-06-17 08:48 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-29 22:38 - 2015-06-17 08:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-29 22:38 - 2015-06-02 16:11 - 04421614 _____ C:\Windows\system32\nvcoproc.bin
2015-06-29 22:37 - 2015-06-17 11:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-29 22:37 - 2015-06-17 11:10 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-29 22:37 - 2015-06-17 11:10 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-29 21:48 - 2015-06-29 21:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-29 21:42 - 2015-07-02 16:18 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-29 21:42 - 2015-06-29 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-06-29 21:16 - 2015-06-29 21:16 - 00349472 _____ C:\Windows\Minidump\062915-31808-01.dmp
2015-06-29 21:15 - 2015-06-29 21:15 - 818208662 _____ C:\Windows\MEMORY.DMP
2015-06-29 20:51 - 2015-06-29 20:51 - 00262144 _____ C:\Windows\Minidump\062915-7690-01.dmp
2015-06-29 16:27 - 2015-06-29 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-06-29 15:30 - 2015-06-29 18:43 - 00000000 ____D C:\ProgramData\PDF Architect 3
2015-06-28 16:46 - 2015-06-28 16:46 - 00000665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Changer (64-bit) 1024x768.lnk
2015-06-28 16:46 - 2015-06-28 16:46 - 00000639 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Changer (64-bit) Current Settings.lnk
2015-06-25 13:22 - 2015-06-25 13:22 - 00000561 _____ C:\Users\Peter Werner\Desktop\RAM Booster Expert.lnk
2015-06-18 22:27 - 2015-06-18 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2015-06-17 11:54 - 2015-06-17 11:54 - 00004236 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-633585875-728268822-617772899-1001UA
2015-06-17 11:54 - 2015-06-17 11:54 - 00003840 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-633585875-728268822-617772899-1001Core
2015-06-17 11:54 - 2015-06-17 11:54 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-15 16:31 - 2015-06-15 16:31 - 00005284 _____ C:\Users\Peter Werner\Desktop\t.Xml
2015-06-12 10:52 - 2015-07-02 12:39 - 00025416 _____ C:\Windows\PFRO.log
2015-06-10 13:34 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 13:34 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 13:34 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 13:34 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 13:34 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 13:34 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 13:34 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 13:34 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 13:34 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 13:34 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 13:34 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 13:34 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 13:34 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 13:34 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 13:34 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 13:34 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 13:34 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 13:34 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 13:34 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 13:34 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 13:34 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 13:34 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 13:34 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 13:34 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 13:34 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 13:34 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 13:34 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 13:34 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 13:34 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 13:34 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 13:34 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 13:34 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 13:34 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 13:34 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 13:34 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 13:34 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 13:34 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 13:34 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 13:34 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 13:34 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 13:34 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 13:34 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 13:34 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 13:34 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 13:34 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 13:34 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 13:34 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 13:34 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 13:34 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 13:34 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 13:34 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 13:34 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 13:34 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 13:34 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 13:34 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 13:34 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 13:34 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 13:34 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 13:34 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 13:34 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 13:34 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 13:34 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 13:34 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 13:34 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 13:34 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 13:34 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 13:34 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 13:34 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 13:33 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 13:33 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 13:33 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 13:33 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 13:33 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 13:33 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 13:33 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 13:33 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 13:33 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 13:33 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 13:33 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 13:33 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 13:33 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 13:33 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 13:33 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 13:33 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 13:33 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 13:33 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 13:33 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 13:33 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 13:33 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 13:33 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 13:33 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 13:33 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 13:33 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 13:33 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 13:33 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 13:33 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 13:33 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 13:33 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 13:33 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 13:33 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 13:33 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 13:33 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 13:33 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 13:33 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 13:33 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 13:33 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 13:33 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 13:33 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 13:28 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 13:28 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 13:28 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 13:28 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 13:28 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 13:28 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 13:28 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 13:28 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 13:28 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 13:28 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 13:27 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 13:27 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 13:27 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 13:27 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-09 15:00 - 2015-07-02 15:55 - 00001925 _____ C:\Windows\setupact.log
2015-06-09 15:00 - 2015-06-30 09:56 - 00000000 _____ C:\Windows\setuperr.log
2015-06-06 22:29 - 2015-06-06 22:29 - 00000000 ____D C:\Program Files\Speccy
2015-06-06 22:20 - 2015-06-06 22:20 - 00000556 _____ C:\Users\Peter Werner\Desktop\EVEREST Home Edition.lnk
2015-06-06 22:20 - 2015-06-06 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2015-06-06 15:19 - 2015-06-06 18:28 - 00000000 ____D C:\Users\Peter Werner\.gimp-2.8
2015-06-06 15:19 - 2015-06-06 15:19 - 00000643 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-06-04 13:40 - 2015-06-29 22:37 - 00000000 ____D C:\ProgramData\boost_interprocess

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 18:48 - 2014-03-01 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-02 18:31 - 2014-07-19 10:32 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-02 18:23 - 2015-02-25 14:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-02 18:22 - 2015-05-27 11:12 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-02 17:57 - 2013-02-21 20:06 - 02046047 _____ C:\Windows\WindowsUpdate.log
2015-07-02 16:04 - 2009-07-14 06:45 - 00022832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-02 16:04 - 2009-07-14 06:45 - 00022832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-02 16:02 - 2009-07-14 19:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2015-07-02 16:02 - 2009-07-14 19:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2015-07-02 16:02 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-02 15:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2015-07-02 15:55 - 2015-05-27 11:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-02 15:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-01 19:03 - 2013-12-25 17:46 - 00000000 ____D C:\Users\Peter
2015-07-01 19:03 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-01 19:01 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-01 15:50 - 2013-08-07 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-01 12:43 - 2009-07-14 06:45 - 00324424 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-01 11:36 - 2014-07-19 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-30 18:50 - 2013-02-26 19:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-30 18:49 - 2013-08-12 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
2015-06-30 13:24 - 2009-07-14 04:34 - 00000442 _____ C:\Windows\win.ini
2015-06-30 10:41 - 2013-04-08 18:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-30 10:41 - 2013-04-08 18:09 - 00000000 ____D C:\ProgramData\Skype
2015-06-29 22:46 - 2014-01-02 15:27 - 00000000 ____D C:\AdwCleaner
2015-06-29 22:38 - 2013-02-21 20:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-29 22:38 - 2013-02-21 20:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-29 22:38 - 2013-02-21 20:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-29 22:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2015-06-29 22:18 - 2013-02-26 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2015-06-29 21:16 - 2013-02-22 00:47 - 00000000 ____D C:\Windows\Minidump
2015-06-24 22:55 - 2014-12-27 13:23 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 12:24 - 2015-02-25 14:48 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 12:24 - 2015-02-25 14:48 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-24 12:24 - 2015-02-25 14:48 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-18 08:41 - 2014-07-19 10:32 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-07-19 10:32 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2013-02-26 18:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-11 15:40 - 2015-05-16 14:54 - 00000000 ____D C:\Windows\rescache
2015-06-11 15:05 - 2014-12-11 14:33 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 15:05 - 2014-05-06 22:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 15:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 23:38 - 2013-08-15 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 23:34 - 2013-02-26 16:22 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-07 21:44 - 2014-11-13 20:41 - 00238376 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-06-07 14:34 - 2014-08-25 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-07 14:33 - 2013-04-27 10:50 - 00000000 ____D C:\Program Files\Java
2015-06-06 22:20 - 2013-02-21 20:06 - 00000000 ____D C:\Users\Peter Werner
2015-06-03 09:19 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-02 14:07 - 2014-10-14 17:06 - 00000527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BitTorrent Sync.lnk

==================== Files in the root of some directories =======

2015-06-30 09:32 - 2014-05-20 09:05 - 0000815 _____ () D:\UmleitungPeter\Roaming\Astade.ini
2015-06-30 09:29 - 2014-12-23 18:43 - 0000000 _____ () D:\UmleitungPeter\Local\349311A3_stp.CIS
2015-06-30 09:29 - 2014-12-23 18:43 - 0000000 _____ () D:\UmleitungPeter\Local\349311A3_stp.CIS.part
2015-06-30 09:29 - 2014-12-23 18:43 - 0000203 _____ () D:\UmleitungPeter\Local\5BFEE0EB_stp.EXE.part
2015-06-30 09:29 - 2014-12-23 18:43 - 0178814 _____ () D:\UmleitungPeter\Local\6AD0D82B_stp.CIS
2015-06-30 09:29 - 2014-12-23 18:43 - 0000238 _____ () D:\UmleitungPeter\Local\6AD0D82B_stp.CIS.part
2015-06-30 09:29 - 2014-01-04 19:17 - 0000600 _____ () D:\UmleitungPeter\Local\PUTTY.RND
2015-06-30 09:29 - 2015-06-06 18:28 - 0002949 _____ () D:\UmleitungPeter\Local\recently-used.xbel
2015-06-30 09:29 - 2015-06-28 23:28 - 0007630 _____ () D:\UmleitungPeter\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Peter\servers.dat


Some files in TEMP:
====================
C:\Users\Peter Werner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuyumvy.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-24 15:05

==================== End of log ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Peter Werner at 2015-07-02 18:51:24
Running from D:\UmleitungPeter\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-633585875-728268822-617772899-500 - Administrator - Disabled)
Gast (S-1-5-21-633585875-728268822-617772899-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-633585875-728268822-617772899-1002 - Limited - Enabled)
Peter Werner (S-1-5-21-633585875-728268822-617772899-1001 - Administrator - Enabled) => C:\Users\Peter Werner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12noon Display Changer (HKLM-x32\...\12noon Display Changer) (Version: 4.3.2.0 - 12noon)
Absolute Uninstaller 5.3.1.17 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.17 - Glarysoft Ltd)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version:  - )
AnalogX MaxMem (HKLM-x32\...\AnalogX MaxMem) (Version:  - AnalogX)
AnkhSVN 2.5.12478.19 (HKLM-x32\...\{A6E0F8A8-469D-4109-BC4B-F67564065069}) (Version: 2.5.12478.19 - AnkhSVN Team)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
AutoHotkey 1.1.15.00 (HKLM\...\AutoHotkey) (Version: 1.1.15.00 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Battlegrounds of Eldhelm (HKLM-x32\...\Steam App 329020) (Version:  - Essence Ltd.)
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - Cold Beam Games)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 2.0.128 - BitTorrent Inc.)
Blade Symphony (HKLM-x32\...\Steam App 225600) (Version:  - Puny Human)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Boxcryptor 2.1 (HKLM-x32\...\{1981BB13-D371-48B4-96C3-83BD9BEFEE12}) (Version: 2.1.417.123 - Secomba GmbH)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Circuits (HKLM-x32\...\Steam App 282760) (Version:  - Digital Tentacle)
CMake 2.8, a cross-platform, open-source build system (HKLM-x32\...\CMake 2.8.12.2) (Version: 2.8.12.2 - Kitware)
CMake 3.0.2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.0.2) (Version: 3.0.2 - Kitware)
CodeSite Express 5.1.4 (HKLM-x32\...\CodeSite Express 5.1.4) (Version: 5.1.3 - Raize Software, Inc.)
CollabNet Subversion Client 1.7.5 (HKLM-x32\...\CollabNet Subversion Client) (Version: 1.7.5 - CollabNet)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CryptBox (HKLM-x32\...\CryptBox_is1) (Version: 2014 - Abelssoft GmbH)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Debug Diagnostics 2.0 (HKLM\...\{4F41E4D7-3AC8-48A3-BA06-BA60813F8F66}) (Version: 2.0.0.179 - Microsoft Corporation)
DeskNotifier 2.0.0 (HKLM-x32\...\DeskNotifier) (Version: 2.0.0 - elfsoft)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dragon Nest Europe (HKLM-x32\...\Steam App 258700) (Version:  - Eyedentity Games)
Dropbox (HKU\S-1-5-21-633585875-728268822-617772899-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
EE-ZDE (HKLM-x32\...\{B49C924C-A651-4378-94F6-5D9BF44A959F}) (Version:  - )
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.1 - MakeMusic)
Free Screen Video Recorder version 2.5.24.706 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.24.706 - DVDVideoSoft Ltd.)
Gear Up (HKLM-x32\...\Steam App 214420) (Version:  - Doctor Entertainment AB)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
God Mode (HKLM-x32\...\Steam App 227480) (Version:  - Old School Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Happy Wars (HKLM-x32\...\Steam App 246280) (Version:  - Toylogic inc.)
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.3.0.3051 - Infernum Productions AG)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingdom Wars (HKLM-x32\...\Steam App 227180) (Version:  - Reverie World Studios, INC)
Landmark Beta (HKU\S-1-5-21-633585875-728268822-617772899-1001\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
Language Pack (DEU) für freigegebene Windows Azure-Komponenten für Microsoft Visual Studio 2013 - v1.0 (x32 Version: 1.0.10829.1601 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.4.9 - Hermann Schinagl)
Loadout Campaign Beta (HKLM-x32\...\Steam App 238590) (Version:  - Edge of Reality)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Loop Recorder (HKLM-x32\...\Loop Recorder) (Version:  - )
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
Masterspace version 2.3 (HKLM-x32\...\{0AB03E8B-E43B-4F12-AC88-EE8E35D98B4D}_is1) (Version: 2.3 - Master Technologies)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Document Explorer 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{3a86d029-ba42-4491-92c7-2d1201a3895e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5661 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
MySQL Connector/C 6.1 (HKLM\...\{4E2AAB30-1E42-4ACA-B1A9-3AE8629D0C89}) (Version: 6.1.5 - Oracle Corporation)
MySQL Workbench 6.1 CE (HKLM-x32\...\{AD95295B-0279-43B6-A873-F12A1D1CD146}) (Version: 6.1.7 - Oracle Corporation)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.10.0) (Version: 4.0.10.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.10.0 - Locktime Software) Hidden
Neverwinter (HKLM-x32\...\Neverwinter) (Version:  - Cryptic Studios)
Nightly 42.0a1 (x64 en-US) (HKLM\...\Nightly 42.0a1 (x64 en-US)) (Version: 42.0a1 - Mozilla)
NitroShare Version 0.2 (HKLM\...\{2AA2A938-F6D9-420E-AF53-0E2071CCBC10}_is1) (Version: 0.2 - Nathan Osman)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150330.105173 - Square Enix Ltd)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Overlord (HKLM-x32\...\Steam App 11450) (Version:  - Triumph Studios)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.0.25431 - Grinding Gear Games)
PDF24 Creator 7.0.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prime World (HKLM-x32\...\Steam App 235340) (Version:  - Nival)
Process Hacker 2.36 (r6153) (HKLM\...\Process_Hacker2_is1) (Version: 2.36.0.6153 - wj32)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Pushbullet version 312 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 312 - Pushbullet Inc)
Python Tools - Umleitungsvorlage (x32 Version: 1.1 - Microsoft Corporation) Hidden
Qt (HKU\S-1-5-21-633585875-728268822-617772899-1001\...\Qt) (Version: 1.0.1 - Digia Plc)
QT VS 2013 Addin (HKLM-x32\...\QT VS 2013 Addin 1.0.0) (Version: 1.0.0 - MinionCoding.com)
QT VS 2013 Addin (x32 Version: 1.0.0 - MinionCoding.com) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Runtimes 1.0.0 (HKLM-x32\...\SatSignal runtime libraries_is1) (Version:  - SatSignal Software)
S4 League (HKLM-x32\...\{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}) (Version: 1.00.0000 - )
S4 League_EU (HKLM-x32\...\{C78CE145-EDF0-43D9-BF95-2093FAB92FF6}) (Version: 1.00.0000 - )
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
SkySaga Infinite Isles (HKLM-x32\...\SkySaga Infinite Isles 1.0.3365.0) (Version: 1.0.3365.0 - Radiant Worlds)
SkySaga Infinite Isles (x32 Version: 1.0.3365.0 - Radiant Worlds) Hidden
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.4.2684.1 - Hi-Rez Studios)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SSIII Solo Ultratus 1.2 (HKLM-x32\...\SSIII Solo Ultratus) (Version: 1.2 - 3RDsense)
StarMade Demo (HKLM-x32\...\Steam App 335180) (Version:  - Schine, GmbH)
StarUML (HKLM-x32\...\{B61D250D-2B23-45D2-9613-F424B7106E15}) (Version: 2.0.0.3 - MKLab)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2S166A0-F031-4E27-A057-C69733219434}_is1) (Version: 19.04.02.03.hf3 - Gameforge Productions GmbH)
TortoiseHg 2.10.2 (x64) (HKLM\...\{30C04FA2-B745-4318-B0D1-D35C7F2A096D}) (Version: 2.10.2 - Steve Borho and others)
TortoiseSVN 1.8.11.26392 (64 bit) (HKLM\...\{11309CA9-9118-44D6-B345-83C86A5111D5}) (Version: 1.8.26392 - TortoiseSVN)
TrackMania² Canyon (HKLM-x32\...\Steam App 228760) (Version:  - Nadeo)
Trove (HKLM-x32\...\Glyph Trove) (Version:  - Trion Worlds, Inc.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.2.2 - Tweaking.com)
TweakNow DiskAnalyzer (HKLM-x32\...\TweakNow DiskAnalyzer_is1) (Version: 1.3.0 - TweakNow.com)
TweakNow PowerPack (HKLM-x32\...\TweakNow PowerPack_is1) (Version: 4.3.1 - TweakNow.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Understand (HKLM-x32\...\Understand 4.0) (Version: 4.0.775 - SciTools)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.3f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
Victory Command (HKLM-x32\...\Steam App 360480) (Version:  - Petroglyph)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WCF Data Services 5.6.0 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-633585875-728268822-617772899-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-633585875-728268822-617772899-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-633585875-728268822-617772899-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-633585875-728268822-617772899-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-633585875-728268822-617772899-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-633585875-728268822-617772899-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-633585875-728268822-617772899-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-633585875-728268822-617772899-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-633585875-728268822-617772899-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

02-07-2015 15:39:15 Windows Modules Installer
02-07-2015 15:59:00 Installed Boxcryptor 2.1

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-01 19:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0557E56A-B594-4432-A32A-DB81459355D9} - System32\Tasks\avast! Emergency Update => I:\Avast\AvastEmUpdate.exe [2015-06-30] (Avast Software s.r.o.)
Task: {0B2D1F8A-DE11-4618-9ECA-8591106E46AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => G:\Zubehör\Spybot - Search & Destroy\SDScan.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {2AC4177C-2742-45A9-AB31-E6CE2B2883DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {2E67189A-B243-4000-9745-CA135BB534F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => G:\Zubehör\Spybot - Search & Destroy\SDImmunize.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {387BDBAC-E3E9-49FB-B03F-CC88641B8F5C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-633585875-728268822-617772899-1001UA => C:\Users\Peter Werner\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: {3D1AB540-15ED-4AA3-92A8-9C856CEB0B9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {6939BE96-DB70-48B5-8ED3-F5EACBA11574} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => I:\Tweaking\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {AE413350-2C36-4276-B8FB-BD9AD78D7A08} - \Games\UpdateCheck_S-1-5-21-633585875-728268822-617772899-1001 No Task File <==== ATTENTION
Task: {D447443B-9B8D-41B9-BCA8-012D204E982A} - \Microsoft\Windows\Wininet\CacheTask No Task File <==== ATTENTION
Task: {D68C8675-90EF-4DCB-B9AF-B813BD206E14} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => G:\Zubehör\Spybot - Search & Destroy\SDUpdate.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {D6EEF830-A3BC-4EAA-B05E-A46D38E3FA6F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-633585875-728268822-617772899-1001Core => C:\Users\Peter Werner\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: {D9B5C9D0-7E3E-484B-B457-70451EF40445} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {DA4D1630-32E9-4C04-A5E5-BC7E23ACC51A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-29 22:38 - 2015-06-17 08:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-20 20:26 - 2013-07-20 20:26 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () I:\LinkShellExtension\RockallDLL.dll
2015-03-19 19:55 - 2015-03-19 19:55 - 00088960 _____ () G:\Zubehör\bin\libsasl.dll
2013-02-26 18:22 - 2007-09-02 14:58 - 00495616 _____ () I:\RocketDock\RocketDock.exe
2009-09-25 20:57 - 2014-05-04 04:38 - 01306112 _____ () I:\AutoHotkey\AutoHotkey.exe
2015-06-28 14:05 - 2015-06-28 14:05 - 00408576 _____ () D:\BitTorrentSyn\SyncShellExtension64_33554560.dll
2015-06-30 10:28 - 2015-06-30 10:28 - 00104400 _____ () I:\Avast\log.dll
2015-06-30 10:28 - 2015-06-30 10:28 - 00081728 _____ () I:\Avast\JsonRpcServer.dll
2015-07-02 12:41 - 2015-07-02 12:41 - 02952704 _____ () I:\Avast\defs\15070200\algo.dll
2012-08-11 20:51 - 2012-08-23 11:38 - 00574840 _____ () G:\Zubehör\Spybot - Search & Destroy\sqlite3.dll
2014-01-02 15:37 - 2013-05-16 11:55 - 00113496 _____ () G:\Zubehör\Spybot - Search & Destroy\snlThirdParty150.bpl
2014-01-02 15:37 - 2013-05-16 11:55 - 00416600 _____ () G:\Zubehör\Spybot - Search & Destroy\DEC150.bpl
2014-01-02 15:37 - 2013-05-16 11:55 - 00161112 _____ () G:\Zubehör\Spybot - Search & Destroy\snlFileFormats150.bpl
2014-01-02 15:37 - 2012-04-03 18:06 - 00565640 _____ () G:\Zubehör\Spybot - Search & Destroy\av\BDSmartDB.dll
2013-02-26 18:22 - 2007-09-02 14:57 - 00069632 _____ () I:\RocketDock\RocketDock.dll
2014-05-19 21:25 - 2015-04-16 19:40 - 00776192 _____ () I:\Steam\SDL2.dll
2015-01-20 14:34 - 2015-04-23 04:16 - 04962816 _____ () I:\Steam\v8.dll
2015-01-20 14:34 - 2015-04-23 04:16 - 01556992 _____ () I:\Steam\icui18n.dll
2015-01-20 14:34 - 2015-04-23 04:16 - 01187840 _____ () I:\Steam\icuuc.dll
2014-05-22 15:25 - 2015-06-04 20:56 - 02407104 _____ () I:\Steam\video.dll
2014-08-29 00:22 - 2014-12-01 23:31 - 02396672 _____ () I:\Steam\libavcodec-56.dll
2014-08-29 00:22 - 2014-12-01 23:31 - 00442880 _____ () I:\Steam\libavutil-54.dll
2014-08-29 00:22 - 2014-12-01 23:31 - 00479744 _____ () I:\Steam\libavformat-56.dll
2014-08-29 00:22 - 2014-12-01 23:31 - 00332800 _____ () I:\Steam\libavresample-2.dll
2014-08-29 00:22 - 2014-12-01 23:31 - 00485888 _____ () I:\Steam\libswscale-3.dll
2014-05-19 21:25 - 2015-06-04 20:56 - 00703168 _____ () I:\Steam\bin\chromehtml.DLL
2015-07-02 15:55 - 2015-07-02 15:55 - 00043008 _____ () c:\Users\Peter Werner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuyumvy.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-06-29 16:27 - 2015-06-24 10:37 - 00074272 _____ () I:\PDF24\zlib.dll
2015-06-29 16:27 - 2015-06-24 10:37 - 00051232 _____ () I:\PDF24\OperationUI.dll
2015-06-30 10:28 - 2015-06-30 10:28 - 40540672 _____ () I:\Avast\libcef.dll
2014-05-19 21:25 - 2015-05-11 21:01 - 36302728 _____ () I:\Steam\bin\libcef.dll
2015-05-14 16:30 - 2015-05-11 21:01 - 08958344 _____ () I:\Steam\bin\pdf.dll

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-633585875-728268822-617772899-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter Werner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk => C:\Windows\pss\Scanner Finder.lnk.CommonStartup
MSCONFIG\startupreg: CryptBox => "I:\CryptBox\Abelssoft.CryptBox.exe" /state:auto
MSCONFIG\startupreg: NitroShare => I:/NitroShare/nitroshare.exe
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: TortoiseHgOverlayIconServer => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0C1B2B35-AF8E-45FD-8E50-5910C0FD72CB}H:\steamlibrary\steamapps\common\planetside 2\planetside2.exe] => (Allow) H:\steamlibrary\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [UDP Query User{42DDECAD-37EC-460A-8EF3-FC8DFBAAF2C3}H:\steamlibrary\steamapps\common\planetside 2\planetside2.exe] => (Allow) H:\steamlibrary\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [{27E1144D-5BA2-4B96-9BEC-7C298B0ADD66}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{04E85AA5-94C9-4C72-96A7-763750E70CBA}H:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) H:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [UDP Query User{E600EBFA-EDE3-4CE9-B33F-082B01766BA7}H:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) H:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [TCP Query User{F173CB0A-FCEF-4B51-8171-0109A45826A8}H:\tera\tera-launcher.exe] => (Allow) H:\tera\tera-launcher.exe
FirewallRules: [UDP Query User{086CAD53-BA4F-4388-81F1-5229DA86A50C}H:\tera\tera-launcher.exe] => (Allow) H:\tera\tera-launcher.exe
FirewallRules: [{EA41CC29-C19A-4C49-899B-0DA732AE23AA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{AF0F5415-3377-4757-9E4C-E90058E34757}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [TCP Query User{4BCFAAC8-A73E-4461-892C-24877C2A118C}H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [UDP Query User{B8441DE6-2A03-4171-8418-BB1C632ECFF6}H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [TCP Query User{9230F73C-782B-4D99-A2FD-ED667BEE45E5}H:\lan_little\farmhands\farmhands.exe] => (Allow) H:\lan_little\farmhands\farmhands.exe
FirewallRules: [UDP Query User{9971D176-7B24-4252-8619-09E24BA5F9C1}H:\lan_little\farmhands\farmhands.exe] => (Allow) H:\lan_little\farmhands\farmhands.exe
FirewallRules: [TCP Query User{5EB8446C-0DE2-4BDC-B94A-5CBD80F3B4BA}H:\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) H:\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{9665DCA0-3101-44DE-90D3-CC1D995E51E7}H:\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) H:\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{3AEE0176-D4DB-4945-A2B4-1DEAA4FF50F1}] => (Allow) F:\Dragon's Prophet\launcher.exe
FirewallRules: [{7A3562AF-EC84-4F38-B3A2-5738E257812C}] => (Allow) F:\Dragon's Prophet\launcher.exe
FirewallRules: [{559F28EC-3EC8-4570-A3BB-A22E1B98CDB1}] => (Allow) F:\Dragon's Prophet\dp_x86.exe
FirewallRules: [{0606976A-D74C-49B3-B03A-F87D37E09418}] => (Allow) F:\Dragon's Prophet\dp_x86.exe
FirewallRules: [{522811D1-7D4B-48C5-B89E-85A55FBC199D}] => (Allow) F:\Dragon's Prophet\dp_x64.exe
FirewallRules: [{47112F5C-5B56-4FBA-9683-132A05EFC860}] => (Allow) F:\Dragon's Prophet\dp_x64.exe
FirewallRules: [{0F4F986A-E167-4F5E-A523-774DF6A2A478}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{82E834D7-606B-4C06-B492-B78B7EC2F57A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CA90CBB1-AF22-4145-B8F6-77F7F33EF851}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{21851F94-C010-484D-90AF-86BCDD4ED177}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{9D18DCB8-576E-4A8E-BC9E-8A792DA167D8}H:\steamlibrary\steamapps\common\the war z\infestation.exe] => (Allow) H:\steamlibrary\steamapps\common\the war z\infestation.exe
FirewallRules: [UDP Query User{6A8B35D2-B4A6-4A48-BEA9-CC2E63101830}H:\steamlibrary\steamapps\common\the war z\infestation.exe] => (Allow) H:\steamlibrary\steamapps\common\the war z\infestation.exe
FirewallRules: [TCP Query User{2D853903-7315-40DB-8166-CB9F3A0A607D}H:\lan_little\warcraft iii\war3.exe] => (Allow) H:\lan_little\warcraft iii\war3.exe
FirewallRules: [UDP Query User{BF4FF9D8-1CC6-4F95-AF64-6C747C1B935E}H:\lan_little\warcraft iii\war3.exe] => (Allow) H:\lan_little\warcraft iii\war3.exe
FirewallRules: [TCP Query User{17316451-6DA0-44C5-9514-F4AFA3406B76}I:\udk\binaries\swarmagent.exe] => (Allow) I:\udk\binaries\swarmagent.exe
FirewallRules: [UDP Query User{C180E74A-4316-47C0-9F2E-752FE5F589E8}I:\udk\binaries\swarmagent.exe] => (Allow) I:\udk\binaries\swarmagent.exe
FirewallRules: [TCP Query User{5635A34A-F492-4A2F-B004-767197D90F4F}I:\nitroshare\nitroshare.exe] => (Allow) I:\nitroshare\nitroshare.exe
FirewallRules: [UDP Query User{1E68141F-EA02-4D83-B306-AA1F421A6A93}I:\nitroshare\nitroshare.exe] => (Allow) I:\nitroshare\nitroshare.exe
FirewallRules: [TCP Query User{BA3394BB-BE79-47E1-A749-2C6174F6153C}F:\spiele\warcraft iii\war3.exe] => (Allow) F:\spiele\warcraft iii\war3.exe
FirewallRules: [UDP Query User{FFDF257D-6DE0-4835-A129-8DB1FD1A435A}F:\spiele\warcraft iii\war3.exe] => (Allow) F:\spiele\warcraft iii\war3.exe
FirewallRules: [{892D57F5-C45A-4FBE-AA48-7E25A5364C8D}] => (Allow) C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{126234EF-7202-4016-890B-B16AAA52F232}] => (Allow) C:\Users\Peter Werner\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{37AC84C9-6060-4CB9-9789-A0DC98D5EA66}C:\users\peter werner\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter werner\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{858E3276-4101-42C0-A7C3-D93E60B1380C}C:\users\peter werner\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter werner\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{0D5448AF-78A0-4CE6-89FD-927C693632FF}G:\alteprogramme\xampp2\apache\bin\httpd.exe] => (Allow) G:\alteprogramme\xampp2\apache\bin\httpd.exe
FirewallRules: [UDP Query User{5D77DC5B-578A-47B2-A29B-6D6257848B05}G:\alteprogramme\xampp2\apache\bin\httpd.exe] => (Allow) G:\alteprogramme\xampp2\apache\bin\httpd.exe
FirewallRules: [TCP Query User{20FE93B0-F6AB-497F-901F-C4C1766F2673}G:\alteprogramme\xampp2\mysql\bin\mysqld.exe] => (Allow) G:\alteprogramme\xampp2\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{2A7A3285-BDFB-47A7-8B25-C357C3D863DD}G:\alteprogramme\xampp2\mysql\bin\mysqld.exe] => (Allow) G:\alteprogramme\xampp2\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{1BBFE9F8-24E2-4F95-AF38-C30D995CF070}F:\spiele\sierra\empire earth\empire earth.exe] => (Allow) F:\spiele\sierra\empire earth\empire earth.exe
FirewallRules: [UDP Query User{41CAB7F0-067B-4BA3-B61A-745EB7B9F66E}F:\spiele\sierra\empire earth\empire earth.exe] => (Allow) F:\spiele\sierra\empire earth\empire earth.exe
FirewallRules: [{413A184D-DC9F-4ED9-80CF-7AC8157E3776}] => (Allow) H:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{569EEB5C-3C14-42F8-8124-450D46214695}] => (Allow) H:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{84F28D8D-30D5-4382-ACA7-E8F3B6C12274}] => (Allow) H:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{A7B3A21B-229A-4303-8B65-C06F4CAFB531}] => (Allow) H:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{A3FAAFC6-547D-4950-BAAF-09C303A0F168}] => (Allow) H:\SteamLibrary\SteamApps\common\BRINK\brink.exe
FirewallRules: [{1F06F154-E441-4B7F-B596-B5E2BBF7E998}] => (Allow) H:\SteamLibrary\SteamApps\common\BRINK\brink.exe
FirewallRules: [{2D79A86E-18DA-4504-A6FF-D7C1D44D8A23}] => (Allow) H:\SteamLibrary\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{D40C9324-1FA8-4465-B024-091A56D35547}] => (Allow) H:\SteamLibrary\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{BB142273-F301-447C-A8C0-0443E6146EDB}] => (Allow) H:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{C920AF07-4A64-45D3-AA5E-0AA8B054349E}] => (Allow) H:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{1F31423B-DE3E-4B16-A6BB-2715784CA889}] => (Allow) H:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{C5A9D969-D16D-4780-AF2A-E07D897A1891}] => (Allow) H:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{F96779A0-637A-48B2-B1E0-6C3731FE12D7}] => (Allow) H:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{9A4854BF-2895-4B12-B624-EEA2E1C0DF07}] => (Allow) H:\SteamLibrary\SteamApps\common\Burnout(TM) Paradise The Ultimate Box\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{76EE03FF-BF9C-40D4-A605-16943E61B6E7}] => (Allow) H:\SteamLibrary\SteamApps\common\Dungeon Siege III\Dungeon Siege III.exe
FirewallRules: [{1134D649-C9D1-4D25-A0CC-A5FC25DB4FAE}] => (Allow) H:\SteamLibrary\SteamApps\common\Dungeon Siege III\Dungeon Siege III.exe
FirewallRules: [{3C23E945-FA7D-4249-BC27-175014C089CF}] => (Allow) H:\SteamLibrary\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{83017B21-235D-4BB3-8BCC-ED962235FB06}] => (Allow) H:\SteamLibrary\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{1A6A82A0-416B-4398-B3FB-0E08A82A5AB5}] => (Allow) H:\SteamLibrary\SteamApps\common\Settlers 7 Gold\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{E50F3B52-44CE-451B-9B0F-3F454236FA7D}] => (Allow) H:\SteamLibrary\SteamApps\common\Settlers 7 Gold\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{5B8ACB4F-33BC-4CEF-BECE-FC4470667245}] => (Allow) H:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{9541849A-F0D3-4744-879F-ED4FE4DB9C1B}] => (Allow) H:\SteamLibrary\SteamApps\common\Anno 2070\Anno5.exe
FirewallRules: [{B4DC056A-2B40-4F94-A8CF-978318FDB8DD}] => (Allow) H:\SteamLibrary\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{05ABC044-368F-4A37-9E27-1DF4D7CCCCFF}] => (Allow) H:\SteamLibrary\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{90A607DE-E97A-492E-87D7-E2AEE8F3A56B}] => (Allow) H:\SteamLibrary\SteamApps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe
FirewallRules: [{BAC15048-D270-4D22-97D8-6D8370466E4B}] => (Allow) H:\SteamLibrary\SteamApps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe
FirewallRules: [{1A19BBF3-1F31-4B9E-B2EE-8435480DC8F5}] => (Allow) H:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C604C567-1D1D-4638-8026-5AA5DDAFE7AF}] => (Allow) H:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{354428E1-F3E0-4B8F-8515-068F793D38BF}] => (Allow) H:\SteamLibrary\SteamApps\common\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
FirewallRules: [{4F903CED-D847-4EBC-9D76-16F29065E68A}] => (Allow) H:\SteamLibrary\SteamApps\common\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
FirewallRules: [{7D69AB26-A849-41B0-A0B5-EDC3F088F7BC}] => (Allow) H:\SteamLibrary\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{8DC81AC1-F5FE-4CD5-B8B4-90641604C546}] => (Allow) H:\SteamLibrary\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{842DBFB9-50B7-4244-9484-6F7332E35482}] => (Allow) H:\SteamLibrary\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{5E4E73B2-4D94-47C0-A2A0-5909930696B7}] => (Allow) H:\SteamLibrary\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{A7A5549C-6D65-4AE4-B1A3-4B402EE867A3}] => (Allow) H:\SteamLibrary\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{F5562244-F604-44FB-9382-9C2B4CE39787}] => (Allow) H:\SteamLibrary\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{CE4232DF-EC3B-4F44-A2E2-47BFCA304562}] => (Allow) H:\SteamLibrary\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{7D685FB4-91A0-4495-8783-8B336AB2F8CC}] => (Allow) H:\SteamLibrary\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{BCD86B6A-9B88-4B1D-B2E0-F6F43202E874}] => (Allow) H:\SteamLibrary\SteamApps\common\Forge\Binaries\Win32\ForgeGame.exe
FirewallRules: [{805E961C-1C83-452E-8446-AFBADA13A1BA}] => (Allow) H:\SteamLibrary\SteamApps\common\Forge\Binaries\Win32\ForgeGame.exe
FirewallRules: [{88527C48-C27D-4C28-A5A1-D743044629D8}] => (Allow) H:\SteamLibrary\SteamApps\common\aceofspades\aos.exe
FirewallRules: [{B8ACC6B5-8476-48D1-AC7B-D357DBC31BC1}] => (Allow) H:\SteamLibrary\SteamApps\common\aceofspades\aos.exe
FirewallRules: [{34233C3E-875D-4AED-8453-C98D22214D24}] => (Allow) H:\SteamLibrary\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{42F5AA5A-593A-4800-920B-9E1D2CB016D4}] => (Allow) H:\SteamLibrary\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [TCP Query User{912885E7-62BF-4BE8-9026-C1CA0CEC70AB}F:\spiele\maniaplanet\maniaplanet.exe] => (Allow) F:\spiele\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{80B33AC6-4E6A-4E83-85C4-EE5437221E24}F:\spiele\maniaplanet\maniaplanet.exe] => (Allow) F:\spiele\maniaplanet\maniaplanet.exe
FirewallRules: [TCP Query User{781EC846-744C-47F5-B352-ACB6B03E771C}F:\spiele\masterspace\masterspace.exe] => (Allow) F:\spiele\masterspace\masterspace.exe
FirewallRules: [UDP Query User{B58CF3C8-AD25-40C9-A83D-0AD5EC8686B2}F:\spiele\masterspace\masterspace.exe] => (Allow) F:\spiele\masterspace\masterspace.exe
FirewallRules: [{41AEEED7-C323-4301-A9D6-69D85B50A07E}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5386D6C8-80FA-44E2-8DE8-0F73192F6B8A}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{27F4B3F0-C14A-4035-BA0A-33EA7503CC0C}] => (Allow) H:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{AA3405EB-7C40-4E70-A895-912FC1625266}] => (Allow) H:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{280E99A2-C955-4A24-9254-C70B82B6727B}] => (Allow) H:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1E40246F-93D5-4C04-AB14-62A989B89146}] => (Allow) H:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{B2FA4906-793A-4835-81B1-18E423DA98B1}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{079A13F2-020A-41A8-B592-DAAFF9E0BFBB}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{E059B8F3-C0A6-48EF-8B9B-05A16CB7BC2A}] => (Allow) H:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{799B31F2-E876-4D4C-9629-0AC25B550B42}] => (Allow) H:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{0A1957E0-B360-489B-B848-1A1CA63E894E}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BE96995F-311B-4E1A-A60E-CA0581E6C718}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{58DFBB30-04A3-446C-8C5F-D1DCDCB7A8B6}] => (Allow) H:\SteamLibrary\SteamApps\common\WormsXHD\Launcher.exe
FirewallRules: [{0D73078C-2A28-4ED0-8FE3-8E01D35FCBC8}] => (Allow) H:\SteamLibrary\SteamApps\common\WormsXHD\Launcher.exe
FirewallRules: [{17EAB5A8-BCBC-4771-A24D-A9DA06E97089}] => (Allow) H:\SteamLibrary\SteamApps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{2E282415-739E-4180-9324-557E98920A22}] => (Allow) H:\SteamLibrary\SteamApps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{14738C0F-F3DE-4039-B631-CA311DEECF93}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{FFAAC0DD-8E1A-4D28-AFBD-2F59BAD4D661}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{2BA826A3-B7DD-4091-B401-831227807626}] => (Allow) H:\SteamLibrary\SteamApps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{199A1B77-05DD-4923-9252-8950B5BEEF23}] => (Allow) H:\SteamLibrary\SteamApps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{8845AB8A-1ED1-4D2C-A641-7E5CB5AC56B0}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{73CC39F8-D558-4342-BD0F-CE4607D3C889}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{C5336610-891F-4FCD-906A-2655F2E92AD2}G:\installer\ee part 2 full\empire earth.exe] => (Allow) G:\installer\ee part 2 full\empire earth.exe
FirewallRules: [UDP Query User{61615F20-51DB-4A6A-84D2-68EDE724BD7D}G:\installer\ee part 2 full\empire earth.exe] => (Allow) G:\installer\ee part 2 full\empire earth.exe
FirewallRules: [{0924A5D3-E43F-4D13-8BD9-5AD13AF16658}] => (Allow) F:\Spiele\Toribash-4.62\toribash.exe
FirewallRules: [{3C20A533-77E1-4104-A4FD-D3DE71F0BBE6}] => (Allow) F:\Spiele\Toribash-4.62\toribash.exe
FirewallRules: [{0474C4FF-2D95-48BB-B59B-C2537AEAEBAB}] => (Allow) F:\Spiele\Toribash-4.62\toribash.exe
FirewallRules: [{559F63B6-1307-40F3-A79C-C91912657F09}] => (Allow) F:\Spiele\Toribash-4.62\toribash.exe
FirewallRules: [{51B821E5-2717-4390-8B1F-FFE620A4F5AC}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{26783B0B-9A30-4615-A6C0-173BDD30BF28}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{D8C26D30-25C5-410A-A869-7E184942DD9D}C:1\rookskeepdemo\binaries\win32\udk.exe] => (Allow) C:1\rookskeepdemo\binaries\win32\udk.exe
FirewallRules: [UDP Query User{F9AB0C76-7FF9-4E43-A564-1764E21D578A}C:1\rookskeepdemo\binaries\win32\udk.exe] => (Allow) C:1\rookskeepdemo\binaries\win32\udk.exe
FirewallRules: [{AF0753B5-1B16-48A3-A880-D89B37EB27C1}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{62C3293C-5FFD-472C-AA42-7A59D05F9634}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{7C6F2324-9F01-4E11-BA77-16A053D4760B}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5B8BD495-FA75-4B90-B6F0-A8433A38D766}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{2EDA1912-5E6E-4674-896A-D2B5B8F062C5}] => (Allow) H:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{65938D3C-78A3-44F4-87A1-1FF03FA7CFCF}] => (Allow) H:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{0C377BF7-4BA1-4893-8B58-11B5896F151C}] => (Allow) H:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{6F6D83C5-5C69-4F4C-8BEE-ECD518537302}] => (Allow) H:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{1E2B982D-7EB9-4A9F-BF4D-D50C3B3911BE}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{0BF24154-9407-499C-8C32-686A9D595486}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9FBFDE0C-DA6B-4415-967E-49B6C861FCF3}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{6A1290E1-E54B-4ED0-A4C2-F5EDBB1DF404}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B1ADFE71-4C17-4075-ABE6-0DFD06D9AE92}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{DFBAB022-CE08-4C58-AD61-B1C34BA5A44E}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{DBBAF925-D28B-4549-8E7B-B3282559FD7B}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{52D3BE79-271B-479A-9227-E40BE29914E7}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{93A7C2F5-7B67-4DFB-BCFA-B105B1C0A205}] => (Allow) H:\SteamLibrary\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{CC2F4E72-8986-4C20-9655-E2DB28E7B09E}] => (Allow) H:\SteamLibrary\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{05497467-AED9-4CCB-96D6-0182F2AD8481}] => (Allow) H:\SteamLibrary\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{7AB77678-FAFA-4599-AB43-6CFC13A1DB30}] => (Allow) H:\SteamLibrary\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{D21F9AFF-49D6-4623-8EED-B1CFA865C4CC}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{1ED8D710-8A88-4D1F-AE88-2E5C80A39ACB}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{46E9FC40-957A-424F-8F74-1F7BB90E990C}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{07EBFDBB-8C46-4B7F-82B6-EDB046558D99}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{2BFF3C34-C28F-4A1D-9B57-962686655A7E}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\runme.exe
FirewallRules: [{47548B76-80FC-4521-B300-B1A4DFD3E67A}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\runme.exe
FirewallRules: [{92EF3CF2-BF28-4E3D-964C-1550989017BA}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{643FB6C8-9DEC-4C64-9FC0-D4210088D0CD}] => (Allow) H:\SteamLibrary\SteamApps\common\Spore\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{F51D52EC-2633-408C-ADED-195356341CDE}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{8C7EE493-FEB3-47D3-811E-CBF77A5B1FCA}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9B7C3A36-602B-4DCD-9FDF-5BDFB8009FAD}] => (Allow) H:\SteamLibrary\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{02A52764-2225-439C-993A-1543E426B2AB}] => (Allow) H:\SteamLibrary\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{1C121842-5187-4907-ACA1-1D22146C6192}] => (Allow) H:\SteamLibrary\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{D10239E4-3372-4CFF-9696-A26E25F9A784}] => (Allow) H:\SteamLibrary\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{E1677769-40F5-49CC-9B87-DE47A7B11D70}] => (Allow) H:\SteamLibrary\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{6C4112D4-8AE6-48EE-8E16-6805E3228BE4}] => (Allow) H:\SteamLibrary\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{6D60FD42-8303-474B-9240-178C5CA4021A}] => (Allow) H:\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{E006A38B-A181-48CC-976A-398A6A1B3C1F}] => (Allow) H:\SteamLibrary\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{A3761274-929A-4A11-A58D-E24FCAFDF7CA}] => (Allow) H:\SteamLibrary\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{A6883F8C-7D63-4C6F-9FE6-2435B1AF0032}] => (Allow) H:\SteamLibrary\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{E3F7EB6F-55DC-4533-B16E-B9AA614A2C73}] => (Allow) H:\SteamLibrary\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{A915AE44-818F-449D-BFE2-B25F27A8C48C}] => (Allow) H:\SteamLibrary\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{588EEC00-3546-4CAF-9240-97CA6AB6B84D}] => (Allow) H:\SteamLibrary\SteamApps\common\ArcheBlade\Binaries\Win32\Archeblade.exe
FirewallRules: [{6A38E638-EA0F-48CF-BC13-0D65B10781FA}] => (Allow) H:\SteamLibrary\SteamApps\common\ArcheBlade\Binaries\Win32\Archeblade.exe
FirewallRules: [{E05FA7B5-7B1E-4F57-8DB4-C0835CADFB5B}] => (Allow) H:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E0AB6BBE-6653-4938-9E23-8A7BF7812325}] => (Allow) H:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7F61D9F4-EC24-4356-8ED8-6C8ABA3B0163}] => (Allow) H:\SteamLibrary\SteamApps\common\Tower Wars\TW.exe
FirewallRules: [{75A407B8-C735-4DA3-A983-3D23D52EB636}] => (Allow) H:\SteamLibrary\SteamApps\common\Tower Wars\TW.exe
FirewallRules: [{96CFBA27-17E2-421E-8263-BDC347341FFF}] => (Allow) H:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3F17351E-2408-4652-87FC-76358472EEC3}] => (Allow) H:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{72CB4C0F-7FBC-441C-B617-9EF9EFC6BE7F}] => (Allow) H:\SteamLibrary\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{58C45E8A-A68C-4D0F-A50F-DAE497A109A4}] => (Allow) H:\SteamLibrary\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{655FB73F-E470-41A6-B39B-AFCD5C2B65F5}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{C3259172-2D93-478C-A932-44411DB94A4B}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D545FAF7-8720-4007-82EA-3D97E072F5EA}] => (Allow) H:\SteamLibrary\SteamApps\common\Tower Wars\TW.exe
FirewallRules: [{75B2D540-C1E6-4FA9-B26F-863DEEDC7596}] => (Allow) H:\SteamLibrary\SteamApps\common\Tower Wars\TW.exe
FirewallRules: [{0DD172B5-56E0-4F06-A6A9-3CF260426905}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{A332EC22-882A-44DB-BF96-DD0BCF8444BC}] => (Allow) H:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F73D56B0-A44B-4ABB-9E2E-CBECF0D54AFA}] => (Allow) H:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{910CE520-6898-4590-8F25-892C89286E8A}] => (Allow) H:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [TCP Query User{2C95905D-7B92-4EF4-8FE8-2C534B0C09B9}C:\program files\tortoisehg\hg.exe] => (Allow) C:\program files\tortoisehg\hg.exe
FirewallRules: [UDP Query User{D2732CB9-5BD0-46F2-B1E6-9C048D656B8C}C:\program files\tortoisehg\hg.exe] => (Allow) C:\program files\tortoisehg\hg.exe
FirewallRules: [{32202CEC-40D0-4E64-8F7B-0702B10B3E53}] => (Allow) H:\SteamLibrary\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{D7BA8FB4-35CA-4642-B448-C5FB88EFF631}] => (Allow) H:\SteamLibrary\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{A4197ACA-B4B5-407B-BED9-E0396E6BC4E6}] => (Allow) H:\SteamLibrary\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{055FAC82-EDAB-4FB5-B687-14B1EB256921}] => (Allow) H:\SteamLibrary\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{A37E6478-AA8D-4DE4-A125-0A1BDFEA2A3D}] => (Allow) H:\SteamLibrary\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{E7B02AF8-EF4C-434F-B986-0731FB652A80}] => (Allow) H:\SteamLibrary\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [TCP Query User{C5110F2D-DD4D-4CC5-A4C6-48A6CEC6EBBF}H:\hearthstone\hearthstone.exe] => (Allow) H:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{71E0BD15-06D2-4070-A73D-4D731D34FC1C}H:\hearthstone\hearthstone.exe] => (Allow) H:\hearthstone\hearthstone.exe
FirewallRules: [{15EE211E-F971-44B7-AEAF-CFE4AA0C7206}] => (Allow) I:\Steam\Steam.exe
FirewallRules: [{3667A4C8-6CD6-4BCA-9015-76E6403F9357}] => (Allow) I:\Steam\Steam.exe
FirewallRules: [TCP Query User{66E26498-0F0C-461E-8536-EAD15A763F30}C:\program files\java\jdk1.7.0_25\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_25\bin\java.exe
FirewallRules: [UDP Query User{1912B5C0-309C-49D9-A6A0-CD4509537AA0}C:\program files\java\jdk1.7.0_25\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_25\bin\java.exe
FirewallRules: [{B272D6C8-A143-4390-9C34-1697CBA215CE}] => (Allow) H:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DFE2623D-23AE-42E9-B918-0E8FB890B751}] => (Allow) H:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A3BB33CF-A64B-4EA2-859D-35E05183317F}] => (Allow) H:\SteamLibrary\SteamApps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{B068A8C6-F2B0-4141-9534-1B403536C415}] => (Allow) H:\SteamLibrary\SteamApps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{5E9301F1-BF5A-4933-97D3-E2FE1A65CC01}] => (Allow) H:\SteamLibrary\SteamApps\common\Beat Hazard\BeatHazard.exe
FirewallRules: [{7D670780-9792-4DF5-9A55-6BD6B132CD06}] => (Allow) H:\SteamLibrary\SteamApps\common\Beat Hazard\BeatHazard.exe
FirewallRules: [{5D343405-8734-468E-96DD-7AEF1E38C699}] => (Allow) H:\SteamLibrary\SteamApps\common\Beat Hazard\runme.exe
FirewallRules: [{A73A41F4-A8BF-4ED9-8B5A-439D5699155C}] => (Allow) H:\SteamLibrary\SteamApps\common\Beat Hazard\runme.exe
FirewallRules: [{8F2090E3-8895-49D1-8C98-D3AB84B49536}] => (Allow) H:\SteamLibrary\SteamApps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{9D7B7407-4FA8-4145-9947-E33F718AD60E}] => (Allow) H:\SteamLibrary\SteamApps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{606D552D-20E4-415C-977A-D68A08168481}] => (Allow) H:\SteamLibrary\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{BF580E11-936D-45E4-B26B-C7F6C351055B}] => (Allow) H:\SteamLibrary\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [TCP Query User{5F1BE7B2-51E5-41E6-A305-99F62ADAE6EF}F:\spiele\hirezgames\smite\binaries\win32\smite.exe] => (Allow) F:\spiele\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{49B27CA4-0893-4E84-9E5D-5D654F6E70EF}F:\spiele\hirezgames\smite\binaries\win32\smite.exe] => (Allow) F:\spiele\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{70E174EB-43D4-421E-8886-0BAC38693EC6}] => (Allow) I:\MVS\Common7\IDE\devenv.exe
FirewallRules: [{A050CF34-23E6-4E08-85FF-89052827AC2E}] => (Allow) I:\MVS\Common7\IDE\devenv.exe
FirewallRules: [{EFDE9765-EFD5-40B3-A335-269575C1AD4F}] => (Allow) I:\MVS\Common7\IDE\devenv.exe
FirewallRules: [{4FFC40D3-D848-4FF5-AFBF-BB95EE3B3385}] => (Allow) I:\MVS\Common7\IDE\devenv.exe
FirewallRules: [{17807FDB-7E92-4F61-98E4-8EEEE187399C}] => (Allow) I:\MVS\Common7\IDE\devenv.exe
FirewallRules: [{28EF1CC0-98FA-49CF-9128-16B2E94EBD0C}] => (Allow) I:\MVS\Common7\IDE\devenv.exe
FirewallRules: [{168B29D9-286F-4AFA-A0BC-A1D2E6912D85}] => (Allow) I:\MVS\Common7\IDE\devenv.exe
FirewallRules: [{09D7E393-FE4A-4FCD-B123-17B9205768B5}] => (Allow) LPort=12292
FirewallRules: [{37016A4A-C1DA-41F6-80E6-F57429C22866}] => (Allow) LPort=41780
FirewallRules: [TCP Query User{06B18F17-BE0E-4A30-980A-AE8EFCF59795}H:\landmark\landmark64.exe] => (Allow) H:\landmark\landmark64.exe
FirewallRules: [UDP Query User{8B927B96-FDBE-4B61-BAC7-8C9258C2B4CC}H:\landmark\landmark64.exe] => (Allow) H:\landmark\landmark64.exe
FirewallRules: [{7C0CB586-0D59-4FDE-A02F-7346FDE03C86}] => (Allow) H:\SteamLibrary\SteamApps\common\Reus\Reus.exe
FirewallRules: [{38D44A27-9B12-4CFD-BC73-8FCA1A2BA5A6}] => (Allow) H:\SteamLibrary\SteamApps\common\Reus\Reus.exe
FirewallRules: [TCP Query User{B5618CE1-2D0A-4B17-B1F4-CD5A539905F1}H:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) H:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{15489B70-0F05-44EB-A56F-BF8175F6F54A}H:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) H:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{FD9255E6-E11B-4FF3-9F4B-3A23A3EFC8F0}] => (Allow) I:\Steam\bin\steamwebhelper.exe
FirewallRules: [{16ACA519-043E-4A45-8567-0A83202E528C}] => (Allow) I:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{0A4AA705-2481-48C5-8B9C-65D575C3E04C}H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\cdw\binaries\win64\cdw.exe] => (Allow) H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\cdw\binaries\win64\cdw.exe
FirewallRules: [UDP Query User{17D1D78A-5C0E-4B2E-A276-FFFE68104FF3}H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\cdw\binaries\win64\cdw.exe] => (Allow) H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\cdw\binaries\win64\cdw.exe
FirewallRules: [TCP Query User{F4B2DFF1-919B-4E28-9EED-E263C0410565}H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe
FirewallRules: [UDP Query User{78312DDC-5DA1-4C9B-B74D-92F5CE666772}H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) H:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe
FirewallRules: [{DDB962CC-D9FB-4639-989F-7E81BB3F9F58}] => (Allow) H:\SteamLibrary\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{EF79C7ED-9709-4B4E-8F77-75826D95F2E2}] => (Allow) H:\SteamLibrary\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{FD0A4114-BD8E-4081-BA50-B96A0D22C866}] => (Allow) H:\SteamLibrary\SteamApps\common\Overlord\Overlord.exe
FirewallRules: [{097E7EEF-20ED-4BEA-9452-0190C9DE87B7}] => (Allow) H:\SteamLibrary\SteamApps\common\Overlord\Overlord.exe
FirewallRules: [{922586C5-617C-45F2-8F7B-00C98E1CCA49}] => (Allow) H:\SteamLibrary\SteamApps\common\Overlord\Config.exe
FirewallRules: [{3F615E13-CD02-4443-B5FF-3299FA573BB6}] => (Allow) H:\SteamLibrary\SteamApps\common\Overlord\Config.exe
FirewallRules: [TCP Query User{96E42CD3-8584-4966-B3D8-E83859F0B07D}I:\myphoneexplorer\myphoneexplorer.exe] => (Allow) I:\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{A56363FE-3701-44AC-BCD1-C7E74F3525DF}I:\myphoneexplorer\myphoneexplorer.exe] => (Allow) I:\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{79023466-75C0-4E1F-B017-004E7F4A4AB9}] => (Allow) H:\SteamLibrary\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{DC208AB8-86FF-43EF-911C-C14848BD6284}] => (Allow) H:\SteamLibrary\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{111FED7A-AC3D-4CA6-B69B-E27301126E1B}F:\love\love\love.exe] => (Allow) F:\love\love\love.exe
FirewallRules: [UDP Query User{58FDC17E-821E-4C18-AA0F-99E9D80C6490}F:\love\love\love.exe] => (Allow) F:\love\love\love.exe
FirewallRules: [{73C3F43B-B3F7-4911-8B02-D41383EE29A1}] => (Allow) H:\SteamLibrary\SteamApps\common\Loadout Beta\Loadout.exe
FirewallRules: [{ADCCC70F-946B-4DC9-83A0-213DE972E6D6}] => (Allow) H:\SteamLibrary\SteamApps\common\Loadout Beta\Loadout.exe
FirewallRules: [TCP Query User{24700565-3F69-4BE6-BE51-30B643A84579}H:\microsoft games\age of mythology\aom.exe] => (Allow) H:\microsoft games\age of mythology\aom.exe
FirewallRules: [UDP Query User{68D8D51E-983C-480D-B733-114E1780E3F8}H:\microsoft games\age of mythology\aom.exe] => (Allow) H:\microsoft games\age of mythology\aom.exe
FirewallRules: [{670AC988-433B-4BA4-9C53-6F6FE0B815BE}] => (Allow) D:\BitTorrentSyn\BTSync.exe
FirewallRules: [{6FB2A587-B47D-4613-B023-F3652BB9DD46}] => (Allow) D:\BitTorrentSyn\BTSync.exe
FirewallRules: [TCP Query User{B00C975F-24FF-49BF-9AED-BE6189B85C5C}I:\firefoxnightly_x64\firefox.exe] => (Allow) I:\firefoxnightly_x64\firefox.exe
FirewallRules: [UDP Query User{73D95E98-4EFE-4C80-AF1E-C8C0A808258E}I:\firefoxnightly_x64\firefox.exe] => (Allow) I:\firefoxnightly_x64\firefox.exe
FirewallRules: [{3EDA1F53-84D8-47BD-8F7A-5D5A4DED4974}] => (Allow) H:\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{6E3E3BDA-252B-42C7-8A11-B8CC2D438108}] => (Allow) H:\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [TCP Query User{CF4E7738-AD2C-42F6-96D8-4271C8C0BB66}H:\lan_little\cod2\cod2mp_s.exe] => (Allow) H:\lan_little\cod2\cod2mp_s.exe
FirewallRules: [UDP Query User{4CCCD596-174F-4A96-9994-56EEFBAA2038}H:\lan_little\cod2\cod2mp_s.exe] => (Allow) H:\lan_little\cod2\cod2mp_s.exe
FirewallRules: [TCP Query User{9248D655-6931-42C6-824E-1898A1B437BF}H:\lan_little\xiii\system\xiii.exe] => (Allow) H:\lan_little\xiii\system\xiii.exe
FirewallRules: [UDP Query User{02E67D66-62AD-4C9B-A48F-D3986D6E2A6E}H:\lan_little\xiii\system\xiii.exe] => (Allow) H:\lan_little\xiii\system\xiii.exe
FirewallRules: [TCP Query User{8984AFF5-8761-40F0-8635-8BF58C17ED18}H:\lan_little\flatout2\flatout2.exe] => (Allow) H:\lan_little\flatout2\flatout2.exe
FirewallRules: [UDP Query User{CB29E724-C8D3-4B7F-9E8E-05F11B5A4BA2}H:\lan_little\flatout2\flatout2.exe] => (Allow) H:\lan_little\flatout2\flatout2.exe
FirewallRules: [{6FA94644-DDCD-4302-B770-B3BB56C2B632}] => (Block) H:\lan_little\flatout2\flatout2.exe
FirewallRules: [{E634382A-E771-4ABF-AB58-A24C02E90D15}] => (Block) H:\lan_little\flatout2\flatout2.exe
FirewallRules: [TCP Query User{155A7692-2C40-4578-82C1-153E91CED6E2}H:\lan_little\age of empires ii\age2_x1_1.0c_1920x1080.exe] => (Allow) H:\lan_little\age of empires ii\age2_x1_1.0c_1920x1080.exe
FirewallRules: [UDP Query User{6832C7EC-8402-4809-99B2-115984100335}H:\lan_little\age of empires ii\age2_x1_1.0c_1920x1080.exe] => (Allow) H:\lan_little\age of empires ii\age2_x1_1.0c_1920x1080.exe
FirewallRules: [TCP Query User{EED48ADB-2212-4515-A372-336DD5209618}H:\lan_little\age of empires ii\empires2.exe] => (Allow) H:\lan_little\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{52931EDF-D1BE-420B-908B-0A9270D15F88}H:\lan_little\age of empires ii\empires2.exe] => (Allow) H:\lan_little\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{6EFA9FE1-CD7D-44BD-AD11-8B76A22DB23B}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{DA44F60B-7F46-4D04-BA5C-9C4C9633C148}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{2E52E3C9-75D1-417B-8056-290686727BD9}\\littlemagix\spiele\split second\splitsecond.exe] => (Allow) \\littlemagix\spiele\split second\splitsecond.exe
FirewallRules: [UDP Query User{B4B885CF-F3FD-49D4-B4E1-18EB46917C77}\\littlemagix\spiele\split second\splitsecond.exe] => (Allow) \\littlemagix\spiele\split second\splitsecond.exe
FirewallRules: [TCP Query User{C1F41503-F5F1-460D-AFA3-72F1B958EF7F}\\littlemagix\spiele\far cry 2\bin\farcry2.exe] => (Allow) \\littlemagix\spiele\far cry 2\bin\farcry2.exe
FirewallRules: [UDP Query User{0622DD0D-FE93-4A27-9D1E-B57A38306FCC}\\littlemagix\spiele\far cry 2\bin\farcry2.exe] => (Allow) \\littlemagix\spiele\far cry 2\bin\farcry2.exe
FirewallRules: [TCP Query User{139CC895-C18B-41F6-94CD-A3BB67DCF0D7}C:\users\peter werner\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter werner\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C310CCB5-A297-4856-871C-611105E0F45E}C:\users\peter werner\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter werner\appdata\local\akamai\netsession_win.exe
FirewallRules: [{2F46B1D9-FA2C-4176-9096-DA1CCD67D4B8}] => (Allow) H:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{E6662558-CDB9-4162-AD57-7BEB81BE7F85}] => (Allow) H:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{A0FD2479-0930-45D6-8B3D-E32A67CEF2C3}] => (Allow) H:\SteamLibrary\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{9EF7819E-1234-40BB-B796-8C95FC3D90CC}] => (Allow) H:\SteamLibrary\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{63F76059-DCFB-45F2-AF9C-5A6D088A5AA9}] => (Allow) H:\SteamLibrary\SteamApps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{5E7AFD48-CEE0-4D4A-A226-5115EC8CEE67}] => (Allow) H:\SteamLibrary\SteamApps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{40359C35-BC0B-40EC-B3CE-9FBBC6D6082C}] => (Allow) H:\SteamLibrary\SteamApps\common\StarMade\StarMade-starter.exe
FirewallRules: [{509D94A2-5426-4618-B18B-2553029F0D6C}] => (Allow) H:\SteamLibrary\SteamApps\common\StarMade\StarMade-starter.exe
FirewallRules: [TCP Query User{55979C11-85CD-41CA-9953-CF0CCC5C55F8}I:\firefoxnightly_x64\firefox.exe] => (Allow) I:\firefoxnightly_x64\firefox.exe
FirewallRules: [UDP Query User{D1FBCCC1-23DA-4416-B605-D0C3ED8A173B}I:\firefoxnightly_x64\firefox.exe] => (Allow) I:\firefoxnightly_x64\firefox.exe
FirewallRules: [{D26AE559-8D83-461E-AED0-21242B8FC012}] => (Allow) H:\SteamLibrary\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{003729B7-F3A4-48C4-BC13-5066E8E8BB79}] => (Allow) H:\SteamLibrary\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{3D9E0946-0F17-4076-A465-02D36765A4EA}] => (Allow) H:\SteamLibrary\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{A9EE91AD-9F17-4457-B921-419FCE44E12A}] => (Allow) H:\SteamLibrary\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [TCP Query User{831C9235-5EEF-4D36-AC90-1B42BC5785BC}H:\steamlibrary\steamapps\common\happywars\happywars.exe] => (Allow) H:\steamlibrary\steamapps\common\happywars\happywars.exe
FirewallRules: [UDP Query User{51D64174-7FB1-483F-9160-CD635700BB64}H:\steamlibrary\steamapps\common\happywars\happywars.exe] => (Allow) H:\steamlibrary\steamapps\common\happywars\happywars.exe
FirewallRules: [TCP Query User{E4E6E80E-4F90-49EE-ACFA-B59513F247F1}C:\users\peter werner\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter werner\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AE8D1A15-75F7-4031-875F-50FC80CC743E}C:\users\peter werner\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter werner\appdata\local\akamai\netsession_win.exe
FirewallRules: [{9566D18D-7F57-484C-A12D-7AF845BDB7E7}] => (Allow) H:\SteamLibrary\SteamApps\common\Circuits\Circuits.exe
FirewallRules: [{6D33B274-50D4-49DC-9B0A-17314F14DF14}] => (Allow) H:\SteamLibrary\SteamApps\common\Circuits\Circuits.exe
FirewallRules: [TCP Query User{23AE92CE-6DA2-4885-AE99-3742E5274B02}H:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) H:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{9C204A1A-1555-48EA-AA5F-1AB62021C048}H:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) H:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{6514CCF9-3A73-498C-846D-3F4D6EC2C444}] => (Allow) H:\SteamLibrary\SteamApps\common\GodMode\bin\GodMode.exe
FirewallRules: [{D6B42A05-27C7-4322-99B9-6F32CC1312C1}] => (Allow) H:\SteamLibrary\SteamApps\common\GodMode\bin\GodMode.exe
FirewallRules: [{A37020C1-78E3-4AC2-9D66-9981DB26FA19}] => (Allow) I:\FirefoxNightly_x64\firefox.exe
FirewallRules: [{A2580093-6722-4054-9292-FEC21B51A471}] => (Allow) I:\FirefoxNightly_x64\firefox.exe
FirewallRules: [{D2299667-465C-461B-8D34-FE004F0FCD32}] => (Allow) H:\SteamLibrary\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanetLauncher.exe
FirewallRules: [{358DACD8-3EDD-471D-A366-4BEC9A009C0B}] => (Allow) H:\SteamLibrary\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanetLauncher.exe
FirewallRules: [{B5363397-693C-4515-B003-B188CA1B43E3}] => (Allow) H:\SteamLibrary\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{2A146DD2-A7A9-4A65-9FAF-EEB7DF84ECB5}] => (Allow) H:\SteamLibrary\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{6989C226-6196-475A-9B63-6B52C9220C21}] => (Allow) H:\SteamLibrary\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{46D8E701-9092-4AD5-AA2F-1DABF6D248ED}] => (Allow) H:\SteamLibrary\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{2AAEAF18-1F6D-486B-B2D3-3AFA96862635}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{7A5B8493-B1BE-46C1-98F7-A7AC6E7F88A9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{0F8D71EE-6501-4425-A7A4-34D001763AEB}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8BC8DB58-FD98-46E3-A5F2-30D4DACCFA2C}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A911B887-9206-4B71-BA5A-2D1485AFAC9B}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6F88E3E9-A5F6-47A1-A7D6-AC69477EBB5F}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{20072DB4-C467-41BF-83C5-20F063E617BD}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{E83B9F3D-6E5D-4CA1-9C4C-D18AB7D46A80}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{4C65DF4C-5B27-4073-9470-E26172CC175D}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D7FF3F0C-1FA7-47D6-A7D4-891A924025D6}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1715139D-3AFC-4884-84FA-8E6E0C5A27C5}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{897E2ABA-2B48-468F-9713-E44AA3FDEE70}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B15B9239-6AF3-4834-ADDA-7700BD43DCD7}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{7575B3CA-1E62-4ED0-8A7E-57F51BD05F93}] => (Allow) H:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{358320D9-3482-4822-B5B4-DB5CE8BE71D4}] => (Allow) H:\SteamLibrary\SteamApps\common\GearUp\bin\Traktor.Amalgam.App.exe
FirewallRules: [{A4DCF709-31E5-4CD2-9FFD-7D8B709608F2}] => (Allow) H:\SteamLibrary\SteamApps\common\GearUp\bin\Traktor.Amalgam.App.exe
FirewallRules: [TCP Query User{429766AD-3FCF-49ED-8E40-045D27937692}I:\firefoxnightly_x64\plugin-container.exe] => (Allow) I:\firefoxnightly_x64\plugin-container.exe
FirewallRules: [UDP Query User{71747B5D-022B-448E-82CB-1D0D178B82FC}I:\firefoxnightly_x64\plugin-container.exe] => (Allow) I:\firefoxnightly_x64\plugin-container.exe
FirewallRules: [TCP Query User{E372FF99-EC01-460D-A328-2F5968F08729}I:\firefoxnightly_x64\plugin-container.exe] => (Allow) I:\firefoxnightly_x64\plugin-container.exe
FirewallRules: [UDP Query User{0481049E-9D17-4DE3-ADD7-98D33A49CDDE}I:\firefoxnightly_x64\plugin-container.exe] => (Allow) I:\firefoxnightly_x64\plugin-container.exe
FirewallRules: [{85E6D2F1-73A5-4D15-9080-7DA2BF4A7CAD}] => (Allow) H:\SteamLibrary\SteamApps\common\Battlegrounds of Eldhelm\Eldhelm.exe
FirewallRules: [{21ABF093-47BC-4B74-93FE-62B96EF65F74}] => (Allow) H:\SteamLibrary\SteamApps\common\Battlegrounds of Eldhelm\Eldhelm.exe
FirewallRules: [{584188BB-5A8E-45E7-B4C4-0A4E096ED322}] => (Allow) H:\SteamLibrary\SteamApps\common\PrimeWorld\PWLauncher.exe
FirewallRules: [{B6A9AF60-97A7-4980-B6F7-081293DD7D6A}] => (Allow) H:\SteamLibrary\SteamApps\common\PrimeWorld\PWLauncher.exe
FirewallRules: [TCP Query User{62FE9311-4DCA-4965-A31D-6F8388F6F4FF}H:\steamlibrary\steamapps\common\primeworld\pvp\bin\pw_game.exe] => (Allow) H:\steamlibrary\steamapps\common\primeworld\pvp\bin\pw_game.exe
FirewallRules: [UDP Query User{E23F03DD-56CE-48E3-A63F-76EE6BB25EA7}H:\steamlibrary\steamapps\common\primeworld\pvp\bin\pw_game.exe] => (Allow) H:\steamlibrary\steamapps\common\primeworld\pvp\bin\pw_game.exe
FirewallRules: [TCP Query User{6219D2EF-D58F-41D3-BAB2-E0A6249396E3}H:\battelnet\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) H:\battelnet\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{81AE232D-623C-4869-A88A-D134987DA1CF}H:\battelnet\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) H:\battelnet\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5B039624-DD78-4EB6-B0E6-1DD5C0DD669A}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{345F28C0-FB88-4759-BFF1-16608E5C08BB}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{010137EB-A72B-440F-9F32-F1A8FEA6757C}H:\battelnet\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) H:\battelnet\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CB34ACAF-88EB-495B-AB9F-73D9C3D2CAC6}H:\battelnet\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) H:\battelnet\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{A2632ACE-EC62-477D-800D-6871E3BFDF3D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{1F6BFF44-45F0-405E-8F73-EAE94E2A2843}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{23C9AE52-F332-4590-890E-D1B7FD062580}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{12BC977D-159E-4674-A9AD-99DB9A561A50}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{127D17F8-B005-41DE-8E21-9931D97CA5FF}] => (Allow) H:\SkySaga\SkySagaLauncher.exe
FirewallRules: [{035FCC90-24D7-4EE4-BE03-C51909C0BE0A}] => (Allow) H:\SkySaga\Client\SkySaga.exe
FirewallRules: [{675733EE-53D9-4187-8C1C-403BCE9627CC}] => (Allow) H:\SteamLibrary\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{56791731-9158-4766-8430-7E45241FF84C}] => (Allow) H:\SteamLibrary\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [TCP Query User{FFBF0E35-3ED9-48BD-A7DE-7E6EFB21B25E}H:\battelnet\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) H:\battelnet\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F1CAD3D4-6EDE-4246-B220-304CB2301CF8}H:\battelnet\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) H:\battelnet\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{834186F0-2117-4EAB-B90C-C577599B24CB}] => (Allow) G:\Zubehör\SiSoftware Sandra Lite 2015i\WNt600x64\RpcSandraSrv.exe
FirewallRules: [TCP Query User{69B6034B-5ACD-4069-9E82-29575DB78EBC}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [UDP Query User{89D5AE5D-E411-441C-A5F8-9B80573478C7}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [{1ED830C9-C126-4EDD-A677-C6F79B299128}] => (Allow) H:\SteamLibrary\SteamApps\common\MagickaWizardWars\WizardWarsLauncher.exe
FirewallRules: [{1649989A-23F3-47BA-A533-5D0F5570ADFB}] => (Allow) H:\SteamLibrary\SteamApps\common\MagickaWizardWars\WizardWarsLauncher.exe
FirewallRules: [TCP Query User{4D43698E-20A9-40F0-9387-5C89708E3432}H:\steamlibrary\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe] => (Allow) H:\steamlibrary\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe
FirewallRules: [UDP Query User{6084C56B-7CC3-4394-9D3F-DC984C368462}H:\steamlibrary\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe] => (Allow) H:\steamlibrary\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe
FirewallRules: [{1804C4DD-EF4D-4E6E-A465-1A5DCC056DB2}] => (Allow) H:\SteamLibrary\SteamApps\common\Dawn of Fantasy\Dof.exe
FirewallRules: [{18C92434-3BFD-4A1D-BFF0-0A18789B9B06}] => (Allow) H:\SteamLibrary\SteamApps\common\Dawn of Fantasy\Dof.exe
FirewallRules: [{07030DDD-B2E6-4B00-BF38-0C1309EE412B}] => (Allow) H:\SteamLibrary\SteamApps\common\Dawn of Fantasy\dof_options.exe
FirewallRules: [{2096213D-A988-40E0-8BDC-56F0F7B101C4}] => (Allow) H:\SteamLibrary\SteamApps\common\Dawn of Fantasy\dof_options.exe
FirewallRules: [{D8F31148-0AA4-4D71-B2F4-D68DBAD23383}] => (Allow) H:\SteamLibrary\SteamApps\common\Dawn of Fantasy\Editor.exe
FirewallRules: [{D9383645-B592-4006-959A-1AF05BAC5DC7}] => (Allow) H:\SteamLibrary\SteamApps\common\Dawn of Fantasy\Editor.exe
FirewallRules: [{0E87C6D5-17F6-47A6-8EE9-2A5679AD7E7E}] => (Allow) H:\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{BFE88F6D-CF42-4B72-B497-CF5AE567D2C7}] => (Allow) H:\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{7DD255AF-15C1-48C5-BF59-F7E0BF352260}] => (Allow) H:\SteamLibrary\SteamApps\common\Victory Command\ClientLauncherRS.exe
FirewallRules: [{7BB6FABB-595A-41F0-91C2-9AB2D99920AB}] => (Allow) H:\SteamLibrary\SteamApps\common\Victory Command\ClientLauncherRS.exe
FirewallRules: [{2CD8B4AA-FD83-445A-A70B-CC59C63E528F}] => (Allow) H:\SteamLibrary\SteamApps\common\Victory Command\ClientLauncherRS.exe
FirewallRules: [{C7BEB994-EC86-40E0-AF7D-1DC9AD4D136B}] => (Allow) H:\SteamLibrary\SteamApps\common\Victory Command\ClientLauncherRS.exe
FirewallRules: [{26BD73C1-7339-42BD-96F9-577800F4A246}] => (Allow) H:\SteamLibrary\SteamApps\common\Victory Command\VictoryClientRS.exe
FirewallRules: [{16D271BB-CB0D-404E-B719-9AA0372AFA94}] => (Allow) H:\SteamLibrary\SteamApps\common\Victory Command\VictoryClientRS.exe
FirewallRules: [{92AE246B-F838-4085-BF25-A7FF07679D3D}] => (Allow) H:\SteamLibrary\SteamApps\common\Blade Symphony\berimbau.exe
FirewallRules: [{CEB5FDE5-57D7-45F5-ABE8-65AAAE6C93D3}] => (Allow) H:\SteamLibrary\SteamApps\common\Blade Symphony\berimbau.exe
FirewallRules: [{26EC3902-6453-426F-9249-4F5273D6528C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{300E1201-3477-4AAA-8162-8C5CE9C7A902}] => (Allow) H:\SteamLibrary\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{7D8E26B4-8391-4555-B60B-B3E8EBA863E1}] => (Allow) H:\SteamLibrary\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{BAA64ED3-1BE4-4862-9691-6B3761B0C883}] => (Allow) H:\SteamLibrary\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{A538A256-7008-4432-A53D-0A703B91E799}] => (Allow) H:\SteamLibrary\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{8DAE3ACB-C137-4964-BDCB-F017C1E49985}I:\udk\binaries\win32\udk.exe] => (Allow) I:\udk\binaries\win32\udk.exe
FirewallRules: [UDP Query User{96010679-A13E-4C13-B04C-68B717B6D651}I:\udk\binaries\win32\udk.exe] => (Allow) I:\udk\binaries\win32\udk.exe
FirewallRules: [{F6D09145-265E-489A-9056-1168D738DB4C}] => (Allow) I:\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BAA596CF-3E3A-41E2-93DF-29E89B725FF3}] => (Allow) I:\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{007C8948-AC68-4E96-B87A-2D77FA36DA3D}H:\battelnet\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) H:\battelnet\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{54E0E1B2-9B28-4BCF-BD3E-5884F00C3731}H:\battelnet\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) H:\battelnet\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
StandardProfile\AuthorizedApplications: [G:\Zubehör\Spybot - Search & Destroy\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [G:\Zubehör\Spybot - Search & Destroy\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [G:\Zubehör\Spybot - Search & Destroy\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [G:\Zubehör\Spybot - Search & Destroy\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2015 06:43:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/02/2015 03:59:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514, Zeitstempel: 0x4ce792c4
Name des fehlerhaften Moduls: MSI3546.tmp, Version: 0.0.0.0, Zeitstempel: 0x55269af6
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000129f6
ID des fehlerhaften Prozesses: 0x864
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3

Error: (07/02/2015 03:59:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514, Zeitstempel: 0x4ce792c4
Name des fehlerhaften Moduls: MSICB4A.tmp, Version: 0.0.0.0, Zeitstempel: 0x55269af6
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000129f6
ID des fehlerhaften Prozesses: 0x11ac
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3

Error: (07/02/2015 03:46:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1edc

Startzeit: 01d0b4cd8b837662

Endzeit: 2

Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID: ca3f3af4-20c0-11e5-b0e2-20cf3066bb42

Error: (07/02/2015 01:22:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "Boxcryptor" wurde aufgrund eines Fehlers nicht defragmentiert: Unzulässige Funktion. (0x80070001)

Error: (07/01/2015 06:45:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x8007043c).

Error: (07/01/2015 06:45:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (07/01/2015 06:45:43 PM) (Source: VSS) (EventID: 18) (User: )
Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.
Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (07/01/2015 06:43:08 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x8007043c).

Error: (07/01/2015 06:43:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.


Vorgang:
   VSS-Server wird instanziiert


System errors:
=============
Error: (07/02/2015 04:01:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (07/02/2015 04:01:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (07/02/2015 04:01:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (07/02/2015 04:01:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (07/02/2015 04:01:00 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (07/02/2015 04:01:00 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (07/02/2015 03:59:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (07/02/2015 03:59:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (07/02/2015 03:59:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (07/02/2015 03:59:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535


Microsoft Office:
=========================
Error: (07/02/2015 06:43:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestG:\Installer\esetsmartinstaller_deu.exe

Error: (07/02/2015 03:59:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsiExec.exe5.0.7601.175144ce792c4MSI3546.tmp0.0.0.055269af6c0000409000129f686401d0b4cf502f515eC:\Windows\syswow64\MsiExec.exeC:\Windows\Installer\MSI3546.tmp9290c1e7-20c2-11e5-9273-20cf3066bb42

Error: (07/02/2015 03:59:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsiExec.exe5.0.7601.175144ce792c4MSICB4A.tmp0.0.0.055269af6c0000409000129f611ac01d0b4cf449e2189C:\Windows\syswow64\MsiExec.exeC:\Windows\Installer\MSICB4A.tmp82947712-20c2-11e5-9273-20cf3066bb42

Error: (07/02/2015 03:46:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.1.7600.163851edc01d0b4cd8b8376622C:\Windows\system32\NOTEPAD.EXEca3f3af4-20c0-11e5-b0e2-20cf3066bb42

Error: (07/02/2015 01:22:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: BoxcryptorUnzulässige Funktion. (0x80070001)

Error: (07/01/2015 06:45:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (07/01/2015 06:45:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.


Vorgang:
   VSS-Server wird instanziiert

Error: (07/01/2015 06:45:43 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.


Vorgang:
   VSS-Server wird instanziiert

Error: (07/01/2015 06:43:08 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (07/01/2015 06:43:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.


Vorgang:
   VSS-Server wird instanziiert


CodeIntegrity Errors:
===================================
  Date: 2015-07-01 19:01:36.229
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-01 19:01:36.167
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-06 22:20:30.887
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\PETERW~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-06 22:20:30.837
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\PETERW~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-06 22:20:30.567
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-06 22:20:30.512
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 49%
Total physical RAM: 6135.11 MB
Available physical RAM: 3069.3 MB
Total Pagefile: 12268.43 MB
Available Pagefile: 8589.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.62 GB) (Free:5.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:200 GB) (Free:175.45 GB) NTFS
Drive e: (GRMCHPXFREO_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
Drive f: (Games(Ext)) (Fixed) (Total:402.06 GB) (Free:272.54 GB) NTFS
Drive g: (Externe Festplatte :D) (Fixed) (Total:529.45 GB) (Free:397.94 GB) NTFS
Drive h: (Games) (Fixed) (Total:1040.76 GB) (Free:599.18 GB) NTFS
Drive i: (Tools) (Fixed) (Total:156.5 GB) (Free:137.59 GB) NTFS
Drive x: (Boxcryptor) (Fixed) (Total:200 GB) (Free:175.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 0C49762E)
Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 0C497626)
Partition 1: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1197.3 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 002259C5)
Partition 1: (Not Active) - (Size=529.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=402.1 GB) - (Type=OF Extended)

==================== End of log ============================

Attached Files


Edited by SilentStorm, 02 July 2015 - 11:55 AM.


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:33 AM

Posted 02 July 2015 - 12:14 PM

Standard settings are fine.

opscans.PNG


Step 1

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


lesestoff.png

Can you please tell me which problems still persist now?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 SilentStorm

SilentStorm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 03 July 2015 - 04:07 AM

ESET Onliescanning results:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f807981bac3f9e4294c3424d4d007f95
# end=init
# utc_time=2015-07-02 05:21:09
# local_time=2015-07-02 07:21:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24611
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f807981bac3f9e4294c3424d4d007f95
# end=updated
# utc_time=2015-07-02 05:24:11
# local_time=2015-07-02 07:24:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f807981bac3f9e4294c3424d4d007f95
# engine=24611
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-03 12:03:39
# local_time=2015-07-03 02:03:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 134440 229185 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 35896 187511669 0 0
# scanned=1236154
# found=30
# cleaned=0
# scan_time=23967
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnStub.exe"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=3F7F25A0628A731849E70F5C6A37B48F3CF431D0 ft=1 fh=6ca57a02b1c441c3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIA1FE.tmp"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0"
sh=E44D062204C9698F5C95651F2E424D37A31F5B15 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=A9B44B47329DFDC56F86EDA59429593DF39B5A54 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z"
sh=37381F388BAE1EDBAC14E32FF3277F224AF74188 ft=1 fh=bc860133a238d9e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="G:\Installer\avira_free_antivirus_de.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\Installer\ccsetup411.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\Installer\ccsetup416.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\Installer\ccsetup500.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\Installer\ccsetup501.exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\Installer\ccsetup502.exe"
sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\Installer\ccsetup504.exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\Installer\ccsetup505.exe"
sh=A8FDDF429D8194BCEA35B1060745D9DD58378E63 ft=1 fh=8c4a80109432c3f1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="G:\Installer\codecs.for.windows.7.pack.v4.0.5.setup.exe"
sh=F88314DEE40CA378B52935A64185473DA3C6723A ft=1 fh=0f3647655471ace3 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="G:\Installer\FreeHideIP-3.8.5.2.Setup.exe"
sh=4CEA705682BB790C11ABEF4561B0A3A04C405172 ft=1 fh=b2e2ce7ff5f99577 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\Installer\spsetup128.exe"
sh=794C5595088EB7AA8346481E49CD7F479FCE3BFF ft=1 fh=46bfaa488727bb75 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="G:\Installer\uTorrent.exe"
sh=CB5FFEE1D4D6CAA9E3ACD994587F18E337925DB1 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="G:\MATRIXX\Backup Set 2013-03-30 000003\Backup Files 2013-03-30 000003\Backup files 1.zip"
sh=48E63B81999B3AF31048E55BB4F6818CED4E5D92 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="G:\MATRIXX\Backup Set 2013-03-30 000003\Backup Files 2013-03-30 000003\Backup files 17.zip"
sh=77BEDCBD69AB702ED954EC5B3AE9455D934DD3F7 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="G:\MATRIXX\Backup Set 2013-03-30 000003\Backup Files 2013-03-30 000003\Backup files 2.zip"
sh=A92B169D7DD2EC03C2C5A33FE4893755765ECBA6 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="G:\MATRIXX\Backup Set 2013-03-30 000003\Backup Files 2013-04-30 000003\Backup files 139.zip"
sh=FA3B3E40770B716C472A347CFB7AF52A00D6857A ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="G:\MATRIXX\Backup Set 2013-03-30 000003\Backup Files 2013-04-30 000003\Backup files 3.zip"
sh=8B750C0A2B2ACA50FFCB41BFE21ABF2D46CC7F43 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="G:\MATRIXX\Backup Set 2013-03-30 000003\Backup Files 2013-06-30 110947\Backup files 1.zip"
sh=22B8F4DE1A46711A223D67832AAE5EB4C1915CFF ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="G:\MATRIXX\Backup Set 2013-03-30 000003\Backup Files 2013-06-30 110947\Backup files 5.zip"
sh=BC06DB8E94613B7FDCCB3B5912ABDC0ED61E9CD2 ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A application" ac=I fn="G:\MATRIXX\Backup Set 2013-03-30 000003\Backup Files 2013-07-30 000003\Backup files 1.zip"
sh=E6736AA039A6E75C6D97EE74F9AE71E1DD87BF19 ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A application" ac=I fn="G:\MATRIXX\Backup Set 2013-03-30 000003\Backup Files 2013-12-31 151959\Backup files 5.zip"
sh=E37499AF9533DF7B5EDD5185D0311983EB135D28 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="G:\MATRIXX\Backup Set 2013-03-30 000003\Backup Files 2014-02-01 094247\Backup files 1.zip"
sh=E64507DB6DBBCC0C3F0D115E250C27887648EF92 ft=1 fh=7f4ebb3e07bfc27c vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="G:\Zubehör\uTorrent\uTorrent.exe"
dllhost.exe seems to restart still.
My explorer still doesn't work correctly despite I've managed to run a succesfull sfc /scannow. Sometimes the frame of a window flickers making it unable to handle my input until it stops.
Additionally sometimes a window seems to reopen itself multiple times resulting in the applications icon moving fast on my Taskbar from right to left, windows in this state are unable to handle input too.

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:33 AM

Posted 03 July 2015 - 04:11 AM

dllhost.exe seems to restart still.


What is the problem with this? dllhost.exe is a legit system file.

What about the HitmanPro-Log?

Edited by deeprybka, 03 July 2015 - 04:12 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 SilentStorm

SilentStorm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 03 July 2015 - 04:29 AM

Sry forgot to sent you the hitman scan.
[code]
HitmanPro 3.7.9.242
www.hitmanpro.com

   Computer name . . . . : PETERSPC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : PetersPC\Peter Werner
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-07-02 19:18:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 4s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 20

   Objects scanned . . . : 2.132.457
   Files scanned . . . . : 26.376
   Remnants scanned  . . : 318.508 files / 1.787.573 keys

Suspicious files ____________________________________________________________

   C:\Windows\PEV.exe
      Size . . . . . . . : 256.000 bytes
      Age  . . . . . . . : 1.0 days (2015-07-01 18:43:07)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -14.6s C:\Qoobox\Quarantine\Registry_backups\
         -14.6s C:\Qoobox\
         -14.6s C:\Qoobox\Quarantine\
         -1.0s C:\Qoobox\BackEnv\
         -1.0s C:\Qoobox\Quarantine\catchme.log
          0.0s C:\Windows\SWXCACLS.exe
          0.0s C:\Windows\SWSC.exe
          0.0s C:\Windows\sed.exe
          0.0s C:\Windows\grep.exe
          0.0s C:\Windows\zip.exe
          0.0s C:\Windows\SWREG.exe
          0.0s C:\Windows\PEV.exe
          0.0s C:\Windows\NIRCMD.exe
          0.0s C:\Windows\MBR.exe

   D:\UmleitungPeter\Desktop\FRST64.exe
      Size . . . . . . . : 2.112.512 bytes
      Age  . . . . . . . : 0.0 days (2015-07-02 18:44:13)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : D1F125C2DAFC52802CD61D2EBA48F8320796E443C87EFD4E65178B80C72AEA21
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-633585875-728268822-617772899-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\UmleitungPeter\Desktop\FRST64.exe


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)

Cookies _____________________________________________________________________

   D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Cookies:stats.computecmedia.de
   D:\UmleitungPeter\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\cookies.sqlite:ad.360yield.com
   D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\cookies.sqlite:ad.zanox.com
   D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\cookies.sqlite:adtech.de
   D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\cookies.sqlite:adtechus.com
   D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\cookies.sqlite:conrad.122.2o7.net
   D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\cookies.sqlite:de.sitestat.com
   D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\cookies.sqlite:microsoftsto.112.2o7.net
   D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\cookies.sqlite:smartadserver.com
   D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\cookies.sqlite:stats.computecmedia.de
   D:\UmleitungPeter\Roaming\Mozilla\Firefox\Profiles\v1x9nbpk.default\cookies.sqlite:xiti.com


[/code]

The problem with dllhost.exe is that it resarts itself all the time. I've got 3 dllhost processes two running all the time, but the third is constantly restarting. It restart exact every 5secs.
Is this normal?

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:33 AM

Posted 03 July 2015 - 04:30 AM

Please post a screenshot of the taskmanager.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users